Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers won't load right, blocks sites, and now a SVCHOST problem detected


  • This topic is locked This topic is locked
5 replies to this topic

#1 xfreakazoidx

xfreakazoidx

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 24 December 2017 - 08:43 PM

I use Win 7 (64). Logs and stuff further down, sorry for long post.

So I've been having a weird issue since this morning. The day before I really didn't do much that I can think of that would have gotten me infected. I turned on my PC and opened Chrome. But it showed it then it wouldn't load (like when a program freezes, but you can see it sitting there but can't do anything). I went to processes and ended each chrome process, but the one process wouldn't close. So I thought that was weird. I tried some various Chrome methods and nothing happened (reinstall, delete chrome user data..etc). So I went into Firefox and it loaded. But I couldn't access sites like yahoo, google...etc. But I could access other sites like reddit for example. I tried even on Internet Explorer (which I never use of course) and the same issue, opened some sites but not others.
So messed around for but trying system restore and things like that. Which BTW system restore had an error. I thought maybe it was Windows. Also I did of course scan my PC using MSE and Malwarebytes and nothing was found. I did try some default things like resetting my router and the IFCONFIG /FLUSH stuff in the CMD window.

Update...
So after posting this postI went to MSCONFIG and turned off all services. Well when my PC restarted everything worked fine again. Chrome even worked! I could once again access any site. So I went item by item turning it on (Restarting PC...etc) to see what was causing the issue. In the end I found it was the Killer Network Service. Which obviously is Gigabyte MOBO related. So do you think the service/driver is just glitched maybe? Or do you think its a virus? I do notice it doesn't say Gigabyte for manufacturer but "Rivet Networks". Also I do know like every week I use Driver Genius to update any drivers I have. Though I did try and roll back the install (if the network drivers were updated), but it failed.


LOGS BELOW:
Coming to this forum I ran and did the prep guide and I ran the MBAR and the results were negative:
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.24.06
  rootkit: v2017.10.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18816
Owner :: OWNER-PC [administrator]

12/24/2017 7:55:00 PM
mbar-log-2017-12-24 (19-55-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 305218
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



