Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VMXClient.exe, client.exe, unremovable appdata folders with 7 random characters


  • This topic is locked This topic is locked
17 replies to this topic

#1 marko_empire

marko_empire

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 31 December 2017 - 05:50 PM

Hello,

 

I made an account here because I have failed to find a fix elsewhere online and I need one on one advice in order to fix my computer. The virus started on one computer but then transferred over to another computer by usb. If someone could give me info on how to fix the issue, I would greatly appreciate it.

 

Thanks,

Marko



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 31 December 2017 - 06:57 PM

Welcome. :)

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 marko_empire

marko_empire
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 31 December 2017 - 07:11 PM

Thanks for replying!

 

Here is frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2017
Ran by Marko (administrator) on MARKO-PC (31-12-2017 19:02:57)
Running from C:\Users\Marko\Downloads
Loaded Profiles: Marko (Available Profiles: Marko & Mcx1-MARKO-PC)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\wmoinbdsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(f.lux Software LLC) C:\Users\Marko\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe
(Spotify Ltd) C:\Users\Marko\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Escargot\MSN Switcher\msn-switcher-exe.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Users\Marko\AppData\Local\cshvgxo\cshvgxo.exe
() C:\Users\Marko\AppData\Local\igfxmtc\igfxmtc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
() C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe
() C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
() C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe
() C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-07] (Power Software Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [f.lux] => C:\Users\Marko\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [5724184 2017-12-12] (Microsoft Corporation)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-04] (PeerBlock, LLC)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [eblueMouseRun] => C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe [3637248 2013-11-15] ()
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Run: [Spotify Web Helper] => C:\Users\Marko\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-11] (Spotify Ltd)
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\MountPoints2: {3f92ac28-1046-11e5-9afd-a4a270022bbd} - G:\menu.exe
HKU\S-1-5-18\...\Run: [MSMSGS] => "C:\Program Files (x86)\Messenger\msmsgs.exe" /background
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSN Switcher.lnk [2017-05-24]
ShortcutTarget: MSN Switcher.lnk -> C:\Windows\Installer\{C73E6560-0B5C-4EDC-AE35-BDDACA3EB4EF}\_1042CC162D2E42A2856EC2.exe ()
Startup: C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk [2016-01-31]
ShortcutTarget: PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{27585678-9999-4D67-924B-267442BD5820}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{27585678-9999-4D67-924B-267442BD5820}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4D936AB4-48BA-4608-BB5D-4347884F6588}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5BBA3E18-A592-4E2F-8A0E-A8C884C1283A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{72F13270-B117-4838-A503-DAAB08C05ABA}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{DE080FBF-CECE-49EB-BBD8-53939BCA5F18}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F7324579-1B56-494D-AD19-D5087AD1E74E}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086994605-1295704852-2410178858-1000 -> OldSearch URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-11-24] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-23] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-11-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-11-24] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-23] (Oracle Corporation)
BHO-x32: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-11-24] (Microsoft Corporation)
BHO-x32: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-23] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2086994605-1295704852-2410178858-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://web.archive.org/web/20071011130420oe_/hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {444785F1-DE89-4295-863A-D46C3A781394} hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
DPF: HKLM {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-19] (NVIDIA Corporation)
FF Plugin-x32: @otee.dk/UnityWebPlayer -> C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll [2007-05-01] (OverTheEdge I/S)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxps://gosearch.me/?u=f69839da7b1cbd56f7711253ab1d29d3&c=up1&src=hp&inst=1435977685","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVJgsPUFtGGBgQdF0MTA1GFlMOeQkBWRRHGA0ScAoKBwwVFlMFIk0FA1oDB0VXfV5bFElXTwhwJVx1DksUc1BQNVVMEnEEQw=="
CHR Profile: C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default [2017-12-31]
CHR Extension: (Slides) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Entanglement Web App) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-08-01]
CHR Extension: (Theme Creator) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-03-02]
CHR Extension: (Docs) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-02]
CHR Extension: (Change Google Logo) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclbgpfoofnfglpgnlbaaancedlnimpl [2016-08-01]
CHR Extension: (YouTube) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-02]
CHR Extension: (Google Search) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-02]
CHR Extension: (Sheets) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-20]
CHR Extension: (Poppit!) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-02]
CHR Extension: (Chrome Media Router) - C:\Users\Marko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Marko\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-06-26]
CHR HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 BITS; C:\Windows\SysWOW64\qmgr.dll [77760 2000-05-03] (Microsoft Corporation) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-06] (Yuna Software) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-18] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-10-06] ()
S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [482008 2015-05-05] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [482008 2015-05-05] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [482008 2015-05-05] (VMware, Inc.)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12732608 2015-05-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75992 2015-03-11] (VMware, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2015-08-02] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-04] ()
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2003-09-08] () [File not signed]
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [35032 2015-03-11] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 dpcfwpwq; \??\C:\Windows\system32\drivers\dpcfwpwq.sys [X]
S1 pzelvpli; \??\C:\Windows\system32\drivers\pzelvpli.sys [X]
R3 udiskMgr; system32\drivers\ptwzcg.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-31 19:00 - 2017-12-31 19:04 - 000027371 _____ C:\Users\Marko\Downloads\FRST.txt
2017-12-31 19:00 - 2017-12-31 19:00 - 000000000 ____D C:\FRST
2017-12-31 18:59 - 2017-12-31 18:59 - 002392064 _____ (Farbar) C:\Users\Marko\Downloads\FRST64.exe
2017-12-31 17:53 - 2017-12-31 17:53 - 000142160 ____N C:\Windows\system32\Drivers\upbwzcgj.sys
2017-12-31 16:36 - 2017-12-31 16:36 - 001828304 _____ (GridinSoft LLC) C:\Users\Marko\Downloads\TrojanKiller-Setup.exe
2017-12-31 15:58 - 2017-12-31 19:03 - 000000000 ____D C:\Users\Marko\AppData\Local\niebuwx
2017-12-31 15:55 - 2017-12-31 19:02 - 000000000 ____D C:\Users\Marko\AppData\Local\cshvgxo
2017-12-31 15:55 - 2017-12-31 15:57 - 000000000 ____D C:\Users\Marko\AppData\Local\igfxmtc
2017-12-31 15:54 - 2017-12-31 18:09 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\wmoinbdsvc.exe
2017-12-31 15:53 - 2017-12-31 15:53 - 000000000 ____D C:\Windows\SysWOW64\sparkwl
2017-12-31 15:53 - 2017-12-31 15:53 - 000000000 ____D C:\Windows\system32\sparkwl
2017-12-28 22:02 - 2017-12-28 22:06 - 000000000 ____D C:\Users\Marko\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-12-28 22:02 - 2017-12-28 22:02 - 000000000 ____D C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-12-28 22:00 - 2017-12-28 22:01 - 002721168 _____ (Microsoft Corporation) C:\Users\Marko\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2017-12-28 18:32 - 2017-12-28 22:06 - 3319478272 _____ C:\Users\Marko\Downloads\en_windows_7_ultimate_x64_dvd.iso
2017-12-28 16:03 - 2017-12-28 16:03 - 002044369 _____ C:\Users\Marko\Downloads\SA5_XD11.zip
2017-12-28 15:55 - 2017-12-28 15:55 - 001997541 _____ C:\Users\Marko\Downloads\CT30N_A101.zip
2017-12-28 15:51 - 2017-12-28 15:52 - 016395650 _____ C:\Users\Marko\Downloads\Wireless_18.11.0_Ds64.zip
2017-12-23 19:50 - 2017-12-23 19:50 - 000000000 ____D C:\Program Files (x86)\OverTheEdge
2017-12-22 12:35 - 2017-12-22 12:35 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger .lnk
2017-12-22 12:31 - 2017-12-22 12:32 - 013320192 _____ C:\Users\Marko\Downloads\escargot-wlm-8.5.1302-en.msi
2017-12-20 18:34 - 2017-12-20 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-20 18:22 - 2017-12-20 18:22 - 000000000 ____D C:\Users\Marko\Documents\Buddy Images
2017-12-20 18:21 - 2017-12-20 18:21 - 000052353 _____ C:\Users\Marko\Downloads\nsmb_buddy_icons (1).zip
2017-12-20 18:08 - 2006-05-08 12:51 - 000000000 ____D C:\Users\Marko\Documents\New Super Mario Icons (Windows)
2017-12-20 18:07 - 2017-12-20 18:07 - 000387087 _____ C:\Users\Marko\Downloads\nsmb_icons_pc.zip
2017-12-20 17:18 - 2017-12-20 17:18 - 000859449 _____ C:\Users\Marko\Downloads\nsmb_wmp_skin.zip
2017-12-20 17:17 - 2017-12-20 17:17 - 000052353 _____ C:\Users\Marko\Downloads\nsmb_buddy_icons.zip
2017-12-09 16:26 - 2017-12-09 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-04 20:06 - 2017-12-04 20:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-12-04 20:06 - 2017-12-04 20:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-12-03 10:26 - 2017-12-03 10:26 - 000002083 _____ C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-12-03 10:26 - 2017-12-03 10:26 - 000000126 _____ C:\Windows\wininit.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-31 19:04 - 2009-07-13 21:34 - 019398656 _____ C:\Windows\system32\config\HARDWARE
2017-12-31 18:52 - 2015-09-17 13:59 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-12-31 18:52 - 2015-06-07 16:24 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-31 18:21 - 2015-09-17 13:59 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-12-31 18:14 - 2015-12-27 16:15 - 000000000 ____D C:\ProgramData\VMware
2017-12-31 18:10 - 2015-05-07 15:57 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-31 18:10 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-31 17:52 - 2009-07-13 23:45 - 000010416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-31 17:52 - 2009-07-13 23:45 - 000010416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-31 16:17 - 2015-05-21 20:47 - 000000000 ____D C:\Users\Marko\AppData\LocalLow\Adobe
2017-12-31 16:17 - 2015-05-06 19:57 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-31 15:53 - 2015-05-06 17:52 - 000000000 ___RD C:\Users\Marko\OneDrive
2017-12-31 13:43 - 2015-05-05 18:05 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5AA9872E-FA83-4B0B-B53C-C6BB016DC34A}
2017-12-28 22:49 - 2017-07-28 22:58 - 000003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2086994605-1295704852-2410178858-1000
2017-12-28 22:49 - 2015-05-06 17:52 - 000002160 _____ C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-12-23 21:39 - 2017-11-06 16:20 - 000000000 ____D C:\Users\Marko\AppData\Local\Ubisoft Game Launcher
2017-12-23 19:50 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\Downloaded Program Files
2017-12-22 12:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-22 12:35 - 2015-05-06 18:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-12-22 12:34 - 2015-05-06 18:15 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-12-20 23:22 - 2015-05-07 16:35 - 000000000 ____D C:\Users\Marko\AppData\Roaming\Skype
2017-12-20 18:34 - 2015-05-07 16:35 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-12-20 18:33 - 2015-05-07 16:35 - 000000000 ____D C:\ProgramData\Skype
2017-12-18 19:59 - 2017-02-08 19:16 - 000000000 ____D C:\Users\Marko\AppData\Local\Microsoft Help
2017-12-12 18:42 - 2015-05-06 19:57 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 18:42 - 2015-05-06 19:57 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 18:42 - 2015-05-06 19:57 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 18:42 - 2015-05-06 19:56 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-10 16:32 - 2015-05-16 17:33 - 000000000 ____D C:\Users\Marko\AppData\Roaming\.minecraft
2017-12-09 16:26 - 2015-09-17 13:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-02 14:53 - 2015-10-24 12:28 - 000000000 ____D C:\Program Files\CCleaner
2017-12-01 22:37 - 2017-08-17 15:09 - 000000000 ____D C:\Users\Marko\AppData\Local\ClassicShell
2017-12-01 22:29 - 2009-07-14 00:08 - 000032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2016-05-13 09:27 - 2016-05-13 09:27 - 000000203 _____ () C:\Program Files (x86)\INSTALL.LOG
2015-05-11 16:45 - 2015-05-11 16:45 - 000000000 _____ () C:\Users\Marko\AppData\Roaming\9C3.tmp
2015-06-18 21:38 - 2015-07-23 20:43 - 000000024 _____ () C:\Users\Marko\AppData\Roaming\appdataFr25.bin
2016-03-02 16:23 - 2016-03-02 16:23 - 000000000 ____H () C:\Users\Marko\AppData\Local\BIT6614.tmp
2016-07-22 16:42 - 2017-04-07 13:58 - 000007608 _____ () C:\Users\Marko\AppData\Local\Resmon.ResmonCfg
2015-05-07 16:40 - 2015-05-07 16:40 - 000000000 _____ () C:\Users\Marko\AppData\Local\Temp.dat
2015-08-18 22:21 - 2015-08-18 22:21 - 000000022 ____H () C:\Users\Marko\AppData\Local\xftredahs.dat
2016-03-02 16:23 - 2016-03-02 16:23 - 000000000 _____ () C:\Users\Marko\AppData\Local\{715D0D23-B4C5-47B3-91E0-03D402585D4F}
 