Here are the logs from FRST and the Addition:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by Owner (administrator) on OWNER-PC (24-12-2017 20:23:11)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Mcx1-OWNER-PC & Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer Networking Ltd.) G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Gigabyte Technology CO.) C:\Program Files\Gigabyte\Smart Backup\RPMDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd.) G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Windows\FixCamera.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Razer, Inc.) C:\Users\Owner\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\HCLOUD.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9237952 2017-11-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-10-03] (Intel Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-06-26] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-06-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\Gigabyte\Smart Backup\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\GIGABYTE\SIV\sivro.exe [12072 2015-11-16] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\etro.exe [5632 2015-09-24] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] ()
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\Run: [SpybotSD TeaTimer] => G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Microsoft Works\WkDetect.exe
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\Run: [ISM] => [X]
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\Run: [CreativeTaskScheduler] => C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\MountPoints2: {0c0d8b47-69c9-11e6-9fbc-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\MountPoints2: {25fee131-aca9-11e7-bd15-1c1b0d0804ad} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\MountPoints2: {fdcc2158-d128-11e7-a509-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-11-14]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0B8BED91-B99E-4112-81BA-D747D1313CAA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{94D4DF76-745C-4667-8060-D2DF36CAEA5D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-10] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-10] (Oracle Corporation)
BHO-x32: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> G:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-10] (Oracle Corporation)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft Corporation)
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ubbhxxlo.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ubbhxxlo.default [2017-12-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3739937356-3893775422-3469501621-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-11-19] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxp://news.google.com/","hxxp://kotaku.com/","hxxp://youtube.com/","hxxp://facebook.com/",
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-24]
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2017-12-13]
CHR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-19]
CHR Extension: (Adblock for Youtube™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-24]
CHR Extension: (WebFilter Pro - The best filtering addon!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgfoklefkbjadjcgjmnhfbdfjolojnn [2017-11-12]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-07]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-11-13]
CHR Extension: (Remove ads from Pirate Bay) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2017-05-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-20]
CHR Extension: (Summer Holidays) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfecfgangbaamlkdcebkbngncpabddea [2016-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-25]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-12-22]
CHR Extension: (Adblock for Youtube™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Parental Controls & Web Filter from MetaCert) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpfbddcgbimoafpgmbbjiliegkfcjkmn [2016-08-25]
CHR Extension: (WebFilter Pro - The best filtering addon!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejgfoklefkbjadjcgjmnhfbdfjolojnn [2017-11-13]
CHR Extension: (Jump Send) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdflpocfdeacfjmpmhkmgnhgklbpebcm [2016-12-10]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-29]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-10]
CHR Extension: (SwagButton) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-12-15]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2017-11-13]
CHR Extension: (Purple Pink) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcpccofkfobheiglbldpoojjljnllhfm [2016-08-31]
CHR Extension: (Remove ads from Pirate Bay) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2619096 2016-08-18] (Blue Coat Systems, Inc.)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-07-24] (CyberLink)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2016-09-13] (Coupons.com Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-08-25] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-08-24] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [144816 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (Microsoft)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2015-11-16] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-10-03] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R3 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1929216 2016-09-12] (Rivet Networks) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-12-05] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [123312 2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-30] (Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-05-02] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178312 2017-05-02] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
R2 SBSDWSCService; G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 GSService; "C:\Windows\SysWOW64\GSService.exe" [X]
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 ausb3hub; C:\Windows\System32\DRIVERS\ausb3hub.sys [404480 2016-08-23] (Intel Corporation)
S3 ausb3xhc; C:\Windows\System32\DRIVERS\ausb3xhc.sys [817664 2016-08-23] (Intel Corporation)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [125144 2016-08-18] (Blue Coat Systems, Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-11-16] (Bluestack System Inc. )
S3 CEDRIVER60; G:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] ()
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2016-07-25] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-12-06] ()
S3 glavcam; C:\Windows\System32\DRIVERS\glavcam.sys [3463936 2017-03-18] (Windows ® Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [41472 2017-10-03] (Intel Corporation)
S3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-11] (Qualcomm Atheros, Inc.)
S3 KillerEth; C:\Windows\System32\DRIVERS\e2xw7x64.sys [135104 2017-09-20] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-12-24] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [201296 2017-10-07] (Intel Corporation)
R3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-12-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-05] (NVIDIA Corporation)
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC)
R2 RfeCoSvc; C:\Windows\System32\DRIVERS\RfeCoW7X64.sys [77104 2016-09-12] (Rivet Networks, LLC.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [52248 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
U3 iswSvc; no ImagePath
S0 tfqljfm; System32\drivers\cmohrj.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-24 20:23 - 2017-12-24 20:23 - 000033134 _____ C:\Users\Owner\Desktop\FRST.txt
2017-12-24 20:21 - 2017-12-24 20:23 - 000000000 ____D C:\FRST
2017-12-24 20:20 - 2017-12-24 20:20 - 002392064 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2017-12-24 20:17 - 2017-12-24 20:09 - 000002144 _____ C:\Users\Owner\Desktop\mbar-log-2017-12-24 (19-55-00).txt
2017-12-24 19:54 - 2017-12-24 20:09 - 000000000 ____D C:\Users\Owner\Desktop\mbar
2017-12-24 19:54 - 2017-12-24 20:09 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-24 19:54 - 2017-12-24 19:54 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.10.3.1001.exe
2017-12-24 19:54 - 2017-12-24 19:54 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7754E2D6.sys
2017-12-24 16:44 - 2017-12-24 16:44 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-24 16:44 - 2017-12-24 16:44 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-24 16:43 - 2017-12-24 16:43 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-24 16:40 - 2017-12-24 16:40 - 000000000 ____H C:\ProgramData\cm-lock
2017-12-24 15:17 - 2017-12-24 16:05 - 000002306 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-24 13:24 - 2017-11-29 12:24 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-12-24 13:24 - 2017-11-29 12:23 - 003509160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-12-24 13:24 - 2017-11-29 12:23 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-12-24 13:24 - 2017-11-29 12:23 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-12-24 13:24 - 2017-11-29 11:56 - 006053256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-12-24 13:24 - 2017-11-29 11:56 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-12-24 13:24 - 2017-11-29 11:56 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-12-24 13:24 - 2017-11-29 11:55 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-12-24 13:23 - 2017-11-29 12:23 - 001351192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-12-24 13:23 - 2017-11-29 12:22 - 003570984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-12-24 13:23 - 2017-11-29 12:22 - 000447680 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-12-24 13:23 - 2017-11-29 12:22 - 000151752 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-12-24 13:23 - 2017-11-29 12:22 - 000134160 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-12-24 13:23 - 2017-11-29 12:22 - 000084576 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-12-24 13:23 - 2017-11-29 12:21 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 001591024 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000441232 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-12-24 13:23 - 2017-11-29 12:20 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-12-24 13:23 - 2017-11-29 12:19 - 001965768 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-12-24 13:23 - 2017-11-29 12:19 - 000327416 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-12-24 13:23 - 2017-11-29 12:19 - 000272672 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-12-24 13:23 - 2017-11-29 11:55 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-12-24 13:23 - 2017-11-29 11:55 - 007172872 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-12-24 13:23 - 2017-11-29 11:55 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-12-24 13:23 - 2017-11-29 11:54 - 007096152 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-12-24 13:23 - 2017-11-29 11:53 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-12-24 13:23 - 2017-11-29 11:53 - 000105264 _____ C:\Windows\system32\audioLibVc.dll
2017-12-24 13:23 - 2017-11-29 11:08 - 015093286 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-12-24 13:20 - 2017-12-05 14:36 - 000137200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-24 13:17 - 2017-12-05 16:17 - 040238576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 036301384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 035156368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 029345592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 023266584 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 022257256 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 019039792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 018208784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 016851768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-12-24 13:17 - 2017-12-05 16:17 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 011782096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 003808144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 003347952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 001989944 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438859.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438859.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 001099848 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 001031984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000981816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000933360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000616432 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000527288 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000505928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000446216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000171712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-12-24 13:17 - 2017-12-05 16:17 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-12-24 13:17 - 2017-12-05 16:17 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-12-24 13:11 - 2017-12-24 16:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-12-21 13:28 - 2017-12-21 13:28 - 000000000 ____D C:\Windows\System32\Tasks\Intel
2017-12-07 15:38 - 2017-12-24 16:41 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-12-07 15:31 - 2017-12-07 15:31 - 000003294 _____ C:\Windows\System32\Tasks\V-Tuner
2017-12-07 15:28 - 2017-12-07 15:28 - 000003346 _____ C:\Windows\System32\Tasks\GraphicsCardEngine
2017-12-06 05:13 - 2017-12-06 05:13 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-06 05:12 - 2017-12-24 16:43 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-05 21:31 - 2017-12-05 21:31 - 000000000 _____ C:\Users\Owner\Desktop\Flash Tuesdays, Ledgends of Tom Thursdays.txt
2017-12-05 20:23 - 2017-12-24 16:38 - 000000000 ____D C:\ProgramData\CoolingTech_PC_Camera
2017-12-05 20:17 - 2017-12-05 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GLPCCamera
2017-12-05 20:17 - 2017-12-05 20:17 - 000000000 ____D C:\Program Files (x86)\CoolingTech_PC_Camera
2017-12-05 20:17 - 2017-03-18 06:33 - 003463936 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\glavcam.sys
2017-12-05 20:17 - 2017-03-18 06:33 - 000098304 _____ C:\Windows\SysWOW64\glprop.ax
2017-12-05 20:17 - 2017-03-18 06:33 - 000020992 _____ C:\Windows\SysWOW64\uninstall.dll
2017-12-04 19:01 - 2017-12-04 19:01 - 1340227507 _____ C:\Windows\MEMORY.DMP
2017-12-04 19:01 - 2017-12-04 19:01 - 000410024 _____ C:\Windows\Minidump\120417-21933-01.dmp
2017-12-02 22:30 - 2017-12-06 05:12 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-02 22:30 - 2017-12-02 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-02 00:18 - 2017-12-02 00:18 - 000001455 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speedfan.lnk
2017-12-02 00:13 - 2017-12-02 00:12 - 000001784 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files.lnk
2017-12-01 22:12 - 2017-12-01 22:12 - 000000000 ____D C:\Users\Public\Documents\Creative
2017-11-24 10:43 - 2017-12-07 15:18 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2017-11-24 10:42 - 2016-08-24 04:10 - 000002291 ____N C:\Windows\system32\SetupBD.din
2017-11-24 10:41 - 2016-10-04 13:37 - 000426104 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-11-24 10:41 - 2016-07-25 20:55 - 000003130 _____ C:\Windows\system32\e1d62x64.din
2017-11-24 10:41 - 2016-07-25 20:37 - 000511952 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2017-11-24 10:41 - 2016-04-10 12:18 - 000080848 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2017-11-24 10:41 - 2015-06-16 12:28 - 000090608 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2017-11-24 10:41 - 2014-04-18 00:17 - 000125728 _____ (Intel Corporation) C:\Windows\system32\NicCo4.dll
2017-11-24 10:31 - 2017-12-24 16:38 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-11-24 10:31 - 2017-12-24 16:38 - 000000000 ____D C:\Windows\system32\RTCOM
2017-11-24 10:31 - 2017-11-24 10:31 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-11-24 10:31 - 2017-11-24 10:31 - 000000000 ____D C:\Windows\system32\DAX3
2017-11-24 10:31 - 2017-11-24 10:31 - 000000000 ____D C:\Windows\system32\DAX2
2017-11-24 10:31 - 2017-11-24 10:31 - 000000000 ____D C:\ProgramData\Audyssey Labs
2017-11-24 10:31 - 2017-11-24 10:31 - 000000000 ____D C:\Program Files\Realtek
2017-11-24 10:30 - 2017-02-16 04:01 - 015202032 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 002190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 000962120 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 000873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 000604800 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2017-11-24 10:30 - 2017-02-16 04:01 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000220152 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-11-24 10:30 - 2017-02-16 04:00 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-11-24 10:30 - 2017-02-16 03:59 - 003410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-11-24 10:30 - 2017-02-16 03:59 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-11-24 10:30 - 2017-02-16 03:59 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 001003512 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000965016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000866096 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000859912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000088320 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-11-24 10:30 - 2017-02-16 03:58 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-11-24 10:30 - 2017-02-16 03:55 - 000258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-11-24 10:30 - 2017-02-15 13:20 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-11-24 10:29 - 2017-02-16 03:58 - 000856296 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-11-24 10:29 - 2017-02-16 03:57 - 000726632 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-11-24 10:29 - 2017-02-16 03:57 - 000518528 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-11-24 10:29 - 2017-02-16 03:57 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-11-24 10:29 - 2017-02-16 03:57 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-11-24 10:29 - 2017-02-16 03:57 - 000110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-11-24 10:29 - 2017-02-16 03:57 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-11-24 10:29 - 2017-02-16 03:56 - 002830480 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-11-24 10:29 - 2017-02-16 03:56 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-11-24 10:29 - 2017-02-16 03:56 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-11-24 10:29 - 2017-02-16 03:55 - 000680512 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-11-24 10:29 - 2017-02-16 03:55 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-11-24 10:29 - 2017-02-16 03:54 - 000426568 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2017-11-24 10:29 - 2017-02-16 03:54 - 000366120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-11-24 10:29 - 2017-02-16 03:54 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-11-24 10:29 - 2017-02-16 03:54 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-11-24 10:29 - 2017-02-16 03:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-11-24 10:29 - 2017-02-16 03:54 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-11-24 10:29 - 2017-02-16 03:53 - 000785608 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2017-11-24 10:29 - 2017-02-16 03:53 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-11-24 10:29 - 2017-02-16 03:53 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-11-24 10:29 - 2017-02-16 03:53 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-11-24 10:28 - 2017-11-24 10:28 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-11-24 10:28 - 2017-02-16 03:53 - 006273352 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 005347000 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 002444688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 001516896 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 001363096 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 001133584 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-11-24 10:28 - 2017-02-16 03:53 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-11-24 10:28 - 2017-02-16 03:52 - 002993720 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2017-11-24 10:27 - 2017-12-24 13:25 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-11-24 10:26 - 2017-07-21 04:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-11-24 10:18 - 2017-12-24 16:38 - 000061948 _____ C:\Windows\system32\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00431102}.rfx
2017-11-24 10:18 - 2017-12-24 16:38 - 000061948 _____ C:\Windows\system32\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00431102}.rfx
2017-11-24 10:18 - 2017-12-24 16:38 - 000000820 _____ C:\Windows\system32\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00431102}.rfx
2017-11-24 10:16 - 2017-12-07 15:18 - 000003646 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-11-24 10:15 - 2017-11-24 10:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\SplitmediaLabs
2017-11-24 10:15 - 2017-11-24 10:15 - 000000000 ____D C:\ProgramData\SplitMediaLabs
2017-11-24 10:15 - 2017-11-24 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2017-11-24 10:15 - 2017-11-24 10:15 - 000000000 ____D C:\Program Files (x86)\SplitmediaLabs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-24 20:22 - 2017-03-21 21:41 - 000000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-12-24 19:55 - 2017-03-02 12:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-24 18:48 - 2016-11-22 17:06 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-12-24 17:07 - 2009-07-13 23:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-24 17:07 - 2009-07-13 23:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-24 16:43 - 2016-08-30 15:28 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-12-24 16:40 - 2017-11-10 19:40 - 000203570 _____ C:\Windows\SysWOW64\bios.ini
2017-12-24 16:40 - 2016-08-23 23:59 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-24 16:39 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-24 16:38 - 2017-11-11 23:16 - 000000000 ____D C:\Users\Test Account
2017-12-24 16:38 - 2017-05-11 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-24 16:38 - 2016-09-15 04:43 - 000000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2017-12-24 16:38 - 2016-08-28 15:47 - 000000000 ____D C:\ProgramData\Licenses
2017-12-24 16:38 - 2016-08-24 23:34 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-12-24 16:38 - 2016-08-24 22:21 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-24 16:38 - 2016-08-23 23:58 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-24 16:38 - 2016-08-23 23:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-24 16:38 - 2016-08-23 23:31 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-24 16:38 - 2009-07-14 02:44 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-12-24 16:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-24 16:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\security
2017-12-24 16:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-12-24 16:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-24 16:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
2017-12-24 15:43 - 2016-08-24 22:53 - 000000000 ____D C:\Program Files\Blue Coat K9 Web Protection
2017-12-24 13:24 - 2009-07-14 00:13 - 000787714 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-24 13:21 - 2017-10-08 23:26 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:26 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:26 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:09 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:09 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:09 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:09 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2017-10-08 23:09 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-24 13:21 - 2016-08-23 23:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-24 13:19 - 2016-08-24 01:26 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-24 13:19 - 2016-08-24 00:12 - 000000000 ____D C:\Users\Owner\AppData\Local\NVIDIA
2017-12-24 13:11 - 2016-08-23 23:32 - 000000000 ____D C:\Program Files (x86)\Intel
2017-12-24 13:11 - 2016-08-23 23:31 - 000000000 ____D C:\Program Files\Intel
2017-12-21 18:14 - 2016-08-28 15:47 - 000000000 ____D C:\ProgramData\TEMP
2017-12-21 09:54 - 2017-02-28 00:45 - 000000000 ____D C:\Users\Public\Documents\Cyberlink
2017-12-15 14:26 - 2016-08-24 00:13 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-12-14 06:38 - 2016-11-22 00:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-14 06:38 - 2016-08-24 22:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 08:56 - 2017-03-10 18:12 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 08:56 - 2016-09-12 13:01 - 000004450 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-12 08:56 - 2016-08-24 01:17 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 08:56 - 2016-08-24 01:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 08:56 - 2016-08-24 01:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-12 08:56 - 2016-08-24 01:17 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-07 15:41 - 2016-08-24 00:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-12-07 15:34 - 2016-08-23 23:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-07 15:33 - 2016-08-24 00:17 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2017-12-07 15:31 - 2016-08-24 00:22 - 010047488 _____ () C:\Windows\system32\BT_Socket.dll
2017-12-07 15:31 - 2016-08-24 00:22 - 000389632 _____ C:\Windows\system32\AutoGreenCP.dll
2017-12-07 15:28 - 2016-08-24 00:19 - 000000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installations
2017-12-07 15:26 - 2016-08-23 23:27 - 000000010 _____ C:\Windows\GSetup.ini
2017-12-07 15:17 - 2016-08-23 23:32 - 000000000 ____D C:\ProgramData\Intel
2017-12-05 16:17 - 2017-11-08 16:44 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-05 16:17 - 2017-11-08 16:33 - 019526696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-12-05 16:17 - 2017-11-08 16:33 - 015027984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-12-05 16:17 - 2017-11-08 16:33 - 004285704 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-12-05 16:17 - 2017-11-08 16:33 - 003799032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-05 16:17 - 2017-11-08 16:33 - 000492232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-12-05 16:17 - 2017-11-08 16:33 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-12-05 16:17 - 2017-10-08 23:26 - 002404800 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-12-05 16:17 - 2017-10-08 23:26 - 002070976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-12-05 16:17 - 2017-10-08 23:26 - 001309120 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-12-05 16:17 - 2017-10-08 23:09 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-12-05 16:17 - 2016-08-30 11:52 - 000152512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-12-05 16:17 - 2016-08-23 23:58 - 000186304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 005966696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 000607304 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-05 14:32 - 2017-11-08 16:44 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-04 19:01 - 2017-03-09 05:14 - 000000000 ____D C:\Windows\Minidump
2017-12-03 20:44 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-12-02 09:05 - 2017-11-13 19:58 - 000003256 _____ C:\Windows\System32\Tasks\GIGABYTE OC GURU
2017-12-02 09:04 - 2017-10-31 02:54 - 000000000 ____D C:\Users\Owner\Documents\temp
2017-12-02 01:18 - 2017-10-31 02:53 - 000003322 _____ C:\Windows\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE
2017-12-02 00:17 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-02 00:15 - 2017-09-17 17:17 - 000000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Tools
2017-12-01 21:08 - 2017-11-16 10:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-25 07:40 - 2017-11-08 16:44 - 007874971 _____ C:\Windows\system32\nvcoproc.bin
2017-11-24 10:29 - 2017-11-14 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-11-24 10:29 - 2016-08-24 03:31 - 000000000 ___HD C:\Program Files (x86)\Creative Installation Information
2017-11-24 10:29 - 2016-08-24 03:31 - 000000000 ____D C:\Program Files\Creative
2017-11-24 10:27 - 2016-08-24 03:31 - 000000000 ____D C:\Program Files (x86)\Creative
2017-11-24 10:11 - 2016-08-24 03:30 - 000466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-11-24 10:11 - 2016-08-24 03:30 - 000445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-11-24 10:11 - 2016-08-24 03:30 - 000123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-11-24 10:11 - 2016-08-24 03:30 - 000109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-11-24 10:11 - 2016-08-24 03:30 - 000000159 ___RH C:\Windows\ctfile.rfc