Some files in TEMP:
====================
2017-12-31 15:53 - 2017-12-31 15:53 - 000106768 _____ (Microsoft Corporation) C:\Users\Marko\AppData\Local\Temp\BACC.tmp.exe
2017-10-27 19:04 - 2017-12-09 21:37 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Marko\AppData\Local\Temp\drm_dyndata_7380014.dll
2017-11-10 20:51 - 2017-12-21 22:08 - 000208896 _____ (Sony DADC Austria AG) C:\Users\Marko\AppData\Local\Temp\drm_dyndata_7410004.dll
2017-12-20 18:24 - 2017-12-20 18:25 - 058804680 _____ (Skype Technologies S.A.) C:\Users\Marko\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\upbwzcgj.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2016-11-04 15:43
 
==================== End of FRST.txt ============================
Here is addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-12-2017
Ran by Marko (31-12-2017 19:05:37)
Running from C:\Users\Marko\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2015-05-05 01:18:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2086994605-1295704852-2410178858-500 - Administrator - Disabled)
Guest (S-1-5-21-2086994605-1295704852-2410178858-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2086994605-1295704852-2410178858-1002 - Limited - Enabled)
Marko (S-1-5-21-2086994605-1295704852-2410178858-1000 - Administrator - Enabled) => C:\Users\Marko
Mcx1-MARKO-PC (S-1-5-21-2086994605-1295704852-2410178858-1005 - Limited - Enabled) => C:\Users\Mcx1-MARKO-PC
___VMware_Conv_SA___ (S-1-5-21-2086994605-1295704852-2410178858-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Out of date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Out of date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
ActiveWorlds 3D (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\ActiveWorlds 3D) (Version: 6.2 - ActiveWorlds, Inc)
Activision® (HKLM-x32\...\{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}) (Version: 1.00.0000 - Activision) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Bejeweled 2 for Windows Mobile (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Astraware Bejeweled 2 for Windows Mobile) (Version: 1.31 - Astraware Limited)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
Coby Media Manager (HKLM-x32\...\{2D2CAE5D-FFCF-4D97-B7D6-F1AB49A00EEA}) (Version: 1.0.4606 - Coby)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.0.0 - Conexant)
Connection Manager (HKLM-x32\...\Connection Manager) (Version:  - ) Hidden
Counter-Strike Source 84 (HKLM-x32\...\Counter-Strike Source 84) (Version: 84 - Austeam)
Counter-Strike: Condition Zero (HKLM-x32\...\Counter-Strike: Condition Zero) (Version:  - )
CS-Condition Zero, 1.6, Half Life version 1.0 (HKLM-x32\...\CS-Condition Zero, 1.6, Half Life_is1) (Version: 1.0 - LeoO Globe)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
EBLUE Mouse Driver (HKLM-x32\...\{650A34BA-50BC-4D85-B10F-C4EC1B4FCEF3}_is1) (Version: 1.0 - EBLUE)
Emulator Images for Windows Mobile 5.0 with MSFP (HKLM-x32\...\{907A5FE4-2A3B-4BAA-B992-C07F06C32EF9}) (Version: 1.0.2.0 - Microsoft Coproration)
f.lux (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Flux) (Version:  - f.lux Software LLC)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fish Tycoon (HKLM-x32\...\Fish Tycoon) (Version: 1.6.2 - Last Day of Work)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Gears of War (HKLM-x32\...\{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Gears of War (HKLM-x32\...\InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto 3 (HKLM-x32\...\Grand Theft Auto 3   Version 1.1) (Version:    Version 1.1 - )
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Half-Life (HKLM-x32\...\Half-Life) (Version:  - )
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - Non Steam - KingSOFT DVD)
Half-Life Decay PC 1.0 (HKLM-x32\...\Half-Life Decay PC_is1) (Version:  - Vyacheslav Dzhura and Denys Zhatov)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
ISO Creator 1.0 (HKLM-x32\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Messenger Plus! for Skype (HKLM-x32\...\Messenger Plus! for Skype) (Version: 4.0.0.500 - Yuna Software)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Device Emulator version 1.0 - ENU (HKLM-x32\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Interactive CD Sampler (HKLM-x32\...\Microsoft Interactive CD Sampler) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Pocket PC 2003 SDK (HKLM-x32\...\{4BA6C9AC-B6BA-4B0D-AB8D-71B2B19D4AA3}) (Version: 04.20.0000 - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
MSN (HKLM-x32\...\MSNINST) (Version: 11.50.0769.0 - Microsoft Corporation)
MSN Explorer Repair Tool (HKLM-x32\...\{3D36105D-D6C2-413A-9355-7370E8D9125B}) (Version: 11.50.0769.0 - Microsoft Corporation)
MSN Messenger Service 3.6 (HKLM-x32\...\MSMSGS) (Version:  - )
MSN Switcher (HKLM-x32\...\{C73E6560-0B5C-4EDC-AE35-BDDACA3EB4EF}) (Version: 1.1.0 - Escargot)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{3201D0CA-3E67-431E-ACFE-DF408055ABD0}) (Version: 2.31.0 - The Pokémon Company International)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
PVK (HKLM-x32\...\PVK) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Reload (HKLM-x32\...\Reload) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\{924EAD66-F854-4605-8493-696DD59A113B}) (Version: 1.00.000 - )
Saints Row 2.v 1.2 (HKLM-x32\...\Saints Row 2.v 1.2_is1) (Version: Saints Row 2.v 1.2 - Repack by Fenixx (10.12.2013))
Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
ShaderTFX version 1.1 (HKLM\...\ShaderTFX_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWBFIIv1.2 (HKLM-x32\...\Unofficial Star Wars Battlefront II v1.2 Patch_is1) (Version:  - RepSharpshooter)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Legend of Pirates Online (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\The Legend of Pirates Online) (Version: 1.2.1 - The TLOPO Team)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.632 - Electronic Arts)
TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 1.6.2_8001 - Over The Edge I/S)
Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 43.1 - Ubisoft)
Valve Hammer Editor Unofficial 3.5.2 (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\Valve Hammer Editor Unofficial 3.5.2) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware vCenter Converter Standalone (HKLM-x32\...\{E9CC0208-D63B-4c63-90B1-598F99981D9F}) (Version: 6.0.0.2716716 - VMware, Inc.)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 11.1.2 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.2 - VMware, Inc)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
WinDirStat 1.1.2 (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\WinDirStat) (Version:  - )
Windows 7 Logon Background Changer (HKLM-x32\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Messenger (HKLM-x32\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Mobile 2003 Second Edition Emulator Images for Pocket PC - WWE (HKLM-x32\...\{E0CB7CE3-0E2D-4C83-A545-4EFB951BD4AB}) (Version: 1.0.0 - Microsoft Corp.)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WorldsPlayer (HKLM-x32\...\{27BF5556-A718-42FF-BDF9-9EBF4EFCDF10}) (Version: 1.19.20.01 - Worlds.com)
Xenon 2000 - Project PCF (HKLM-x32\...\{93EE3C83-725F-4EA4-891A-CD6B019FCDC1}) (Version:  - )
X-Men Origins - Wolverine™ (HKLM-x32\...\InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}) (Version: 1.00.0000 - Activision)
Zuma for Pocket PC (HKLM-x32\...\Astraware Zuma for Pocket PC) (Version: 1.03 - Astraware Limited)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2086994605-1295704852-2410178858-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Marko\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {1AACB93E-AA97-47F1-BD02-8D2AF2815436} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-04-07] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2015-05-31] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2015-05-31] (VMware, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-04-07] (Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-05-19] (NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-04-07] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0669B45D-CD1E-48B9-A5A6-C7D9BA1618C3} - System32\Tasks\{43119815-BFE4-4B9F-9B68-E28C89CE36E8} => C:\Windows\system32\pcalua.exe -a "C:\Games\Counter Strike Condition Zero\autorun.exe" -d "C:\Games\Counter Strike Condition Zero"
Task: {08B93814-DC45-4971-B319-9A52F1040E86} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {0C403BFC-C073-4B08-821E-DF19EC83D854} - System32\Tasks\{CCA401CC-4269-4392-A042-D8DF1F595C08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YGY50HA\csv14full.exe" -d C:\Users\Marko\Desktop
Task: {21EAC096-F039-41BD-84ED-81EF622F4D7A} - System32\Tasks\{A4889031-A162-4FE2-B584-BD1C474B71EE} => C:\Windows\system32\pcalua.exe -a D:\cdsample\sampler.exe -d D:\cdsample
Task: {2240CC9F-28BA-48C1-80EE-203951BCCC76} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2B1F9F99-9D7E-4658-A2B7-4964D58284A1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-15] (AVAST Software)
Task: {34B2ECB6-5A13-474D-8E83-9AD838371945} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {37EDB15D-7EE4-4F28-AA1E-A8DB1E1EA677} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D} - \PostPoneInstall -> No File <==== ATTENTION
Task: {404F13A3-950F-40EF-976A-4A79B87A549A} - System32\Tasks\{3E7F2F2D-262F-4564-95CC-174CC04F8DD4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Downloads\csv13full (1).exe" -d C:\Users\Marko\Downloads
Task: {5F281BDC-0701-4005-8161-847AD8680864} - System32\Tasks\{C0868BCE-15AE-43F2-9FF4-088F1CA4FE90} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {631CF190-251A-4B0A-9728-4EEDF2D4BFE5} - System32\Tasks\{819EEFEF-60FB-47FE-AD60-01437361AC00} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Downloads\Half-Life Setup.exe" -d C:\Users\Marko\Downloads
Task: {64A71635-B5B0-4D78-A7A3-A2899BABE1B9} - System32\Tasks\{90C8EF00-4994-43F6-9B9C-5C9404015668} => C:\Windows\system32\pcalua.exe -a C:\Users\Marko\Downloads\msasync38b5004.exe -d C:\Users\Marko\Downloads
Task: {66A0EA6E-9D4C-46D4-B8E0-761ED6783A50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {683E118A-C6A1-4E58-BC6C-F975A3444885} - System32\Tasks\{1801E2B2-415E-4545-8044-D85810AF7995} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\ -c -check
Task: {697DACFF-F6E7-4647-A1CB-1FEE086B76C6} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MARKO-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {6D36A381-075D-4201-B05B-D82140B953CE} - System32\Tasks\{2DB10924-D4E3-498F-B82A-B3C0D0949898} => C:\Windows\system32\pcalua.exe -a D:\MSN\MsnSetup\msnstart.exe -d D:\MSN\MsnSetup
Task: {6D6A1D17-2903-4F5A-B3BA-6636A145C90E} - System32\Tasks\{FEA0083A-1B4F-497F-8159-77EFF7A591D7} => C:\Windows\system32\pcalua.exe -a C:\Users\Marko\Downloads\1.0.154_chromesetup_154_59.exe -d C:\Users\Marko\Downloads
Task: {71E05A35-870B-4BC8-AED0-AEC8543F7521} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {7280D167-9340-4E31-B17D-F3E848B6E38F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {79E230F3-E6F9-4C5C-992A-D567108C2D4D} - System32\Tasks\{DB699E05-86DE-4948-BAC2-63D993CFC323} => C:\Windows\system32\pcalua.exe -a C:\Users\Marko\Downloads\FT_Setup.exe -d C:\Users\Marko\Downloads
Task: {8A944500-0260-43E0-B8E1-EB672B0029AB} - System32\Tasks\{5BCC6016-22DF-4ECF-8A5F-A6F2F2770C0D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Downloads\counterstrike\counterstrike\Counter Strike Condition Zero\CS-CZ-CD1\autorun.exe" -d "C:\Users\Marko\Downloads\counterstrike\counterstrike\Counter Strike Condition Zero\CS-CZ-CD1"
Task: {8D1982D3-A109-4866-9E8A-65FCFBE462D7} - System32\Tasks\{B9E23C50-2EE9-4192-9DC6-8BF1F9C5F6AA} => C:\Windows\system32\pcalua.exe -a "C:\Games\Quake 3 Arena\Setup.exe" -d "C:\Games\Quake 3 Arena"
Task: {8D3A66D8-341F-45C4-B70B-05F88A08B6DB} - System32\Tasks\Application Installer Schedualer => C:\Program Files (x86)\Application Installer\ApplicationInstaller.exe <==== ATTENTION