==================== Files in the root of some directories =======

2016-10-24 12:51 - 2016-10-24 12:51 - 026689458 _____ (videowinsoft.com                                            ) C:\Users\Owner\windows-movie-maker-2016.exe
2017-11-11 01:20 - 2017-11-11 01:20 - 000000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-27 06:10 - 2017-02-23 02:55 - 000013824 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-10 19:53 - 2017-11-10 19:53 - 000000000 _____ () C:\Users\Owner\AppData\Local\Driver_LOM_8161Present.flag
2016-08-24 01:54 - 2016-08-30 12:15 - 001065984 _____ () C:\Users\Owner\AppData\Local\file__0.localstorage
2017-11-13 19:52 - 2017-11-13 19:52 - 000000291 _____ () C:\Users\Owner\AppData\Local\ledConfiguration.config
2017-11-07 23:08 - 2017-11-07 23:08 - 000000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2016-10-08 06:46 - 2016-10-08 06:46 - 000000028 _____ () C:\Users\Owner\AppData\Local\settings.ini
2016-12-20 01:10 - 2016-11-23 08:37 - 000000570 _____ () C:\Users\Owner\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-24 18:04

==================== End of FRST.txt ============================


Heres the Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Owner (24-12-2017 20:23:34)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-08-24 04:23:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3739937356-3893775422-3469501621-500 - Administrator - Disabled)
Guest (S-1-5-21-3739937356-3893775422-3469501621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3739937356-3893775422-3469501621-1004 - Limited - Enabled)
Mcx1-OWNER-PC (S-1-5-21-3739937356-3893775422-3469501621-1003 - Limited - Enabled) => C:\Users\Mcx1-OWNER-PC
Owner (S-1-5-21-3739937356-3893775422-3469501621-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B15.0713.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B15.0713.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.2 - )
µTorrent (HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
3DOSD (HKLM-x32\...\{F0D1FAA5-F9F8-4524-9B65-A5BFDDD5A29B}) (Version: 1.00.0018 - GIGABYTE) Hidden
3DOSD (HKLM-x32\...\InstallShield_{F0D1FAA5-F9F8-4524-9B65-A5BFDDD5A29B}) (Version: 1.00.0018 - GIGABYTE)
3TB+Unlock B12.1102.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Ambient LED (HKLM-x32\...\{BEF97B38-D1B8-45B4-A60A-AF5C1556CC72}) (Version: 1.00.1510.2601 - GIGABYTE) Hidden
Ambient LED (HKLM-x32\...\InstallShield_{BEF97B38-D1B8-45B4-A60A-AF5C1556CC72}) (Version: 1.00.1510.2601 - GIGABYTE)
Ancient Weapon Sounds (HKLM-x32\...\{E00A5837-482C-4DCE-B4CC-D16B343374E1}) (Version: 2.1.1 - Screaming Bee)
ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
APP Center (HKLM-x32\...\{B164E11B-19B5-432F-ABFA-2D50746C9E50}) (Version: 1.00.1605.0301 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.17.0913.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{B164E11B-19B5-432F-ABFA-2D50746C9E50}) (Version: 1.00.1605.0301 - GIGABYTE)
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.17.0913.1 - GIGABYTE)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
AutoGreen (HKLM-x32\...\{CFB76B97-0C1C-4E1A-999A-DE62FA5FEB9A}) (Version: 1.0 - GIGABYTE) Hidden
AutoGreen (HKLM-x32\...\InstallShield_{CFB76B97-0C1C-4E1A-999A-DE62FA5FEB9A}) (Version: 1.0 - GIGABYTE)
Batch Converter Plug-In (HKLM-x32\...\{11BEA44C-BCFE-405E-9C76-33EF407A4354}) (Version: 4.0.4 - Screaming Bee)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version:  - PopCap Games)
Bejeweled Deluxe 1.87 (HKLM-x32\...\Bejeweled Deluxe 1.87) (Version: 1.87 - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
BIOS Setup (HKLM-x32\...\{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.00.0000 - GIGABYTE) Hidden
BIOS Setup (HKLM-x32\...\InstallShield_{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.00.0000 - GIGABYTE)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.5.1001 - Blue Coat Systems, Inc.)
Blue Satin Skin (HKLM-x32\...\{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.66.2547 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.16.1020.1 - GIGABYTE)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Chunky (HKLM\...\Chunky) (Version:  - )
Chunky (HKLM-x32\...\Chunky) (Version:  - )
Classic Menu for Office 2007 v7.50 (HKLM-x32\...\{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1) (Version: 7.50 - Addintools)
Cloud Station (Server) (HKLM-x32\...\{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 1.00.1703.0301 - GIGABYTE) Hidden
Cloud Station (Server) (HKLM-x32\...\InstallShield_{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 1.00.1703.0301 - GIGABYTE)
CloudStation (HKLM-x32\...\{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0021 - GIGABYTE) Hidden
CloudStation (HKLM-x32\...\InstallShield_{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0021 - GIGABYTE)
Color Temperature (HKLM-x32\...\{68BFE28B-3F55-4E00-90A4-5179B91A3BD0}) (Version: 16.05.0601 - GIGABYTE) Hidden
Color Temperature (HKLM-x32\...\InstallShield_{68BFE28B-3F55-4E00-90A4-5179B91A3BD0}) (Version: 16.05.0601 - GIGABYTE)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Comic Sound Pack (HKLM-x32\...\{91C78DA1-800F-4ACE-B6F6-206F7617D69E}) (Version: 2.1.1 - Screaming Bee)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Deep Space Voices (HKLM-x32\...\{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
Digital microscope (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19104.101 - Sonix)
DJ Streaming Plug-In (HKLM-x32\...\{956F54F5-0AA4-441D-8933-7B45F4F56F74}) (Version: 4.3.0 - Screaming Bee)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version:  - Creative Technology Limited)
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 17.0 - Driver-Soft Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version:  - )
DXBX 0.5 Release (HKLM-x32\...\DXBX_is1) (Version:  - Shadow_tj, Patrick)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.1022 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.1022 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0327 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0327 - GIGABYTE)
Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
EZRAID  (HKLM-x32\...\{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.00.0000 - GIGABYTE) Hidden
EZRAID  (HKLM-x32\...\InstallShield_{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.00.0000 - GIGABYTE)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Fantasy Sound Pack (HKLM-x32\...\{B53415F5-4060-48DA-ABB8-00F768158F47}) (Version: 1.1.1 - Screaming Bee)
Fantasy Voice Pack (HKLM-x32\...\{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
Farm Animal Sounds (HKLM-x32\...\{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}) (Version: 1.1.1 - Screaming Bee)
Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.15.0626 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.15.0626 - GIGABYTE)
Female Voice Pack (HKLM-x32\...\{D947A225-8C23-4E52-866E-CF3967476BFC}) (Version: 3.3.2 - Screaming Bee)
Galactic Voices (HKLM-x32\...\{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0002 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0002 - Gigabyte)
Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32\...\{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.00.0000 - GIGABYTE) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32\...\InstallShield_{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.00.0000 - GIGABYTE)
GL USB2.0 UVC Camera Device (HKLM-x32\...\{9897BBD8-013A-49F3-928E-866A59B6E00C}) (Version: 17.3.20.0 - GenesysLogic)
GoldWave v6.23 (HKLM\...\GoldWave v6.23) (Version: 6.23 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Heavy Weapon Deluxe (HKLM-x32\...\Heavy Weapon Deluxe) (Version:  - PopCap Games)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{FD93EB2A-3768-4B16-BDDF-3E2F5667A0A0}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.8.47.1 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{2b7f1071-8d43-479e-bfac-83af4e9c6863}) (Version: 10.1.17464.8052 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Network Connections 21.1.29.0 (HKLM\...\PROSetDX) (Version: 21.1.29.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.6.1027 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Killer Performance Suite (HKLM\...\{B8DCA433-B62F-4A95-9E3A-DC01EF6FBBC9}) (Version: 1.0.727 - Rivet Networks)
LightScribe System Software (HKLM-x32\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
Male Voice Pack (HKLM-x32\...\{2CC32E0E-9A10-4BCC-94F0-614F85375F59}) (Version: 1.3.1 - Screaming Bee)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MicroCapture 2.0 (HKLM-x32\...\MicroCapture) (Version: 2.0 - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{64867E7B-D4D7-422E-883D-55C4BEB0E326}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Money 2002 (HKLM-x32\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft)
Microsoft Money 2002 System Pack (HKLM-x32\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Photo Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0706 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft Works 2002 Setup Launcher (HKLM-x32\...\Works2002Setup) (Version:  - )
Microsoft Works 6.0 (HKLM-x32\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{C3A439E4-7303-491F-A678-CEA36A87D517}) (Version: 2.0.0.0000 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Modern War Sounds (HKLM-x32\...\{A514E94F-C436-44C3-A1E9-1F58CD352669}) (Version: 1.0.1 - Screaming Bee)
MorphVOX Effects Rack (HKLM-x32\...\{4439ED25-D9ED-4E78-A41E-6C6C5DCEDE62}) (Version: 4.3.0 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{4bfc0d50-0417-46a0-ab1e-475fb1a90916}) (Version: 4.4.17.22603 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{5F075DA5-407B-4F4D-BF2A-922CCA85706A}) (Version: 4.4.17.22603 - Screaming Bee) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mp3tag v2.81 (HKLM-x32\...\Mp3tag) (Version: 2.81 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{B3E6F9B5-35CC-4010-8EDA-55ACCF468A82}) (Version: 12.5.02100 - Nero AG)
Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenCL™ runtime for Intel® Core™ and Xeon® Processors (HKLM\...\{1F6CF248-9A18-4740-BD09-281DBC8A2051}) (Version: 6.4.0.25 - Intel Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Personality Voices (HKLM-x32\...\{4B886E97-AF5B-46F0-9F48-6BE03149D972}) (Version: 1.0.1 - Screaming Bee)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PlatformPowerManagement (HKLM-x32\...\{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.15.0707 - GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32\...\InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.15.0707 - GIGABYTE)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
PrintMaster 12 (HKLM-x32\...\{2A304FDE-F4E3-446D-AA0D-31425C897B71}) (Version:  - Broderbund LLC)
Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{61812F25-2589-498B-AED9-40CBC641247E}) (Version: 38.1.1881.57490 - HP Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.1.5 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8311 - Realtek Semiconductor Corp.)
Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.1.0.1824 - GetData Pty Ltd)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 2.17.1024.1 - GIGABYTE)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sci-Fi 2 Sound Pack (HKLM-x32\...\{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}) (Version: 1.3.1 - Screaming Bee)
Sci-Fi Sound Pack (HKLM-x32\...\{D16C611D-CA6F-402B-9EDA-9862CF4A701B}) (Version: 1.1.1 - Screaming Bee)
Sci-Fi Voice Pack (HKLM-x32\...\{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.1116 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.1116 - GIGABYTE)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smart Backup B16.0428.1  (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0003 - GIGABYTE)
Smart TimeLock B16.0519.1 (HKLM-x32\...\{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE) Hidden
Smart TimeLock B16.0519.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
SmartKeyboard (HKLM-x32\...\{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.00.0000 - GIGABYTE) Hidden
SmartKeyboard (HKLM-x32\...\InstallShield_{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.00.0000 - GIGABYTE)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Special Effects Voices (HKLM-x32\...\{913C4C4F-9E3E-41A6-A614-1BDC1352A225}) (Version: 1.0.2 - Screaming Bee)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spooky Sounds (HKLM-x32\...\{F71EBF86-9A73-44C0-A674-55FA3E4A8428}) (Version: 2.1.1 - Screaming Bee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stella 4.7.2 (HKLM\...\Stella_is1) (Version:  - The Stella Team)
Text-To-VoIP Plug-in (HKLM-x32\...\{C1A6E1A4-B337-41B5-B580-30EB1FF76D56}) (Version: 4.0.0 - Screaming Bee)
TibEd 2 (HKLM-x32\...\TibEd2) (Version: 2.1b  - Van de Sande Productions)
Translator Fun Voice Pack (HKLM-x32\...\{C39768C1-82E7-4466-8526-2D8AC44B768F}) (Version: 1.5.1 - Screaming Bee)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
USB DAC-UP2 (HKLM-x32\...\{3F99EB82-D129-4B27-9ECF-B5F549FCC53B}) (Version: 1.16.1013 - GIGABYTE) Hidden
USB DAC-UP2 (HKLM-x32\...\InstallShield_{3F99EB82-D129-4B27-9ECF-B5F549FCC53B}) (Version: 1.16.1013 - GIGABYTE)
USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.30 - Prolific Technology Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Viscera Cleanup Detail: alpha v0.25
 (HKLM\...\UDK-faa0eb3d-e7ed-46bb-9111-a24933c8db7b) (Version:  - RuneStorm
)
Viscera Cleanup Detail: Santas Rampage
 (HKLM\...\UDK-f57ce807-5034-4c67-b0ff-6ca946b32a9f) (Version:  - RuneStorm
)
Viscera Cleanup Detail: Shadow Warrior
 (HKLM\...\UDK-3ccd32c9-89b5-4cc6-9f51-f7b936100008) (Version:  - RuneStorm
)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Voice Splicer Plug-In (HKLM-x32\...\{5A53F620-6A7A-4362-94AD-12D9FCB856E1}) (Version: 4.2.11 - Screaming Bee)
VSDC Free Video Editor version 5.5.0.601 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.5.0.601 - Flash-Integro LLC)
VTuner (HKLM-x32\...\{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.17.0302 - GIGABYTE) Hidden
VTuner (HKLM-x32\...\InstallShield_{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.17.0302 - GIGABYTE)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebM Project Directshow Filters (HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.15000 - Nero AG) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/06/2008 1.0.0.0) (HKLM\...\3BAB28DCB147AECC0E058666DF1B98388950B510) (Version: 11/06/2008 1.0.0.0 - SteelSeries)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Workplace Backgrounds (HKLM-x32\...\{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)
Works Suite OS Pack (HKLM-x32\...\{DC19E750-988B-4005-A355-85EF66055EFE}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (HKLM-x32\...\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}) (Version: 1.0.0.0000 - Your Company Name) Hidden
World of Warcraft MMO Gaming Mouse (HKLM-x32\...\{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}) (Version: 1.14.0000 - SteelSeries)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{306BF455-B199-433A-9217-7E80CE1B7683}) (Version: 2.8.1607.1944 - SplitmediaLabs)
XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.0.5.3 - GIGABYTE Technology Co.,Inc.)
ZD Soft Screen Recorder (HKLM-x32\...\{222E5722-7D79-4CEA-9C37-44D03F762863}) (Version: 10.1.1 - ZD Soft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-06-26] (Cyberlink)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-19] (Nitro PDF)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => G:\Program Files (x86)\WinZip\wzshls64.dll [2008-04-03] (WinZip Computing, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-06-26] (Cyberlink)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => G:\Program Files (x86)\WinZip\wzshls64.dll [2008-04-03] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => G:\Program Files (x86)\WinZip\wzshls64.dll [2008-04-03] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023BEB00-0A9F-4E8D-BF2A-6FA151CCCE89} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [2016-07-11] (GIGABYTE Technology Co.,Ltd.)
Task: {0437D649-B0D4-4FB8-A8AF-6AD81444E602} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-05] (NVIDIA Corporation)
Task: {05008840-F079-4D42-AF84-1504CEF28B7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {079E0CC1-1556-459F-9F1B-44FBA504C82B} - System32\Tasks\Driver Genius Skip UAC => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2017-07-23] (Driver-Soft Inc.)
Task: {13177B14-4A44-4076-AEE6-5FBA975A2394} - System32\Tasks\HPCustPartic.exe_{42034917-EAFE-4E1A-B66B-11BA2A44BB60} => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe
Task: {15D8FB76-759A-44F0-BE15-056514B447AB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()
Task: {1915EF27-AF39-4040-88B3-663E7558064B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
Task: {2BEB1FC7-C3D6-4942-ABF1-47D29A4AAF82} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe [2017-03-27] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {305BD239-BF47-4B9A-B010-8893B6C9263A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-05] (NVIDIA Corporation)
Task: {35015B97-1890-4707-A3FB-777FCD7871D3} - System32\Tasks\HPCustPartic.exe_{EFC69D66-F3A4-4C45-AA54-CDCD910923EE} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2015-08-31] (HP Inc.)
Task: {3C8DB3D8-04DC-41CA-846B-B3BBFDDBE4C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4F2A64BE-4F63-4E5D-8A7A-A76DFD948F36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {615684CD-2F6E-42B9-8B4A-BD8CCD82A3E9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
Task: {63188F9D-4B93-4219-9C98-288450D2E2DB} - System32\Tasks\V-Tuner => C:\Program Files (x86)\GIGABYTE\VTuner\VTuner.exe [2017-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {6D6D9C36-9A21-4D7F-A93C-D602997C6B88} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {6FBA5EE2-07DD-4FB2-87F3-8F43BF723F93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {75889B00-0484-457E-96FD-9F8F66BB89C9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
Task: {7677BD16-1913-4BBC-BA6B-742FC6F11493} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2015-08-31] (HP Inc.)
Task: {8A6BB910-7A7C-47AF-921C-521EA578F79A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {8C2A0C85-904E-492D-ADDD-DA6F882D9494} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {919E4D29-EE77-4F18-B7F8-3DA69F72F189} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {99F52A80-E4DD-4F6B-9124-2868AEF0214B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-05] (NVIDIA Corporation)
Task: {ADE1A408-B1D8-4461-8233-57A0A6362DB9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-05] (NVIDIA Corporation)
Task: {C69436C9-F155-44C8-B5A9-158021272618} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-07-22] (CyberLink Corp.)
Task: {C936FD1D-6982-474C-8E8E-48558DA796E8} - System32\Tasks\GIGABYTE OC GURU => C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
Task: {F6338C7C-35F3-4400-8EDD-FAC48FF0329D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
Task: {FDBCCFEE-2CFF-4EB4-A1BC-61C73A3EA829} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-OWNER-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl

==================== Loaded Modules (Whitelisted) ==============

2016-07-05 14:23 - 2016-07-05 14:23 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 08:45 - 2015-06-25 08:45 - 000017920 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
2014-05-19 12:27 - 2014-05-19 12:27 - 000417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2017-10-08 23:26 - 2017-12-05 16:17 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 17:20 - 2016-09-24 17:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-02-05 16:37 - 2016-02-05 16:37 - 000849704 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2016-10-08 06:49 - 2007-07-11 15:09 - 000020480 _____ () C:\Windows\FixCamera.exe
2017-01-18 22:22 - 2017-01-18 22:22 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-09-12 16:09 - 2016-09-12 16:09 - 000560128 _____ () C:\Program Files\Killer Networking\Killer Control Center\SpeedTestDLL.dll
2017-12-02 22:30 - 2017-12-06 05:12 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-02 22:30 - 2017-12-06 05:12 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-08 23:09 - 2017-12-05 16:17 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-08 23:26 - 2017-12-05 16:17 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-02-17 01:47 - 2015-02-17 01:47 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\ycc.dll
2014-01-22 12:53 - 2014-01-22 12:53 - 001607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2017-04-14 14:39 - 2017-04-14 14:39 - 000133632 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2016-08-24 03:30 - 2009-02-06 18:52 - 000073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-08-24 03:30 - 2009-06-29 10:54 - 000164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2017-02-20 03:10 - 2017-02-20 03:10 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-02-28 00:11 - 2014-12-08 02:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-11-14 03:06 - 2010-08-11 14:18 - 000010752 _____ () C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\VDHIDWDM.DLL
2014-02-28 19:14 - 2014-02-28 19:14 - 000002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2017-03-21 21:42 - 2016-10-08 02:13 - 050656768 _____ () C:\Users\Owner\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-03-21 21:42 - 2016-10-08 02:13 - 001874944 _____ () C:\Users\Owner\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2017-03-21 21:42 - 2016-10-08 02:13 - 000075264 _____ () C:\Users\Owner\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2017-11-09 00:44 - 2017-11-09 00:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:15D5AA51 [184]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-08-28 16:36 - 000454307 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15560 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3739937356-3893775422-3469501621-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: CreativeTaskScheduler => "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
MSCONFIG\startupreg: DSATray => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GLSystray => C:\Program Files (x86)\CoolingTech_PC_Camera\monitorpad.exe
MSCONFIG\startupreg: iTunesHelper => "G:\Program Files (x86)\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Microsoft Works Portfolio => C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSCONFIG\startupreg: MoneyStartUp10.0 => "C:\Program Files (x86)\Microsoft Money\System\Activation.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: WinPatrol => G:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
MSCONFIG\startupreg: WorksFUD => C:\Program Files (x86)\Microsoft Works\wkfud.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{44A05455-B1EB-446A-BCD2-7CA8293BAD5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F6604122-35F5-49CF-A127-E6080B783083}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E582F4F7-D9B0-4EE3-AD30-86CE45402B2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CA2BB8D5-A2C2-45CC-BBB0-BF79C8EEBA40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0731DC10-BD8B-4FD4-8C77-A5FE3318F6C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DAF7F79C-3358-4DF9-A895-D3761841DEFF}] => (Allow) LPort=5357
FirewallRules: [{90306BA1-B338-4CB0-B1F7-FF348E702815}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1D706E9-88AD-4ADB-87BD-5A01F780A1D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CE3616F-53E0-4B83-AA80-A7A5FC6B5B2A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7206869F-0EC1-4B03-8CBA-C3FFAE68DC4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3024868E-2B02-45EA-AD84-DB651E85373B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B49E8EFD-D729-428F-9AB3-D86F76174732}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6C4F794A-54C6-4E12-AC69-A1E37CB6B992}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A84F0509-28F9-4975-B26B-83E42774F286}] => (Allow) G:\Program Files (x86)\iTunes.exe
FirewallRules: [{52F87584-0882-44DF-A0BB-CB3A0B32BF96}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{2BE5B818-6FF7-476D-AB82-A596832E007B}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{519C6D42-82A3-4DEB-B0AF-A4F58BA3B81D}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{5A30C5B5-5DFB-4D58-BCF6-F0B236538910}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8BAB4AEE-CB41-4851-A109-148F10AE21EC}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{A2D0BADD-3C4F-4715-8F8C-18B7994601D5}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{F1E1FD71-694A-4F7E-8145-710144CCFD49}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{792CFF29-C273-42CC-BD53-174E37121823}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F161CC52-02A0-4FED-A375-A65510E99BF9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{34441D75-E182-42DC-A1C9-007CF0334FCD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{A1526123-28B9-4DE4-94F2-47943CA2C4EE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{DA4970BE-BCED-4531-AF81-5CF77A5F17AB}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{D4F2BBD8-C3C7-4C88-B953-AD4D008C0BCA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{943A06EC-D96F-4DDB-B7A1-AF936E4131E7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{4819B7EE-47D7-4DD0-BF0C-C9DCC268055B}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{168C041A-3E4F-4033-8CB7-FD76E4B6A7E8}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A6D5FF0-ECBF-4BA9-A2EC-3557ACB76282}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{01F3EF5C-6765-41BB-8D43-9E730D9BFB97}] => (Allow) G:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B30017A8-0F1C-4189-848C-DF1419803A0D}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0548BD76-7AF2-4882-9D6F-5BEA272147E4}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{70E0C13F-CB3A-4861-97B4-C498E14036BB}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{464AFBA4-30E8-4F66-B576-170E53037AEC}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{A27E06A6-6E24-46C1-8DA8-58A09F1D700A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{C20A4DAB-3483-4315-AD5A-1082B4C25499}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{1CB4EFAC-03C4-4A47-8F36-2982DCEFC5E0}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Golf With Friends\Golf With Your Friends.exe
FirewallRules: [{78EDF624-87B8-46F1-843F-21AF9A518034}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Golf With Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{33458211-61FA-4660-8AA6-92B6AAE84EC6}G:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) G:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [UDP Query User{052CA7C9-892F-421B-88A7-15514C11568E}G:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) G:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [TCP Query User{FFB9D060-1D68-4A54-BC91-725FE6C2B87B}G:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) G:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [UDP Query User{16693F31-6C54-4D4D-B162-CA8B699E02EA}G:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) G:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [{DA9F1838-54E7-4BFB-B3B1-6865A8435EF1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{738EC086-4CB9-440C-9CB7-6AD00AFA583C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{4AC49239-CF7D-49E7-A7C3-420F08FAB22F}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1391\HPDiagnosticCoreUI.exe
FirewallRules: [{87A48A4C-4FF4-4E86-B897-CC2C03D83DA8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1391\HPDiagnosticCoreUI.exe
FirewallRules: [{E9E3E58F-4B6D-4439-970E-CF987659F460}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{631FB339-E76C-486E-9587-1C7711460A09}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{8FD82F98-4957-4DE4-ABBD-B91808E085F4}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{90F2B6DF-D3BA-4C9A-BB9E-EE3EC804DF53}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{087BB6B2-CE97-4BD1-9D39-9550727EF436}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{6E68BB2E-CE6A-4573-9F1C-0B17DDFA0684}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{0ECF10F4-3189-41A2-A1E7-3047CA7A6EEC}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{DCDED5AF-BBB8-4E07-8F29-920E0C0DB2DD}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [TCP Query User{06936480-4842-4CEA-A7C2-D4B582361EAE}F:\star wars unreal\me_level\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) F:\star wars unreal\me_level\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{90A74A9C-A870-42AE-AD09-D3F87E52C706}F:\star wars unreal\me_level\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) F:\star wars unreal\me_level\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{574010DC-6002-4653-A9AA-DB6A98940CFF}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{3EC82DD6-2035-4613-9F0F-8525919DAF95}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D11EFA05-D736-41BB-A29A-5E742F4299C1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\TABS_ALPHA\TotallyAccurateBattleSimulator.exe
FirewallRules: [{D369C3E3-4E34-4F12-8949-BA6E4A21F4F3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\TABS_ALPHA\TotallyAccurateBattleSimulator.exe
FirewallRules: [{F0AEDF8B-F38E-45D1-822D-17C157A8981F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8DED9031-878E-484A-86CE-9518A7642BC8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{B639E173-FDE2-4190-AF41-EBBADB7AEF8F}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2BF9E5B7-4534-4125-8E28-F339DED94A25}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C028F2E1-418B-4489-BC1A-F5EADE52FCF6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5B5003BC-EAC7-4796-BD12-9CFC4FBB01A9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{952E68A3-F4E0-4ACC-ADC6-2AFBC0EFCFF7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4321BDE1-E2F2-4202-A072-846E08E34EBC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A833A1D9-5DC2-408E-8C60-1A4DAED2532B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{52B566F8-8EA6-4373-8E5C-B2AC7D2C2F49}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A431ECDB-8C91-4A3E-BB5B-19DD047B1813}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Crimsonland\Crimsonland.exe