Task: {9B54D496-E827-4301-A091-E470D4CF09B7} - System32\Tasks\{C77CF72E-7082-4BF2-B8E4-F6D49838F01D} => C:\Windows\system32\pcalua.exe -a D:\AUTORUN.EXE -d D:\
Task: {A5232072-F8FB-432C-91CE-778565472A14} - System32\Tasks\{B070B5B6-96AC-49AF-BA90-8A19DBFB4329} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Coffee Stain Studios\Goat Simulator\_CommonRedist\UE3Redist.exe" -d "C:\Program Files (x86)\Coffee Stain Studios\Goat Simulator\_CommonRedist"
Task: {AB15A51D-65F6-4FC3-9F36-4625708F483F} - System32\Tasks\{55B379FE-2E24-49BB-A586-0C0294463436} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
Task: {ABABDDF1-7A3F-4C68-A523-33EF42A62D13} - System32\Tasks\{A3FF95E0-C545-4B5B-A250-056CC712608A} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
Task: {B22DB3C1-D858-4F96-8A11-6854A0C0B4B2} - System32\Tasks\{DC43D50B-D28E-4254-8676-79FC915FAD62} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Downloads\counterstrike\counterstrike\Counter Strike Condition Zero\CS-CZ-CD1\setup.exe" -d "C:\Users\Marko\Downloads\counterstrike\counterstrike\Counter Strike Condition Zero\CS-CZ-CD1"
Task: {B7FB1651-7619-4070-A340-4B4BF2DE88F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {C10B64C9-7493-4269-BE85-F09825D9B2C7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {C1D86D7F-152F-43C9-B07E-A34CE5761405} - System32\Tasks\{32392604-75AE-47A9-BA46-B1960885D236} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Documents\Msn Server Emu\msnm36.exe" -d "C:\Users\Marko\Documents\Msn Server Emu"
Task: {C8F2F260-F7E6-4DBC-AD54-7279E6B68BEB} - System32\Tasks\{334FBFD6-8DE4-4E1F-8C06-05BB117258AC} => C:\Windows\system32\pcalua.exe -a C:\Users\Marko\Downloads\3danalyzer-v236.exe -d C:\Users\Marko\Downloads
Task: {D55E1AC8-D162-4678-9E28-A5201DC6EC1F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {DB54B13E-2631-4CAE-A389-06B39670469F} - System32\Tasks\{5AF811C8-E1A9-49ED-829B-2D98C1F5981F} => C:\Windows\system32\pcalua.exe -a "C:\Games\Call of Duty Modern Warfare\iw3sp.exe" -d "C:\Games\Call of Duty Modern Warfare"
Task: {DBA4840F-A0AF-46EE-893B-F5B7E18C2DD4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E25260E0-C4F8-4B4E-AF5D-9DD24DB28392} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2086994605-1295704852-2410178858-1000
Task: {E257C2EE-106D-4C99-AD56-36169443DC73} - System32\Tasks\{4569E570-BCE7-4B91-B6C0-1BA00DE49B78} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\Marko\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
Task: {FFF27A17-256E-400F-844B-AD7EA7567C1B} - System32\Tasks\{C68C6A94-FDA4-42AC-9A50-1A32064C9440} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\Documents\Pocket Pc Apps\bejeweled2-ppc-v1-31.exe" -d "C:\Users\Marko\Documents\Pocket Pc Apps"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1456926373&a=1003478&src=sh&uuid=7e5a8ea8-125c-42fe-b8aa-d12c6f730249"
ShortcutWithArgument: C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1456926373&a=1003478&src=sh&uuid=7e5a8ea8-125c-42fe-b8aa-d12c6f730249"
ShortcutWithArgument: C:\Users\Marko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1456926373&a=1003478&src=sh&uuid=7e5a8ea8-125c-42fe-b8aa-d12c6f730249"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-07 15:57 - 2014-05-19 20:25 - 000116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-07 16:10 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-10-06 20:05 - 2016-10-06 20:05 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-03 06:36 - 2013-11-15 07:45 - 003637248 _____ () C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe
2017-04-25 17:41 - 2017-04-25 17:41 - 000025088 _____ () C:\Program Files (x86)\Escargot\MSN Switcher\msn-switcher-exe.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 000236856 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2017-12-16 11:59 - 2017-12-05 23:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-16 11:59 - 2017-12-05 23:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2015-05-05 04:05 - 2015-05-05 04:05 - 000191704 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\LIBEXPAT.dll
2015-05-05 04:05 - 2015-05-05 04:05 - 000388824 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\ssoClient.dll
2015-05-05 04:03 - 2015-05-05 04:03 - 000542936 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2015-05-05 04:04 - 2015-05-05 04:04 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2015-05-05 04:05 - 2015-05-05 04:05 - 000086744 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2015-05-31 07:59 - 2015-05-31 07:59 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2017-04-25 17:13 - 2017-04-25 17:13 - 000034816 _____ () C:\Program Files (x86)\Escargot\MSN Switcher\msn-switcher-dll.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 17:37 - 2017-12-12 17:37 - 000078848 _____ () C:\Program Files (x86)\Windows Live\Messenger\msidcrl40.dll
2015-06-07 16:27 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-07 16:27 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-07 16:27 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-07 16:27 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-07 16:27 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-16 13:01 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-16 13:01 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-16 13:01 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-16 13:01 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-16 13:01 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2015-06-07 16:27 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-21 14:46 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-07-03 06:36 - 2012-03-08 07:23 - 000028160 _____ () C:\Program Files (x86)\EBLUE MOUSE\uiHook.dll
2017-12-09 16:25 - 2017-12-04 20:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-12-09 16:25 - 2017-12-04 20:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-11-17 19:35 - 2017-12-04 20:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-11-17 19:34 - 2017-12-04 20:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-11-17 19:34 - 2017-12-04 20:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-11-17 19:34 - 2017-12-04 20:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-12-09 16:25 - 2017-12-04 20:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-12-09 16:25 - 2017-12-04 20:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-11-17 19:35 - 2017-12-04 20:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-11-17 19:35 - 2017-12-04 20:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-12-09 16:25 - 2017-12-04 20:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-12-09 16:25 - 2017-12-04 20:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-11-17 19:35 - 2017-12-04 20:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-11-17 19:35 - 2017-12-04 20:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-11-17 19:35 - 2017-12-04 20:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-11-17 19:34 - 2017-12-04 20:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-11-17 19:35 - 2017-12-04 20:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-11-17 19:35 - 2017-12-04 20:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-17 19:35 - 2017-12-04 20:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-12-09 16:25 - 2017-12-04 20:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-12-09 16:25 - 2017-12-04 20:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-11-17 19:35 - 2017-12-04 20:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-12-09 16:25 - 2017-12-04 20:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-11-17 19:35 - 2017-12-04 20:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-12-09 16:25 - 2017-12-04 20:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-06-09 10:28 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-12 21:24 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-06-07 16:27 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Marko:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-06-17 14:24 - 000000894 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: lkClassAds => 2
MSCONFIG\Services: lkTimeSync => 2
MSCONFIG\Services: MsgPlusService => 2
MSCONFIG\Services: mxssvr => 2
MSCONFIG\Services: NIApplicationWebServer => 2
MSCONFIG\Services: NIDomainService => 2
MSCONFIG\Services: nimDNSResponder => 2
MSCONFIG\Services: NINetworkDiscovery => 2
MSCONFIG\Services: niSvcLoc => 2
MSCONFIG\Services: PrivoxyService => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk => C:\Windows\pss\NI Error Reporting.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: Discord => C:\Users\Marko\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3E381A9E9A9813EBD1E6A6B267CFA5AF => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Itibiti.exe => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MessengerPlusForSkypeService => "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MSMSGS => C:\Program Files (x86)\Messenger\msmsgs.exe /background
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NI Update Service => "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
MSCONFIG\startupreg: NIRegistrationWizard => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{24B27553-1401-4F17-BD22-2A12C0199780}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5291C430-8A4C-4864-A63D-DBD8F28D5BF0}] => (Allow) LPort=2869
FirewallRules: [{E2702C04-7721-41E1-89CE-AD812E00B211}] => (Allow) LPort=1900
FirewallRules: [{E3420480-8363-4207-9EAD-C2F697560E9C}] => (Allow) C:\Users\Marko\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{FA062D04-5822-4C5C-A7CB-0A8D701A0BAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{942246E5-CC0D-400D-B54F-7C0E811D02AA}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{BAF9C9E0-3202-4E7E-9BDC-F2DB47E75898}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{DC05F1CA-6669-48E4-B5A8-EA9362ABB3CB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{687CD714-3204-42CC-9094-96608B5708D7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DA2EC07E-1B46-4F3E-AEA4-18691AA18C1D}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{ABA41B0F-4DA2-4BD1-97E8-A32A42B9D101}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{19338979-69A5-45CA-85E3-E30DA19BEFE7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{02DC3ED3-6B49-4840-8129-2E62F6683966}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{86A8FD4A-2A53-4A3F-AD12-9ACEB5CC96BB}C:\program files (x86)\coffee stain studios\goat simulator\redist\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\coffee stain studios\goat simulator\redist\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{EFF36DD1-00BF-45B3-95D8-08BD75AF6C32}C:\program files (x86)\coffee stain studios\goat simulator\redist\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\coffee stain studios\goat simulator\redist\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{16F64441-D988-4AE1-920F-7D5F62DC4B94}] => (Allow) C:\Users\Marko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2F907F69-32A9-485D-BBAA-54D38E9EE14C}] => (Allow) C:\Users\Marko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{32C34873-CB75-4BEE-A6C9-288B62930DCE}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{8A9C3697-8FFE-4016-8915-19DD7F3E7947}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{DBF5EE6C-67C3-4C87-93C3-F903455B22C3}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{9BD1B28C-F335-47CF-B6D1-B7F8AB4CE344}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [{CE49F3D6-D05E-4207-B0C6-81027B98D968}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{85BEAC58-F602-49F7-9AF6-0A2A6DB0CA2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FFBF705-28B0-4E07-8B90-C7123EFA74AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EDAF2C54-F3AE-4241-ACB0-3DE1BBA5E4A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{078613C9-F25A-435E-80E7-B58D036A0815}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{AFFDC783-DC3B-400D-8860-C78545674EFF}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{88A33803-54B7-48D1-B89C-E6DBB21E72EF}C:\games\saints row iv nosteam\saintsrowiv.exe] => (Allow) C:\games\saints row iv nosteam\saintsrowiv.exe