FirewallRules: [{6D2B38C1-79EC-403F-AC65-33293432F6D3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Crimsonland\Crimsonland.exe
FirewallRules: [{6470097B-736F-4128-B577-432426B6B76B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Crimsonland\crimsonland-2003-classic\old-crimsonland.exe
FirewallRules: [{3BA182C3-B9BC-43E7-A543-A69C0929F169}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Crimsonland\crimsonland-2003-classic\old-crimsonland.exe
FirewallRules: [{EBBD447A-FB10-416F-B62D-8EBA5DCEA0CD}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS74CE\HP.EasyStart.exe
FirewallRules: [{A7A950DB-06C3-4595-B68D-0360D6732D43}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe
FirewallRules: [{6F74790C-41ED-424E-999B-85B5EB968C78}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe
FirewallRules: [{A7C36B63-459D-4AC5-82BD-7C6BB336D9F6}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe
FirewallRules: [{EEFBA527-F4E8-4B95-9F37-E9AAFB23CDB6}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe
FirewallRules: [{1895C77F-A958-46D2-B5E0-DD556C1340D4}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe
FirewallRules: [{71FA82C5-5D0E-4E7A-83D1-31345AA3F3A9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{799C75B1-404E-46AC-BEC5-519A20549586}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{500A33EC-EA51-40D4-BE74-390076C06360}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{9FF37529-F4A9-4510-8B11-0EDFEFEFB16D}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A463D782-A8C4-41C2-85F2-E3447E0C0E46}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{8164F1FE-707B-439C-9BFC-114C8C671A1A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9FDFFBE4-E954-4C91-9D29-A649D6829B7F}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{955F7A35-E472-454A-A7C4-14F19D1F7C3E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{7C2B3497-2DBB-4FD5-9E50-DF59C1546607}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{026484C1-8B17-43FC-8DB5-718037F935FC}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{9385E84E-1CA9-40B5-8944-7B92436064ED}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{E5F3DA2C-43A3-4687-B0E2-C5C6E74D9992}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8003896D-4E8E-4E66-8236-5EBF7EC36570}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A40BA34F-87D1-49CB-BB19-F4C4A413A460}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Classic\bin\build.exe
FirewallRules: [{A728095A-215B-4C0B-8EAC-01FA4E0F4309}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Classic\bin\build.exe
FirewallRules: [{3C7EDBDE-C5E4-4957-943E-23D0B627C741}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{31541C6E-DCE5-4DC3-A968-5716FDE2CE74}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BD3D511B-F0C0-47E8-AD74-A4A40E1D2A23}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{233AB152-1DFF-49B1-9E79-16E757D28768}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{BB844A87-F77C-4240-AEE9-6134DD2C4132}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7E63\HPDiagnosticCoreUI.exe
FirewallRules: [{E84AD513-DB8A-414B-9841-B8AC473EDFCC}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7E63\HPDiagnosticCoreUI.exe
FirewallRules: [{ABE4B13F-714E-4AF1-B217-49379A8FB193}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Zombie Estate 2\Zombie Estate 2.exe
FirewallRules: [{E0F514F2-54C9-4410-B499-B1DD464C9D33}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Zombie Estate 2\Zombie Estate 2.exe
FirewallRules: [{B08D869A-846E-4C2C-B951-318B7D352E73}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2B30\HPDiagnosticCoreUI.exe
FirewallRules: [{015AFF02-F9D1-4FDE-831D-01D414C93CB9}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2B30\HPDiagnosticCoreUI.exe
FirewallRules: [{E0F37975-D284-4E02-9ACF-7B2D1BF49346}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [{5E994F1F-B77C-4AE2-B9BD-2C17F9276C3D}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [TCP Query User{7C52DAF9-7E48-4292-9A7B-3ADB2A4B6A49}G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_4\binaries\win64\swordwithsauce1_4-win64-shipping.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_4\binaries\win64\swordwithsauce1_4-win64-shipping.exe
FirewallRules: [UDP Query User{FEF7E951-3E32-4D66-A3C5-EEF181562380}G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_4\binaries\win64\swordwithsauce1_4-win64-shipping.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_4\binaries\win64\swordwithsauce1_4-win64-shipping.exe
FirewallRules: [{3C1B9FBD-9063-4906-878C-8FE71AFEA0A2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\HiddenFolks\Hidden Folks.exe
FirewallRules: [{600A347F-8539-45EA-A4D8-59596802E58F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\HiddenFolks\Hidden Folks.exe
FirewallRules: [{74FFB5FE-397E-4160-BFD6-AD32E85878A7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{F166B624-BA6D-4869-96E7-4450954DCA55}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2C62\HPDiagnosticCoreUI.exe
FirewallRules: [{72FF3ED3-597C-4619-B62C-85DE7809DA96}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2C62\HPDiagnosticCoreUI.exe
FirewallRules: [{52EB1B4B-795D-4917-9716-B205C19F52F6}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\RoadRedemption\RoadRedemptionEarlyAccess.exe
FirewallRules: [{11315807-07F7-468D-B022-A2721E0CFF24}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\RoadRedemption\RoadRedemptionEarlyAccess.exe
FirewallRules: [TCP Query User{F3FACD01-4C85-4DEC-B624-AC25014D1601}G:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{A26359DA-BE2E-4FBB-AC85-CB6CF859FCB5}G:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{FD258DC1-0FC7-4AB1-A782-136CDC465E94}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Totally Accurate Battle Zombielator\TABZ.exe
FirewallRules: [{A69DB53A-7D31-484F-B1C4-4F7CDB61BE8D}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Totally Accurate Battle Zombielator\TABZ.exe
FirewallRules: [{32ABB927-D6AA-4E3C-A8AE-B54455CBFAC4}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{60AD667F-BFBB-4832-976E-5EA1F36FA6AC}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{FBC34F25-4445-470F-A5D8-EE90D94E33AC}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{D746A5BB-4052-47C8-8E59-C2DD0E725BA1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{4401193F-9F74-43EA-895F-B7EC2DE95C66}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{6BC04F0E-F7D5-421C-B10A-C46216F3A20D}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{2C05A044-A413-4077-9292-A61A1C9B9442}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{7020DB48-81B1-4087-88E9-1D46B8E4CBB7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{02DC2081-B863-498A-8DFF-EA3DAAF5A9A6}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{5D0566EA-5DA8-4598-A45D-8476EDEDAF14}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{148911AE-F5E5-4754-8C65-8FE4969780F6}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{632103C7-A831-468B-9960-824FCE807904}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{FA82FF01-E666-405A-9F7A-8BC250857DBB}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{90DA52F6-1D21-44E3-965B-36E42B8A9416}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{61D89514-C3E7-41B0-91BA-73D63FCBFFDF}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{05EE792D-0DE6-4911-B484-594BBC01EA99}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{3A13F411-C688-4B35-A55A-10C22BCF8D5A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{399549CA-AC61-4976-AE53-BCBB4F1CFDB6}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{4E0685A9-7230-4C82-B279-85940F5D1A00}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{F026546D-31B0-4F42-9D05-99D7A0F27D36}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{00C1E5CB-1896-4919-9863-6B3D19D80ADA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{D03E9D40-79B0-4B63-A07B-ADD26BA03388}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{C09898EC-39B2-4D55-A12D-B63A56ED5058}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{5548F976-D21C-456C-A966-413EF8537E8B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{FBE9F818-7CB9-4FA4-B569-8C26E5A2B735}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{75E63D27-74B2-4A39-B550-EBB308F8C127}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{11054355-52D9-4CF9-88DF-B77312B3FA81}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{8E76CC85-703D-4371-B953-C34D6F813CF8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7E07DC47-6DA5-4C4C-89F3-D27F5B7399F3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{F8688BDD-53FC-46B3-9DD0-35AAF734C231}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{037508D3-FD79-4F2E-B099-DEC04A43142E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{40000B15-1308-48E1-8CF4-4E040F5DD4B3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [TCP Query User{18B737BC-F427-4F75-B4B2-5E2E2934C307}G:\program files (x86)\steam\steamapps\common\source sdk base 2007\hl2.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\source sdk base 2007\hl2.exe
FirewallRules: [UDP Query User{C28F5CFD-50F3-4389-B086-D08A56C6DF5E}G:\program files (x86)\steam\steamapps\common\source sdk base 2007\hl2.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\source sdk base 2007\hl2.exe
FirewallRules: [{F2BE4088-ACA4-42A2-961D-E7F8D59F63FB}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{1A1203E7-262F-4D04-B9BA-A6041667E9E3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [TCP Query User{D3E99123-004A-4A23-9399-6C4979FE2EA4}C:\users\owner\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [UDP Query User{8CFB23CD-5379-4A33-9A3A-41784C518D2C}C:\users\owner\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [{3BE7EA0A-4BFB-40C4-8059-C453F7D0A2FE}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7379\HPDiagnosticCoreUI.exe
FirewallRules: [{EA7D32CC-C123-4359-B104-6F0C94506815}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7379\HPDiagnosticCoreUI.exe
FirewallRules: [{B476FA82-95A9-4498-9174-F05794404CC8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS73B4\HPDiagnosticCoreUI.exe