FirewallRules: [UDP Query User{026F1085-7215-4F7F-8E9F-F576C59E1828}C:\games\saints row iv nosteam\saintsrowiv.exe] => (Allow) C:\games\saints row iv nosteam\saintsrowiv.exe
FirewallRules: [TCP Query User{6D7177E0-DA10-4BE3-82AD-8B79EC1B5811}C:\program files (x86)\saints row 2.v 1.2\sr2_pc.exe] => (Allow) C:\program files (x86)\saints row 2.v 1.2\sr2_pc.exe
FirewallRules: [UDP Query User{A7B270E6-5FFD-473D-9623-3133F13AB2A2}C:\program files (x86)\saints row 2.v 1.2\sr2_pc.exe] => (Allow) C:\program files (x86)\saints row 2.v 1.2\sr2_pc.exe
FirewallRules: [TCP Query User{36AE8699-338F-44D5-AD01-AF0974E2469D}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe
FirewallRules: [UDP Query User{2D2B9679-AFAD-4F27-BA59-1677365AE56C}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe
FirewallRules: [{5F85A1DF-C88C-4247-8082-13A71796F77A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe
FirewallRules: [{1AA836F0-454D-4A22-BD11-3B3F6CDD013B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe
FirewallRules: [{549E95F8-570D-452A-B9BB-43AAA7608A3F}] => (Allow) C:\Program Files (x86)\Activision\X-Men Origins - Wolverine™\Binaries\Wolverine.exe
FirewallRules: [{71A970C3-3319-41E3-BD01-525443BD67FD}] => (Allow) C:\Program Files (x86)\Activision\X-Men Origins - Wolverine™\Binaries\Wolverine.exe
FirewallRules: [TCP Query User{C41DB48C-9A13-40CA-B3D4-BA0EFD40D317}C:\users\marko\documents\msn server emu\msn server.exe] => (Allow) C:\users\marko\documents\msn server emu\msn server.exe
FirewallRules: [UDP Query User{86F5C33F-AD7B-4039-A047-4386355C2682}C:\users\marko\documents\msn server emu\msn server.exe] => (Allow) C:\users\marko\documents\msn server emu\msn server.exe
FirewallRules: [{CB413E5A-E847-4EBB-A794-3F8B5DF68E55}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDE66AD5-644D-44A5-AC63-24ED794D867F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B936A0C4-D4E9-427B-87CA-3819B5B9844A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD23C742-B575-4A06-A405-630CB624AE9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4C52CAE8-ECB0-48F2-8C71-E6CE94D05AEE}C:\games\call of duty modern warfare\iw3mp.exe] => (Allow) C:\games\call of duty modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{7C6AED41-A89E-4E98-A3D4-13662CF4B87B}C:\games\call of duty modern warfare\iw3mp.exe] => (Allow) C:\games\call of duty modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{C0A8B9B6-EDA9-420A-A21E-1B44397093CC}C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe] => (Allow) C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{F37467B4-EA70-4165-8545-2B4D6AEDF630}C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe] => (Allow) C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{DFBD24E0-4B87-41B2-9597-087D7EB1890B}C:\program files (x86)\popcap games\zuma deluxe\zuma.exe] => (Allow) C:\program files (x86)\popcap games\zuma deluxe\zuma.exe
FirewallRules: [UDP Query User{15F621F7-453C-4E50-A0DD-6C90D66E9B70}C:\program files (x86)\popcap games\zuma deluxe\zuma.exe] => (Allow) C:\program files (x86)\popcap games\zuma deluxe\zuma.exe
FirewallRules: [TCP Query User{D52A394A-47E2-4625-92C1-B4A28E63E22C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{18DB9ED5-F980-49C5-B9AB-67E1D117722E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{90635882-1CBF-434D-820B-1F71A65C58D3}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{874601BB-404F-4E12-A934-C2464C24C245}C:\games\csgo.exe] => (Block) C:\games\csgo.exe
FirewallRules: [UDP Query User{71AAC89F-EAFD-4285-B478-E6A96A1EA348}C:\games\csgo.exe] => (Block) C:\games\csgo.exe
FirewallRules: [TCP Query User{4B95BF65-A534-41D2-ADD5-91A67EBAD0F6}C:\games\counter-strike\hltv.exe] => (Allow) C:\games\counter-strike\hltv.exe
FirewallRules: [UDP Query User{0D7EB67F-C92C-4E95-A898-25CD2A069DA4}C:\games\counter-strike\hltv.exe] => (Allow) C:\games\counter-strike\hltv.exe
FirewallRules: [TCP Query User{04BB3D35-8FCA-4317-92D6-2185FFE24F2D}C:\counter strike - global offensive\csgo.exe] => (Allow) C:\counter strike - global offensive\csgo.exe
FirewallRules: [UDP Query User{A1F6B7EA-EAF9-47F2-9572-5028FF47F99B}C:\counter strike - global offensive\csgo.exe] => (Allow) C:\counter strike - global offensive\csgo.exe
FirewallRules: [TCP Query User{A11E9172-7067-4D78-89CF-4B98565B2F01}C:\program files (x86)\leoo globe\cs-condition zero, 1.6, half life\hl.exe] => (Allow) C:\program files (x86)\leoo globe\cs-condition zero, 1.6, half life\hl.exe
FirewallRules: [UDP Query User{8957D03E-D8BA-439F-8686-93C813B2F43E}C:\program files (x86)\leoo globe\cs-condition zero, 1.6, half life\hl.exe] => (Allow) C:\program files (x86)\leoo globe\cs-condition zero, 1.6, half life\hl.exe
FirewallRules: [TCP Query User{FCF0712F-1B29-4B06-9CBB-9916F197DB7E}C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [UDP Query User{A6973ACD-73E6-4EEA-BC65-59137B9B2548}C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [TCP Query User{4836A944-D95C-4439-8BC4-81ACBFB1E2AF}C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe] => (Allow) C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe
FirewallRules: [UDP Query User{0CC0C479-667D-49C7-A4F0-B4F467E6F1E6}C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe] => (Allow) C:\users\marko\downloads\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe
FirewallRules: [TCP Query User{D3328B86-91E1-44BC-9032-A59916551898}C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [UDP Query User{28BA4282-B88C-43C5-A455-4772774B9C0C}C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [TCP Query User{CB4424BC-B49F-4EB0-96FE-DFEB22582BF3}C:\ut2004\system\ut2004.exe] => (Allow) C:\ut2004\system\ut2004.exe
FirewallRules: [UDP Query User{5B5EC036-4E9F-45F4-B721-B6DBA13F87ED}C:\ut2004\system\ut2004.exe] => (Allow) C:\ut2004\system\ut2004.exe
FirewallRules: [TCP Query User{A37233F6-47DC-4F5F-A845-1866BF352B7E}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [UDP Query User{03D41949-72A5-40AB-919F-9EA5EC978A04}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [TCP Query User{485D2159-A2D2-405F-A416-F5874C5A78BA}C:\program files (x86)\austeam\counter-strike source\hl2.exe] => (Allow) C:\program files (x86)\austeam\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{81EC83D7-8A04-4278-9203-4B6592DE6E46}C:\program files (x86)\austeam\counter-strike source\hl2.exe] => (Allow) C:\program files (x86)\austeam\counter-strike source\hl2.exe
FirewallRules: [{20C7007A-24B1-48EB-B6C1-9E0DBC5E6B21}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{C3F5944A-4F9A-4311-A559-D946C564E465}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{386C76ED-F456-4A13-8487-850C147EA83E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{499FA3D0-61B8-4F23-BC24-3EF987312AFF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{5DBFA78F-76BD-48EE-8C96-3C28B7BAF00C}] => (Allow) LPort=9089
FirewallRules: [TCP Query User{0EB7B334-1BBB-46B7-BF0C-E1DCD5D9AB93}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [UDP Query User{F7DC514C-CFCA-456D-8550-B1669080C80B}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [TCP Query User{3B5E6195-A823-489B-B3CB-4474E6DADA69}C:\program files (x86)\valve\half-life\hltv.exe] => (Allow) C:\program files (x86)\valve\half-life\hltv.exe
FirewallRules: [UDP Query User{F8108083-4BCB-43EC-891C-E520D24A7D97}C:\program files (x86)\valve\half-life\hltv.exe] => (Allow) C:\program files (x86)\valve\half-life\hltv.exe
FirewallRules: [TCP Query User{B95C8C48-E6E3-4FAC-910B-9868C6F9C636}C:\games\team fortress classic v48\hl.exe] => (Allow) C:\games\team fortress classic v48\hl.exe
FirewallRules: [UDP Query User{ADBCD1A4-4A3D-49F3-AC03-5A8313090F9D}C:\games\team fortress classic v48\hl.exe] => (Allow) C:\games\team fortress classic v48\hl.exe
FirewallRules: [{5F385A8A-B61A-4E0B-8971-E9661F6CC357}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9CE6EE15-F89F-40E2-A09B-0547642B606B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{8B273E3D-D6C5-43A3-AD39-6EB76A378CF5}C:\program files (x86)\valve\half-life\hl.exe] => (Block) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [UDP Query User{D3431D10-7125-4B27-A258-D7020F094DFE}C:\program files (x86)\valve\half-life\hl.exe] => (Block) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [TCP Query User{364C8815-147C-490A-B9DD-8C926597DB49}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{7DE6ED08-ECAD-4A81-8F4F-51094E2E846E}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{A1A6DB09-3D8E-4A4D-88BC-4D66F428B6E4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{7E2C728D-A0A6-401C-AE25-7EAF594E615F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{D2FEF456-4A39-4E97-98AF-2E56AE0A1604}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [UDP Query User{721770F8-6552-4FC5-97F2-9941743501FD}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [TCP Query User{55AE33A7-4FFD-4B62-80AF-9C2F8787CD74}C:\program files (x86)\java\jre1.8.0_74\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_74\bin\javaw.exe
FirewallRules: [UDP Query User{92315DEF-7428-482C-86B8-A727C1F1386B}C:\program files (x86)\java\jre1.8.0_74\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_74\bin\javaw.exe
FirewallRules: [TCP Query User{302B72B6-BC8C-4DF7-926E-C21705A3737B}C:\program files\java\jdk1.8.0_77\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_77\bin\jmc.exe
FirewallRules: [UDP Query User{F2B18835-6E81-4B20-B7D4-04BCDB8E2C50}C:\program files\java\jdk1.8.0_77\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_77\bin\jmc.exe
FirewallRules: [TCP Query User{8BF9D67E-844C-4B7C-AA13-64CCD9112942}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{CE533684-94E2-418A-94A6-44C222CA9D65}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [TCP Query User{FF849B51-9CC1-4AC7-9E13-E978F69B7D22}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{108CFF02-1AC3-4A72-9F0A-1A2411DC3514}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{7C9DB85C-10DA-40DE-A93E-457546E0463D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C679AA13-4A55-4C7F-8073-D60B7D8A034C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D75CD64B-A21D-4A90-9BBC-B7D2FAABDCAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{67FC596B-36E8-45BB-8805-BE7467FB8DA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{2082B6FB-36D6-47D2-A28C-0ACB0034CEAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{3FB589B2-8D0C-4C5A-AA52-E53FCB57CB08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [TCP Query User{51BAB821-3C36-4237-9C04-D17541F7CD44}C:\games\team fortress classic v48\hl.exe] => (Allow) C:\games\team fortress classic v48\hl.exe
FirewallRules: [UDP Query User{89766E90-05ED-4F0E-ACA7-4742169B2009}C:\games\team fortress classic v48\hl.exe] => (Allow) C:\games\team fortress classic v48\hl.exe
FirewallRules: [TCP Query User{A6284973-F48F-47E0-9BE2-B7CFCDDF0490}C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe] => (Allow) C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe
FirewallRules: [UDP Query User{C6EBDED7-A714-4E7F-A250-F6E58F5205BB}C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe] => (Allow) C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe
FirewallRules: [TCP Query User{29A03757-35B3-4F71-A744-48F88867D578}C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [UDP Query User{EC9F3800-CFD2-4EC5-A726-42A9C47D5C3D}C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) C:\games\quake 3 arena\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [{CB32521F-EFA8-4F91-AFA9-046A94F50E7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{3BB8B2D1-3A0D-46E1-8D72-B48073EF92C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{73BD14F4-3AD1-4788-AF4D-AF1E99A64C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{466A2ED3-D365-4CB7-B86F-D069EF5A08ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{4B8CAA1D-0370-4458-841F-CDA38BA38572}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9B2600A2-43C2-4E11-B437-B564588B289B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{36437F7B-9276-4E65-8BE1-ACEAC402EE6B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E71BF65D-5A1C-4E53-9293-AE7DF89B1274}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{37E7BFB6-3D3B-419F-8491-BA6B7FC41DB1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E9F0454A-E489-4C55-B42C-E70BAE73D279}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{5B263C82-B1B9-46B9-8A9A-1C2F3356A203}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [TCP Query User{79301AE4-0619-4D6B-8D3C-8F03B67AC802}C:\counter strike - global offensive\launcher\tools\steamcmd.exe] => (Allow) C:\counter strike - global offensive\launcher\tools\steamcmd.exe
FirewallRules: [UDP Query User{1C9F75E7-BABB-4A69-BACF-9CA88011F97F}C:\counter strike - global offensive\launcher\tools\steamcmd.exe] => (Allow) C:\counter strike - global offensive\launcher\tools\steamcmd.exe
FirewallRules: [{A5FE3591-C1F5-46C2-8829-03B45D1BD90F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{89CB9782-3857-4055-A480-0307F67CEC2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [TCP Query User{B04B321F-EFDA-4688-91BC-FF5425CF01EE}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe
FirewallRules: [UDP Query User{5FC6E515-0BAC-4C2B-B55F-DD2E301FCD06}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe
FirewallRules: [{7604996F-DFF5-49D1-BD73-8BC8F9B53DDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{6D1E121F-A3EB-46FD-B6F3-C1A26D54D518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7F1AAF25-BF02-48AB-B9EF-CF0B966933E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{9930882B-0EBB-4533-8D26-36241BDEAEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{8B0BED82-36CD-44A2-9322-5F8F0ABBEE28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{37D5E405-99AE-48DE-BA38-95073C15EAE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B6981AF9-DB5D-4202-B57B-DCB9FDC12AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{A1F68FEC-6CCC-4928-BC88-B26E8F00BCC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{EF6BB3E7-FA52-4066-BBE6-E6F55705C80E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4B76A2E3-015F-48EB-A654-3872F399B206}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{15CA38F6-5C99-4077-8D11-7108C217BE81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{305852B7-02CE-4B89-87AE-E076601AAD93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{DAB640B4-05EB-4109-88D1-1516D26C2AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fortress Forever\hl2.exe
FirewallRules: [{CF309279-5B0F-4AF4-93EB-40477F42B24D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fortress Forever\hl2.exe
FirewallRules: [TCP Query User{AAE0C7BA-4D0A-4C4C-87E1-DF2EB135B39B}C:\program files (x86)\mastiff\reload\reload.exe] => (Allow) C:\program files (x86)\mastiff\reload\reload.exe
FirewallRules: [UDP Query User{AC921AB2-84EB-4751-B958-A32D9941DDE5}C:\program files (x86)\mastiff\reload\reload.exe] => (Allow) C:\program files (x86)\mastiff\reload\reload.exe
FirewallRules: [{1FD259EA-1084-4546-BB7E-B95024169C5E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BC444B4A-F9BF-403C-B066-910A8C4FD537}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6EA000FB-47E0-4FD0-9F2C-B4386461A44C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{0C7B2A6D-6914-4355-90EB-A90248A7E8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6C9A1B71-EA4C-45B4-81E5-9DC0A5D56B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{9A84D6B9-AF97-4D20-BA23-CBBE1F9CDCF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{A1FA3A09-5FA1-459A-95F2-4A253918445B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{AED4669B-CED9-43CC-8326-A1EDC23864F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{29B7D542-9747-48AF-81AF-5FF3C1C14B6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{086CE624-4500-46E5-A795-DB6476948B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{28131CE7-DAD0-4F46-A560-A8F98F45BE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{4FD25635-3A33-476C-B012-D6D8E87144BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{26397D80-86FC-4F56-8A64-D8C7A010969A}C:\sierra\half-life\hl.exe] => (Allow) C:\sierra\half-life\hl.exe
FirewallRules: [UDP Query User{7AB14F0E-2F1E-4E71-A1FF-043A6E8D1A82}C:\sierra\half-life\hl.exe] => (Allow) C:\sierra\half-life\hl.exe
FirewallRules: [{067A31C5-4CCB-46B4-9268-140F93918C2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{78892CA9-4EC4-447A-ADC6-2B0BE54FFAE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{95121C35-2DBD-4AA0-A0C3-0DB62203FA79}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{A9FFE373-5C75-461B-9A86-99994BDBFD14}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{CDA8E225-663E-4388-8F98-88122DF1BD31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{59C05F2E-174F-41EE-9847-575FCF0E6B66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{09A0AB00-6CA9-4244-A3A0-116135C22411}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{50F20CA9-AD89-4E59-A406-1B6A19E3D444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [TCP Query User{4F354D91-E099-448C-A88C-3DCF35DB468A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{8F9D2416-6618-4CFE-8303-B56B8B02458B}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{81CCD8C9-963A-4427-964B-45E1F5CBE6B2}] => (Allow) G:\Games\Valve\Steam.exe
FirewallRules: [{03B66F85-36A4-43F9-A4E4-46808EE05117}] => (Allow) G:\Games\Valve\Steam.exe
FirewallRules: [TCP Query User{11B779DA-9FDE-4C70-8574-C10E8F843BF6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{97BFC75C-6CEB-42ED-A0E4-0AA94267B279}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{DE0418EB-E896-473D-9DF4-2699FD7B7F3F}C:\program files (x86)\microsoft games\halo 2\halo2.exe] => (Allow) C:\program files (x86)\microsoft games\halo 2\halo2.exe
FirewallRules: [UDP Query User{5CA576A7-CB24-479A-AB75-6DB35125A8DE}C:\program files (x86)\microsoft games\halo 2\halo2.exe] => (Allow) C:\program files (x86)\microsoft games\halo 2\halo2.exe
FirewallRules: [TCP Query User{85DD5994-3829-43F2-92A4-15E932A017E8}C:\program files (x86)\msn messenger\msnmsgr.exe] => (Allow) C:\program files (x86)\msn messenger\msnmsgr.exe
FirewallRules: [UDP Query User{1A8EE941-E4E4-4A9B-8FE5-49066C273D67}C:\program files (x86)\msn messenger\msnmsgr.exe] => (Allow) C:\program files (x86)\msn messenger\msnmsgr.exe
FirewallRules: [TCP Query User{259DB469-9851-405D-A175-9A3127120C9F}C:\users\marko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marko\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E55CB745-0271-43CA-8D71-AFE510DD64C0}C:\users\marko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marko\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D24D6EC7-AC74-4E4D-A748-F08E3540ECAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe
FirewallRules: [{77EC618C-C70C-4139-9278-F1234C0040BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mesa\bms.exe
FirewallRules: [{2A48B962-635D-4740-A1A5-DC96A3CE1166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{2E9F24C4-B34E-4693-9958-5B2D78801071}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [TCP Query User{5175F26C-D193-4175-8F7A-19767A64C905}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [UDP Query User{968F74A0-D908-42D4-BE52-1E6D3486914A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [{B7470398-E398-4B9C-A809-571BCC9FBCC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{AF30004C-7433-4997-B650-0AA6997DA29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [TCP Query User{CA4F37D5-5C9F-4972-90C0-D2AD9D34DAB0}C:\users\marko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marko\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{086D1EF8-1BF4-4620-B429-93CC4D16A97C}C:\users\marko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marko\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C44C8DDF-8735-4958-A834-E8168F4AE75E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C86D1204-B2F1-4308-B955-B9CB0D85CA13}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E149B73E-0674-47B7-8B20-6F28F32CBDB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{61A9929A-54E7-4A31-8E42-992938858541}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7840D7DB-CE3F-4F14-A22F-3566D586B96B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D821BF5F-65C9-4727-9C32-FF1794E4064D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CA0DACEA-3545-4B17-BC21-85259EF6E8DA}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{8FFD9012-0417-4BBD-9714-A1535B85C82B}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{BEB96566-E30E-477A-B57D-EECF4B534C8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{0D2C9E90-0EB8-435F-8EFF-F76ED2439C41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{73B834FD-1878-41CB-A765-DCF5591E042C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\half_life_caged\hl.exe
FirewallRules: [{A97477C3-E7C2-4CF7-B696-C4C79864B53E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\half_life_caged\hl.exe
FirewallRules: [{839B5066-D554-414E-B4E2-172931999728}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [{E3E6C27F-741D-4839-AACD-7BD105D845FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{8AD1578D-B435-4482-9FE0-6BAFDC370D43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{74936885-D91E-43E5-A9F1-A9B062BC3252}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{0494CB1B-E7D0-4B1F-B068-E746786F9526}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{7FC601EA-DDC1-4474-8312-A28705AE7A5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{CB257CC4-4315-4610-B45A-9F5D110F1468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{125147D7-3718-4B4D-9350-5FF8EA551EED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{647BDB2C-D2DC-4125-BC74-8C1B1E858EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{8E172776-C2BC-46F3-9B47-5BBABCE1E6AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{D49F643B-AA92-4253-931D-10E10DBC22E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{C7E20C17-73E9-4BB0-9FB1-47376F1B186B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{070DB32D-763B-4AAB-A306-4A97E3E4892F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{BA0DCBCE-C3C3-4A45-8DEA-683C88A233BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{B9EE48D0-5EDF-4C6B-A7FB-14F5F1E48DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{9F62319B-29DB-4C8F-95B5-398B6B7BF420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{DD593B8D-12B8-416F-B816-9F57B41C1447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{283F1BBF-1AE9-4F38-894A-1BD317F0C34F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{F1A3DA7C-B71C-430F-9AF6-80ADA5208D46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{DF74B9DA-215C-4906-A376-EAEB02701C1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{FD49C8B1-9ED5-4C4B-9AAE-3980DA2A124D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{D39F55B9-3162-47A7-ADA9-A0E1B02C05BA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{FF9D60AE-86B5-41C9-8759-BA4E7B502911}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C666F733-A152-489F-BC6A-E7015C991241}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5094F75D-E99F-4899-B4D7-27700280DAF3}] => (Allow) svchost.exe
FirewallRules: [{0938DD19-A8E7-4105-8C27-D3957B9FF145}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/31/2017 06:52:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (12/31/2017 06:52:10 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/31/2017 06:14:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 㼼浸敶獲潩㵮ㄢ〮•湥潣楤杮∽瑵ⵦ∸㸿਍愼獳浥汢⁹浸湬㵳產湲猺档浥獡洭捩潲潳瑦挭浯愺浳瘮∳洠湡晩獥噴牥楳湯∽⸱∰ാ 㰠獡敳扭祬摉湥楴祴渠浡㵥㠢慥昸㤴㌷㤹攳㉤㈶晡㙡摣挰搹㤳㤴≢瘠牥楳湯∽ㄱ㈮㤮〶⸰㠱㌲∰瀠潲散獳牯牁档瑩捥畴敲∽浡㙤∴氠湡畧条㵥渢略牴污•畢汩呤灹㵥爢汥慥敳•異汢捩敋呹歯湥∽ㄳ晢㠳㘵摡㘳攴㔳•敶獲潩卮潣数∽潮卮卸•㸯਍†搼灥潬浹湥⁴㸯਍†搼灥湥敤据⁹楤捳癯牥扡敬∽慦獬≥ാ †㰠敤数摮湥䅴獳浥汢⁹敤数摮湥祣祔数∽湩瑳污≬ാ ††㰠獡敳扭祬摉湥楴祴渠浡㵥䴢捩潲潳瑦圭湩潤獷䤭ⵅㅆ刲獥畯捲獥刮獥畯捲獥•敶獲潩㵮ㄢ⸱⸲㘹〰ㄮ㈸〳•牰捯獥潳䅲捲楨整瑣牵㵥愢摭㐶•慬杮慵敧∽畲刭≕戠極摬祔数∽敲敬獡≥瀠扵楬䭣祥潔敫㵮㌢戱㍦㔸愶㍤㐶㍥∵瘠牥楳湯捓灯㵥渢湯硓≓⼠ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹਍⼼獡敳扭祬>. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (12/31/2017 06:14:14 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
 