FirewallRules: [{65F7B0EA-8984-45A6-BCBC-758161BFE479}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS73B4\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{C8C1B630-6310-479D-9EE7-125E522A8533}C:\users\owner\appdata\local\temp\7zs5ba2\enterprisedu.exe] => (Allow) C:\users\owner\appdata\local\temp\7zs5ba2\enterprisedu.exe
FirewallRules: [UDP Query User{0D31BC52-614E-4282-95D1-DE3632A24EFC}C:\users\owner\appdata\local\temp\7zs5ba2\enterprisedu.exe] => (Allow) C:\users\owner\appdata\local\temp\7zs5ba2\enterprisedu.exe
FirewallRules: [{FDE0CFAA-08FD-4F96-AE2D-640BF665D365}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS341C\HPDiagnosticCoreUI.exe
FirewallRules: [{CBAE1236-5061-42C8-B6BF-513DD072BC61}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS341C\HPDiagnosticCoreUI.exe
FirewallRules: [{8EDEA914-FB21-4D00-96B9-5B8C6E46C3E4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS37D2\HPDiagnosticCoreUI.exe
FirewallRules: [{D65E26F9-F110-413F-84A9-71CE58EFBF64}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS37D2\HPDiagnosticCoreUI.exe
FirewallRules: [{A1D9DE54-EBF6-4B71-B707-B8AF66A9DD68}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\RoadRedemption\RoadRedemption.exe
FirewallRules: [{FA6B2A4C-8F25-4D44-A81E-D119885149BE}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\RoadRedemption\RoadRedemption.exe
FirewallRules: [{BE39F77F-FE3B-4990-B0D6-288E9B71E88A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS22B0\HPDiagnosticCoreUI.exe
FirewallRules: [{F9F93A7C-23F3-4BEB-9AB9-4A598FC3B58F}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS22B0\HPDiagnosticCoreUI.exe
FirewallRules: [{04C1051B-36EA-4E1F-9778-436240EBE4F1}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS230F\HPDiagnosticCoreUI.exe
FirewallRules: [{C8EB6AD5-E649-4A25-9B75-4B6F26A6B790}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS230F\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{F538721F-3079-42C6-9AC9-2AE20333E730}G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe
FirewallRules: [UDP Query User{B9F33CC7-7978-4FF1-B578-B9211E5F5687}G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe
FirewallRules: [TCP Query User{191BF9F3-6475-4B39-8EA3-9D3C36FF0710}G:\program files (x86)\steam\steamapps\common\next car game sneak peek 2.0\pukkifinal.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\next car game sneak peek 2.0\pukkifinal.exe
FirewallRules: [UDP Query User{534A35A1-A762-4F41-BA42-C260F41BABEE}G:\program files (x86)\steam\steamapps\common\next car game sneak peek 2.0\pukkifinal.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\next car game sneak peek 2.0\pukkifinal.exe
FirewallRules: [{5571129D-D888-4404-B7C6-28F3B4D1BEB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EB73C7EE-BBF1-4120-ADED-FA967419F65E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5A074FA6-CFCD-4375-862F-516035EB159E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{407ADCFD-CBE0-46E6-8A24-43FAB5D68E2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C19904F-DFEB-4C52-B36C-8D3A9DD70C01}G:\program files (x86)\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe
FirewallRules: [UDP Query User{ABBE664B-0F03-43CE-9031-75A843FC3C3B}G:\program files (x86)\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe
FirewallRules: [{ACCB41D8-CAAA-48A7-806D-AC297EDA83A8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS79EF\HPDiagnosticCoreUI.exe
FirewallRules: [{BCA81D1E-5657-4943-8DFA-96B23301158B}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS79EF\HPDiagnosticCoreUI.exe
FirewallRules: [{0CE75ABA-4EE2-4CC8-8358-F7579B76789E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{D70BB05C-86D5-4CE7-BCD7-1E5F328DED3E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{2DABAD95-19D0-4544-ABE0-FF3BDFC88661}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{4275A71C-A358-406F-A84E-F600653714E8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{6C1E8DE7-955D-44E1-BC1E-BB5F65E3F982}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{834285FD-FFB8-4BE0-88A4-F9E1DBEF3AAC}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{82D503BB-ED91-4195-80CC-17FFD1713285}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{7157190D-F770-4C00-AD0E-1BE2261C0AC7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [TCP Query User{D8E71C0E-B2CB-415A-BF38-566D53E94930}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [UDP Query User{2E852B58-9213-4EF6-AF25-0539CDEB50C3}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [TCP Query User{C11CB841-568A-4BBE-8BBB-55EF436A804B}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{2EFE0DC7-57B4-4367-8376-630E29F2369C}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{E4FBCFC2-E49B-4D54-846D-AB37452D4C46}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe
FirewallRules: [{EE94D362-ADE1-4117-8740-151B3B679D68}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe
FirewallRules: [{4C2F9580-5D65-4398-BE12-9707096B895C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe
FirewallRules: [{EA7C3A17-EB03-44CD-9FF9-9652199A4471}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe
FirewallRules: [{5E3127DC-6AD9-4BFE-86A1-2FB5E8912F94}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{FEE79B66-0D31-4E6C-8356-552F96506765}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{C14991B8-54F5-4B71-A7A9-3A240A0EE8F3}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{722548AE-AE29-495D-96A1-5C084697E587}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{2995DB2A-033A-4B17-BF2F-F2220780BF95}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{1508C2AE-2242-4A64-8E88-1610AB889B14}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{66D30610-EE19-436E-8EA1-500A734733D0}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{715D6C1D-773F-46C8-922D-03C16DCA9E3F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{D0F9B00C-D9BF-48FF-AD2A-2CDB6192A347}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{1E5FA6A9-1E4A-49B2-8296-A65083B545DF}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{B4191F45-9350-4DAF-BE66-72271131E52E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{C2CAF09B-A1D2-4BFC-8E71-6ABF6B290F11}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{588B56C2-72B4-4F16-A016-71FF9F5A9307}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{657A65A2-5D22-48D2-94BF-3D6F02BBA9E1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{A7844231-54BB-443F-9BEE-EF3B0ADC57E6}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{660A37C9-876A-4945-88B8-FEC3B0E8A70B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{FEE0C0DB-4191-4D9A-A1AA-16C6D724153A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{6471888E-72A3-4B92-96A9-5921F3CA7001}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{D97F75B4-294F-495F-9833-C5BBF79A2940}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{7C8F53C7-779E-43C5-AC62-3F32300BFDEB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{1AE5D1BB-4BF9-43FB-9D70-CCEAC45EE924}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{9B075AEA-1C68-4449-986D-F7FFD002C0EC}] => (Allow) LPort=9009
FirewallRules: [{CE4852F6-6DEF-4BCA-8A79-F227FBD08993}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{CC82D89C-7B29-441A-AF79-E425C8B300D7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{D8D2208E-C84C-4BB0-82F6-C6F9DCFEE509}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{3EE8A699-F2A0-4823-A6DE-8EF822C056BD}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{73446D9D-4F5C-4C82-B7A9-806A7E376FCE}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Classic\bin\sw.exe
FirewallRules: [{B63D7D80-8190-4139-B76D-5FACF0BE5CF0}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Classic\bin\sw.exe
FirewallRules: [{72B6B44D-D1A1-4E6D-AF90-CE953BE44226}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
FirewallRules: [{717AF532-B2A5-4D4A-9D0B-E0FCA7A7AFC3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
FirewallRules: [{0FBEC325-1DB3-4D72-ACF6-625ED1457129}] => (Allow) LPort=9009
FirewallRules: [{CA3BBC88-630D-43FE-A88A-04EE884BE216}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E639E5E5-5BAA-4B60-8813-C917917D47AE}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{CBE1EAD3-D381-4F90-9CE1-DCBD27647FAA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{2ABA5ACE-FA3D-4D58-80BB-6B30FB65C13C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{7EA464B3-320E-41EA-BE76-C78EFD8D2DDB}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{B45F9A82-8979-46CF-B5FB-2BA8FFE65A87}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{BA6E436B-5ABB-45B2-81F9-5523FC0CF95C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{859EDF70-D178-4714-A372-F3AB74E82D99}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{01A4082C-1F43-4D11-B441-D97AE265B1CE}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E6A057F1-8F83-4C30-94CD-26465A0F97BA}] => (Allow) C:\Users\Owner\Desktop\Windows_Password_Recovery_Tool_Ult_Trial.exe
FirewallRules: [{368D03C8-0738-4CC1-B654-9AE000E4C883}] => (Allow) C:\Users\Owner\Desktop\Windows_Password_Recovery_Tool_Ult_Trial.exe
FirewallRules: [{4DA181E7-56F7-4F87-8AE2-AD9A76DBE3DE}] => (Allow) LPort=9009
FirewallRules: [{5079483A-8D91-410A-A3C7-007A6B9D8EAB}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{381D7635-F8E4-40BE-B591-209C088C0C2F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{1F8ABE87-3A74-4993-98D3-C563C9D17FEF}] => (Allow) LPort=9009
FirewallRules: [{2ACE98A0-AC5D-436C-A577-58F0BCA9FE04}] => (Allow) LPort=9009
FirewallRules: [{0FD73751-D40C-4BA1-9065-B9C3FE19A26D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DA13E483-D51F-4402-8CA4-CE9D02FB4BED}] => (Allow) LPort=9009
FirewallRules: [{FF7A60C0-D045-4229-9C4D-70C7B691041D}] => (Allow) LPort=9009
FirewallRules: [{EC26BA03-EF7C-47B9-920D-E85E71E914B0}] => (Allow) LPort=9009
FirewallRules: [{9C3D78DB-28F4-4DF5-95D3-7F8ED762A87E}] => (Allow) LPort=9009
FirewallRules: [{F202DF9D-64EB-4569-B863-A1C199D3E019}] => (Allow) LPort=9009
FirewallRules: [{BB6D458E-8FBB-48A6-8B05-121766B3208C}] => (Allow) LPort=9009
FirewallRules: [{E139623F-46D6-4F11-9842-CF696604A0B0}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\HomeCloud\HCLOUD.exe
FirewallRules: [{17E102DC-F5D0-499E-9983-9BCE1CFF3BFB}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe
FirewallRules: [{4575962C-BCB6-482D-8BD9-144D98707F74}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteControl\grckm.exe
FirewallRules: [{502FF9D7-C64E-49F4-B9E8-915D3CD38BAB}] => (Allow) LPort=1980
FirewallRules: [{54F38E26-7C68-45BF-ACA7-810C8BBE57D3}] => (Allow) LPort=1900
FirewallRules: [{767BC7F3-1F06-412E-A64C-9BB6F20CC4DF}] => (Allow) LPort=1900
FirewallRules: [{C2FB2ADA-BC9E-4D4E-B244-61738493F160}] => (Allow) LPort=8262