Error: (12/31/2017 05:43:32 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (12/31/2017 05:32:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 㼼浸敶獲潩㵮ㄢ〮•湥潣楤杮∽瑵ⵦ∸㸿਍愼獳浥汢⁹浸湬㵳產湲猺档浥獡洭捩潲潳瑦挭浯愺浳瘮∳洠湡晩獥噴牥楳湯∽⸱∰ാ 㰠獡敳扭祬摉湥楴祴渠浡㵥㠢慥昸㤴㌷㤹攳㉤㈶晡㙡摣挰搹㤳㤴≢瘠牥楳湯∽ㄱ㈮㤮〶⸰㠱㌲∰瀠潲散獳牯牁档瑩捥畴敲∽浡㙤∴氠湡畧条㵥渢略牴污•畢汩呤灹㵥爢汥慥敳•異汢捩敋呹歯湥∽ㄳ晢㠳㘵摡㘳攴㔳•敶獲潩卮潣数∽潮卮卸•㸯਍†搼灥潬浹湥⁴㸯਍†搼灥湥敤据⁹楤捳癯牥扡敬∽慦獬≥ാ †㰠敤数摮湥䅴獳浥汢⁹敤数摮湥祣祔数∽湩瑳污≬ാ ††㰠獡敳扭祬摉湥楴祴渠浡㵥䴢捩潲潳瑦圭湩潤獷䤭ⵅㅆ刲獥畯捲獥刮獥畯捲獥•敶獲潩㵮ㄢ⸱⸲㘹〰ㄮ㈸〳•牰捯獥潳䅲捲楨整瑣牵㵥愢摭㐶•慬杮慵敧∽畲刭≕戠極摬祔数∽敲敬獡≥瀠扵楬䭣祥潔敫㵮㌢戱㍦㔸愶㍤㐶㍥∵瘠牥楳湯捓灯㵥渢湯硓≓⼠ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹਍⼼獡敳扭祬>. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (12/31/2017 05:32:11 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0
 