==================== Restore Points =========================

21-12-2017 06:49:07 Windows Update
21-12-2017 13:27:22 IIF_MSI
24-12-2017 13:07:18 Before installing new drivers - 12/24/2017 1:07:17 PM
24-12-2017 13:10:33 IIF_MSI
24-12-2017 13:22:35 Installed Realtek High Definition Audio Driver
24-12-2017 16:08:44 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2017 04:43:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x1aa8
Faulting application start time: 0x01d37d0036f3b693
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 7ceb1e93-e8f3-11e7-8478-e0d55e285c5b

Error: (12/24/2017 04:43:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x1d44
Faulting application start time: 0x01d37d0038a202d3
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 77cb0423-e8f3-11e7-8478-e0d55e285c5b

Error: (12/24/2017 04:40:38 PM) (Source: thermald) (EventID: 0) (User: )
Description: System.InvalidOperationException: Operation is not valid due to the current state of the object.
   at thermald.MainWindow.RetrieveSmartFanConfigs(List`1& pSmartFanConfigs)
   at thermald.MainWindow.InitHardwareMonitorObjects()
   at thermald.MainWindow.InitEngineObjects()

Error: (12/24/2017 04:40:35 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (12/24/2017 04:39:40 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/24/2017 04:30:50 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Before installing new drivers - 12/24/2017 1:07:17 PM). Additional information: 0x80070005.

Error: (12/24/2017 04:30:46 PM) (Source: thermald) (EventID: 0) (User: )
Description: System.InvalidOperationException: Operation is not valid due to the current state of the object.
   at thermald.MainWindow.RetrieveSmartFanConfigs(List`1& pSmartFanConfigs)
   at thermald.MainWindow.InitHardwareMonitorObjects()
   at thermald.MainWindow.InitEngineObjects()

Error: (12/24/2017 04:29:50 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/24/2017 04:18:55 PM) (Source: thermald) (EventID: 0) (User: )
Description: System.InvalidOperationException: Operation is not valid due to the current state of the object.
   at thermald.MainWindow.RetrieveSmartFanConfigs(List`1& pSmartFanConfigs)
   at thermald.MainWindow.InitHardwareMonitorObjects()
   at thermald.MainWindow.InitEngineObjects()

Error: (12/24/2017 04:18:42 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Before installing new drivers - 12/24/2017 1:07:17 PM). Additional information: 0x80070005.


System errors:
=============
Error: (12/24/2017 05:04:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x80072ee2

    Error description: The operation timed out

Error: (12/24/2017 05:04:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.259.707.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14405.2&avdelta=1.259.707.0&asdelta=1.259.707.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.14405.2

    Error code: 0x80072ee2

    Error description: The operation timed out

Error: (12/24/2017 05:04:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.259.707.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14405.2&avdelta=1.259.707.0&asdelta=1.259.707.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.14405.2

    Error code: 0x80072ee2

    Error description: The operation timed out

Error: (12/24/2017 05:03:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.259.707.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.14405.2

    Error code: 0x80072ee2

    Error description: The operation timed out

Error: (12/24/2017 04:43:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/24/2017 04:40:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
tfqljfm
UsbCharger

Error: (12/24/2017 04:30:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
tfqljfm
UsbCharger

Error: (12/24/2017 04:18:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
tfqljfm
UsbCharger

Error: (12/24/2017 03:41:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 118.2.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.14202.0&sig=118.2.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 2.1.14202.0

    Error code: 0x80072ee2

    Error description: The operation timed out

Error: (12/24/2017 03:41:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.259.707.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14405.2&avdelta=1.259.707.0&asdelta=1.259.707.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.14405.2

    Error code: 0x80072ee2

    Error description: The operation timed out


CodeIntegrity:
===================================
  Date: 2017-10-04 05:23:42.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23418_none_c0542ca41641d65c\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:42.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23418_none_c0542ca41641d65c\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:42.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23418_none_c0542ca41641d65c\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:42.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23418_none_c0542ca41641d65c\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:41.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23349_none_c034bb441659465f\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:41.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23349_none_c034bb441659465f\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:41.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23349_none_c034bb441659465f\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:41.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23349_none_c034bb441659465f\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:41.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23334_none_c03a89be1655abbb\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-04 05:23:41.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23334_none_c03a89be1655abbb\appidapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 30%
Total physical RAM: 16338.33 MB
Available physical RAM: 11302.24 MB
Total Virtual: 32674.85 MB
Available Virtual: 26834.89 MB

==================== Drives ================================

Drive c: (Windows Plus Misc) (Fixed) (Total:931.41 GB) (Free:791.99 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data) (Fixed) (Total:931.51 GB) (Free:740.38 GB) NTFS
Drive g: (Programs) (Fixed) (Total:931.41 GB) (Free:339.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EFAF7803)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A64110C2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7212CC8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


Edited by xfreakazoidx, 25 December 2017 - 08:03 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 26 December 2017 - 03:15 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

On a clean computer follow these steps:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for it to complete
  • A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 26 December 2017 - 11:33 PM

I found out that the Killer Network Service was part of my Z160 motherboard. Where as my new one I bought last month is a Z270 and doesn't use that driver/service anymore. Maybe thats why things were not working right, it was interfering with it. With it uninstalled things are normal again. However I still did what you asked just to be safe. Log below. Also thank you for your time, you guys have always worked hard when I have has issues in years past. :)

Heres the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by SYSTEM on MININT-6IGBPTN (26-12-2017 23:21:21)
Running from G:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2794496 2013-05-07] (Alcatel-Lucent)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2013-12-12] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Insignia\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-21] (Oracle Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd)
HKLM-x32\...\RunOnce: [EasyTuneEngineService] => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EngineRunOnce.exe [14632 2016-05-03] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] ()
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Mcx1-OWNER-PC\...\Run: [AdobeBridge] => [X]
HKU\Mcx1-OWNER-PC\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Microsoft Works\WkDetect.exe
HKU\Mcx1-OWNER-PC\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
HKU\Mcx1-OWNER-PC\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Mcx1-OWNER-PC\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Mcx1-OWNER-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx1-OWNER-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoDFSTab] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoLogoff] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Mcx1-OWNER-PC\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\Mcx1-OWNER-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Run: [AdobeBridge] => [X]
HKU\Owner\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Microsoft Works\WkDetect.exe
HKU\Owner\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
HKU\Owner\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Owner\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Owner\...\Policies\system: [LogonHoursAction] 2
HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Owner\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Owner\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Owner\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Owner\...\Policies\Explorer: [NoDFSTab] 0
HKU\Owner\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Owner\...\Policies\Explorer: [NoLogoff] 0
HKU\Owner\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Owner\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Owner\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Owner\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Owner\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: schannel.dll
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 7640 series.lnk [2016-08-22]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 7640 series.lnk -> C:\Program Files\HP\HP ENVY 7640 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
GroupPolicyUsers\S-1-5-21-1429066226-164066939-2473231099-1006\User: Restriction <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-17] ()
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [142632 2016-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] ()
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [127272 2016-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-11] (Electronic Arts)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-08-26] (Alcatel-Lucent)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-03] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1830088 2016-01-18] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
S3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [32024 2014-03-15] ()
S1 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [9728 2003-11-28] (Elaborate Bytes AG)
S3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [3968 2004-02-12] (Elaborate Bytes AG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-22] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [394240 2012-12-03] (QUALCOMM Incorporated)
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [103936 2012-05-10] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [40104 2015-03-09] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S2 SADP_NPF; C:\Windows\SysWOW64\drivers\sadp_npf64.sys [35344 2012-07-02] (CACE Technologies, Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11968 2000-06-09] ()
S0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-19] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-03-19] (Acronis)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-01-30] (Windows ® Win 7 DDK provider)
S0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-19] (Acronis International GmbH)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S0 ogrmxyg; System32\drivers\dibc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-26 23:21 - 2017-12-26 23:21 - 000000000 ____D E:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-25 23:36 - 2012-02-24 00:33 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-17 13:27 - 2009-09-15 15:51 - 000000000 ____D C:\Users\Owner\Documents\Owners Documents
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16338.33 MB
Available physical RAM: 15108.43 MB
Total Virtual: 16336.48 MB
Available Virtual: 15114.68 MB
 
==================== Drives ================================
 
Drive c: (Programs) (Fixed) (Total:931.41 GB) (Free:343.12 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Windows Plus Misc) (Fixed) (Total:931.41 GB) (Free:792.46 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Data) (Fixed) (Total:931.51 GB) (Free:747.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A64110C2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7212CC8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EFAF7803)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
LastRegBack: 2016-07-26 21:54
 
==================== End of FRST.txt ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 27 December 2017 - 01:20 PM

I am glad things worked out for you. The report just show some orphan entries, nothing to worry about.

Always keep your antivirus active and updated all the time.

Best regards. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 27 December 2017 - 01:41 PM

Thanks! 



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:19 AM

Posted 27 December 2017 - 07:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users