Error: (12/31/2017 05:29:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/31/2017 04:46:32 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (12/31/2017 04:11:32 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (12/31/2017 07:07:16 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/31/2017 07:06:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 48%
Total physical RAM: 8173.86 MB
Available physical RAM: 4217.93 MB
Total Virtual: 16345.9 MB
Available Virtual: 12000.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:632.02 GB) (Free:95.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6BD54EBF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=632 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=65.2 GB) - (Type=17)
 
==================== End of Addition.txt ============================
Again, thanks for helping.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 31 December 2017 - 07:36 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as RunMe.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, right click on the RunMe.bat file and select run as administrator. Post the resulting report.

 

@echo Off
cd /d %~dp0
Color 1F
fltmc instances >Report.txt
Dir /a C:\Windows\System32\Drivers >>Report.txt
Reg query "HKLM\SYSTEM\Select" >>Report.txt
Start Report.txt
Exit

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 marko_empire

marko_empire
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 January 2018 - 01:47 PM

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
MBAMProtector         \Device\Mup                             328800       MBAMProtector Instance     0    
MBAMProtector         C:                                      328800       MBAMProtector Instance     0    
MBAMProtector                                                 328800       MBAMProtector Instance     0    
MpFilter              \Device\Mup                             328000       MpFilter Instance        0    
MpFilter              C:                                      328000       MpFilter Instance        0    
MpFilter                                                      328000       MpFilter Instance        0    
luafv                 C:                                      135000       luafv                    0    
udiskMgr              C:                                       45888       udiskMgr Instance        0    
udiskMgr                                                       45888       udiskMgr Instance        0    
mezxowi               \Device\Mup                              45666       mezxowi Instance         0    
mezxowi               C:                                       45666       mezxowi Instance         0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
 Volume in drive C has no label.
 Volume Serial Number is C41B-95D7
 
 Directory of C:\Windows\System32\Drivers
 
01/01/2018  12:58    <DIR>          .
01/01/2018  12:58    <DIR>          ..
07/13/2009  19:06            68,096 1394bus.sys
04/20/2014  21:16           229,888 1394ohci.sys
04/20/2014  21:16           334,208 acpi.sys
04/20/2014  21:16            12,800 acpipmi.sys
07/13/2009  20:52           491,088 adp94xx.sys
07/13/2009  20:52           339,536 adpahci.sys
07/13/2009  20:52           182,864 adpu320.sys
10/13/2015  11:41           497,664 afd.sys
07/13/2009  19:10            60,416 agilevpn.sys
07/13/2009  20:52            61,008 AGP440.sys
07/13/2009  20:52            15,440 aliide.sys
07/13/2009  20:52            15,440 amdide.sys
07/13/2009  18:19            64,512 amdk8.sys
07/13/2009  18:19            60,928 amdppm.sys
03/11/2011  01:41           107,904 amdsata.sys
07/13/2009  20:52           194,128 amdsbs.sys
03/11/2011  01:41            27,008 amdxata.sys
09/09/2016  12:51            62,464 appid.sys
07/13/2009  20:52            87,632 arc.sys
07/13/2009  20:52            97,856 arcsas.sys
07/13/2009  19:10            23,040 asyncmac.sys
07/13/2009  20:52            24,128 atapi.sys
08/04/2013  21:25           155,584 ataport.sys
10/20/2010  19:11           246,804 AtherosBT.bin
08/25/2013  20:22         4,017,664 athrx.sys
06/10/2009  15:34           270,848 b57nd60a.sys
07/13/2009  20:52            28,240 battc.sys
07/13/2009  19:00             6,656 beep.sys
07/13/2009  18:35            45,056 blbdrive.sys
02/22/2011  23:55            90,624 bowser.sys
06/10/2009  15:41            18,432 BrFiltLo.sys
06/10/2009  15:41             8,704 BrFiltUp.sys
07/13/2009  20:01            95,232 bridge.sys
07/13/2009  20:19           286,720 BrSerId.sys
06/10/2009  15:41            47,104 BrSerWdm.sys
06/10/2009  15:41            14,976 BrUsbMdm.sys
06/10/2009  15:41            14,720 BrUsbSer.sys
10/18/2010  13:14            42,096 btfilter.sys
07/13/2009  19:06            41,984 bthenum.sys
07/13/2009  19:06            72,192 bthmodem.sys
07/13/2009  19:07           118,784 bthpan.sys
07/06/2012  15:07           552,960 bthport.sys
04/27/2011  22:54            80,384 BTHUSB.SYS
06/10/2009  15:34           468,480 bxvbda.sys
07/13/2009  18:19            92,160 cdfs.sys
04/20/2014  21:16           147,456 cdrom.sys
01/04/2011  13:02         1,577,088 CHDRT64.sys
07/13/2009  19:06            45,568 circlass.sys
04/20/2014  21:17           179,072 Classpnp.sys
07/13/2009  18:31            17,664 CmBatt.sys
07/13/2009  20:52            17,488 cmdide.sys
05/12/2016  08:05           459,640 cng.sys
07/13/2009  20:52            21,584 compbatt.sys
04/20/2014  21:16            38,912 CompositeBus.sys
07/13/2009  20:47            39,504 crashdmp.sys
07/13/2009  20:47            24,144 crcdisk.sys
04/20/2014  21:17           514,560 csc.sys
12/04/2017  20:06            45,640 dbx-canary.sys
12/04/2017  20:06            45,672 dbx-dev.sys
12/04/2017  20:06            45,640 dbx-stable.sys
09/08/2016  09:55           106,496 dfsc.sys
07/13/2009  18:37            40,448 discache.sys
07/13/2009  20:47            73,280 disk.sys
02/03/2014  21:35            27,584 Diskdump.sys
04/20/2014  21:16            71,168 dmvsc.sys
07/13/2009  20:01           116,224 drmk.sys
07/13/2009  19:06             5,632 drmkaud.sys
07/13/2009  20:47            28,736 Dumpata.sys
07/13/2009  20:43            55,128 dumpfve.sys
07/13/2009  18:38            16,896 dxapi.sys
07/13/2009  18:38            98,816 dxg.sys
04/09/2016  02:01           986,344 dxgkrnl.sys
04/09/2016  02:01           264,936 dxgmms1.sys
07/13/2009  20:47           530,496 elxstor.sys
10/18/2015  20:25    <DIR>          en-US
07/13/2009  18:31             9,728 errdev.sys
03/23/2016  22:21            22,704 EsgScanner.sys
06/17/2016  14:24    <DIR>          etc
06/10/2009  15:34         3,286,016 evbda.sys
07/13/2009  18:23           195,072 exfat.sys
07/13/2009  18:23           204,800 fastfat.sys
07/13/2009  19:00            29,696 fdc.sys
07/13/2009  20:47            70,224 fileinfo.sys
07/13/2009  18:25            34,304 filetrace.sys
07/13/2009  19:00            24,576 flpydisk.sys
04/20/2014  21:17           289,664 fltMgr.sys
07/13/2009  20:47            55,376 fsdepends.sys
03/31/2014  20:06            58,056 fssfltr.sys
03/01/2012  01:46            23,408 fs_rec.sys
01/24/2013  01:01           223,752 fvevol.sys
04/04/2014  21:47           288,192 FWPKCLNT.SYS
07/13/2009  20:47            65,088 GAGP30KX.SYS
10/03/2012  15:14            33,240 GEARAspiWDM.sys
06/10/2009  15:30         3,440,660 gm.dls
06/10/2009  15:30               646 gmreadme.txt
05/22/2015  08:03            55,488 hcmon.sys
06/10/2009  15:31            31,232 hcw85cir.sys
04/20/2014  21:16           122,368 hdaudbus.sys
04/20/2014  21:16           350,208 HdAudio.sys
10/19/2010  22:34            56,344 HECIx64.sys
07/13/2009  18:31            26,624 hidbatt.sys
07/13/2009  19:06           100,864 hidbth.sys
07/02/2013  23:05            76,800 hidclass.sys
07/13/2009  19:06            46,592 hidir.sys
07/02/2013  23:05            32,896 hidparse.sys
04/20/2014  21:16            30,208 hidusb.sys
04/20/2014  21:16            78,720 HpSAMD.sys
02/24/2015  22:18           754,688 http.sys
04/20/2014  21:17            14,720 hwpolicy.sys
07/13/2009  18:19           105,472 i8042prt.sys
03/11/2011  01:41           410,496 iaStorV.sys
07/13/2009  20:48            44,112 iirsp.sys
07/13/2009  20:48            16,960 intelide.sys
07/13/2009  18:19            62,464 intelppm.sys
04/20/2014  21:17            82,944 ipfltdrv.sys
04/20/2014  21:16            78,848 IPMIDrv.sys
07/13/2009  19:10           116,224 ipnat.sys
07/13/2009  19:09           120,320 irda.sys
07/13/2009  19:08            17,920 irenum.sys
07/13/2009  20:48            20,544 isapnp.sys
07/13/2009  20:48            50,768 kbdclass.sys
04/20/2014  21:16            33,280 kbdhid.sys
04/20/2014  21:17           243,712 ks.sys
09/12/2016  16:13            95,464 ksecdd.sys
09/12/2016  16:13           154,856 ksecpkg.sys
07/13/2009  19:00            20,992 ksthunk.sys
07/13/2009  19:08            60,928 lltdio.sys
07/13/2009  20:48           114,752 lsi_fc.sys
07/13/2009  20:48           106,560 lsi_sas.sys
07/13/2009  20:48            65,600 lsi_sas2.sys
07/13/2009  20:48           115,776 lsi_scsi.sys
07/13/2009  18:26           113,152 luafv.sys
10/05/2015  08:50            25,816 mbam.sys
10/05/2015  08:50           109,272 mbamchameleon.sys
07/22/2016  16:44           192,216 MBAMSwissArmy.sys
07/13/2009  19:01            22,016 mcd.sys
07/13/2009  20:48            35,392 megasas.sys
07/13/2009  20:48           284,736 MegaSR.sys
10/28/2010  11:22            30,895 Mixer.ini
07/13/2009  19:10            40,448 modem.sys
07/13/2009  18:38            30,208 monitor.sys
07/13/2009  20:48            49,216 mouclass.sys
07/13/2009  19:00            31,232 mouhid.sys
06/14/2016  12:21            94,440 mountmgr.sys
08/25/2016  09:46           295,000 MpFilter.sys
04/20/2014  21:16           155,008 mpio.sys
07/13/2009  19:08            77,312 mpsdrv.sys
09/08/2016  09:55           142,336 mrxdav.sys
09/12/2016  15:32           159,744 mrxsmb.sys
09/12/2016  15:32           291,328 mrxsmb10.sys
09/12/2016  15:32           129,536 mrxsmb20.sys
04/20/2014  21:16            31,104 msahci.sys
04/20/2014  21:16           140,672 msdsm.sys
07/13/2009  18:19            26,112 msfs.sys
11/28/2012  17:56                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
06/02/2012  09:57                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
05/31/2017  21:30                 0 Msft_Kernel_netaapl64_01009.Wdf
09/04/2017  15:12                 0 Msft_Kernel_tiehdusb_01011.Wdf
05/04/2015  23:07                 0 Msft_User_WpdFs_01_09_00.Wdf
05/16/2015  19:30                 0 Msft_User_WpdMtpDr_01_09_00.Wdf
09/24/2015  17:10                 0 Msft_User_WpdRapi2_01_00_00.Wdf
07/13/2009  19:06             8,192 mshidkmdf.sys
07/13/2009  20:48            15,424 msisadrv.sys
02/03/2014  21:35           274,880 msiscsi.sys
07/13/2009  19:00            11,136 mskssrv.sys
07/13/2009  19:00             7,168 mspclock.sys
07/13/2009  19:00             6,784 mspqm.sys
04/20/2014  21:17           366,976 msrpc.sys
07/13/2009  20:48            32,320 mssmbios.sys
07/13/2009  19:00             8,064 mstee.sys
07/13/2009  19:02            15,360 MTConfig.sys
07/13/2009  20:48            60,496 mup.sys
10/05/2015  08:50            63,704 mwac.sys
10/12/2015  23:57           950,720 ndis.sys
07/13/2009  19:08            35,328 ndiscap.sys
07/13/2009  19:10            24,064 ndistapi.sys
04/20/2014  21:17            56,832 ndisuio.sys
04/20/2014  21:17           164,352 ndiswan.sys
04/20/2014  21:17            57,856 ndproxy.sys
08/15/2014  21:13            23,040 netaapl64.sys
07/13/2009  19:09            44,544 netbios.sys
05/11/2016  09:58           262,144 netbt.sys
11/26/2013  06:40           376,768 netio.sys
07/13/2009  20:48            51,264 nfrd960.sys
08/25/2016  09:46           135,928 NisDrvWFP.sys
08/02/2015  10:41            36,600 npf.sys
07/13/2009  18:19            44,032 npfs.sys
07/13/2009  18:21            24,576 nsiproxy.sys
01/23/2014  21:37         1,684,928 ntfs.sys
07/13/2009  18:19             6,144 null.sys
02/10/2011  13:52            82,432 nusb3hub.sys
02/10/2011  13:52           181,760 nusb3xhc.sys
11/27/2015  10:01           214,168 nvhda64v.sys
05/20/2014  03:44        12,688,328 nvlddmkm.sys
03/11/2011  01:41           148,352 nvraid.sys
03/11/2011  01:41           166,272 nvstor.sys
03/31/2014  17:42            40,392 nvvad64v.sys
07/13/2009  20:48           122,960 NV_AGP.SYS
07/13/2009  19:07           318,976 nwifi.sys
07/13/2009  19:06            72,832 ohci1394.sys
04/20/2014  21:17           131,584 pacer.sys
07/13/2009  19:00            97,280 parport.sys
03/17/2012  02:58            75,120 partmgr.sys
04/20/2014  21:16           184,704 pci.sys
07/13/2009  20:45            12,352 pciide.sys
07/13/2009  20:45            48,720 pciidex.sys
07/13/2009  20:45           220,752 pcmcia.sys
07/13/2009  20:45            50,768 pcw.sys
06/14/2016  12:11           663,552 PEAuth.sys
07/13/2009  19:06           230,400 portcls.sys
07/13/2009  18:19            60,416 processr.sys
07/13/2009  20:45         1,524,816 ql2300.sys
07/13/2009  20:45           128,592 ql40xx.sys
07/13/2009  19:09            46,592 qwavedrv.sys
07/13/2009  19:10            14,848 rasacd.sys
04/20/2014  21:17           129,536 rasl2tp.sys
07/13/2009  19:10            92,672 raspppoe.sys
04/20/2014  21:17           111,104 raspptp.sys
07/13/2009  19:10            83,968 rassstp.sys
04/20/2014  21:17           309,248 rdbss.sys
07/13/2009  19:17            24,064 rdpbus.sys
07/13/2009  19:16             7,680 RDPCDD.sys
04/20/2014  21:18           165,888 rdpdr.sys
07/13/2009  19:16             7,680 RDPENCDD.sys
07/13/2009  19:16             8,192 RDPREFMP.sys
08/23/2012  09:10            19,456 rdpvideominiport.sys
07/16/2014  20:21           212,480 rdpwd.sys
04/20/2014  21:17           213,888 rdyboost.sys
07/13/2009  19:06           158,720 rfcomm.sys
11/05/2015  04:53           146,944 rmcast.sys
07/04/2012  15:26            41,472 RNDISMP.sys
07/13/2009  19:10            11,264 rootmdm.sys
07/13/2009  19:08            76,800 rspndr.sys
04/20/2014  21:16           103,808 sbp2port.sys
04/07/2015  21:01           127,760 scdemu.sys
04/20/2014  21:17            29,696 scfilter.sys
04/20/2014  21:17           171,392 scsiport.sys
06/10/2009  15:37            23,040 secdrv.sys
07/13/2009  19:00            23,552 serenum.sys
07/13/2009  19:00            94,208 serial.sys
07/13/2009  19:00            26,624 sermouse.sys
07/13/2009  19:01            14,336 sffdisk.sys
07/13/2009  19:01            13,824 sffp_mmc.sys
04/20/2014  21:16            14,336 sffp_sd.sys
07/13/2009  19:01            16,896 sfloppy.sys
07/13/2009  20:45            43,584 sisraid2.sys
07/13/2009  20:45            80,464 sisraid4.sys
07/13/2009  19:09            93,184 smb.sys
07/13/2009  19:00            20,992 smclib.sys
07/13/2009  20:45            19,008 spldr.sys
06/10/2009  15:48           426,496 spsys.sys
08/12/2016  11:26           464,896 srv.sys
08/12/2016  11:26           405,504 srv2.sys
08/12/2016  11:26           168,960 srvnet.sys
07/13/2009  20:45            24,656 stexstor.sys
02/03/2014  21:35           190,912 storport.sys
04/20/2014  21:16            34,688 storvsc.sys
04/10/2015  22:19            69,888 stream.sys
07/13/2009  20:45            12,496 swenum.sys
04/20/2014  21:16            88,960 Synth3dVsc.sys
07/13/2009  19:01            29,184 tape.sys
04/21/2017  03:16            45,560 tapwindscribe0901.sys
04/04/2014  21:47         1,903,552 tcpip.sys
10/03/2012  11:07            45,568 tcpipreg.sys
04/20/2014  21:17            26,624 tdi.sys
07/13/2009  19:16            15,872 tdpipe.sys
02/16/2012  23:57            23,552 tdtcp.sys
10/13/2015  11:40           118,272 tdx.sys
04/20/2014  21:16            63,360 termdd.sys
08/23/2012  09:12            29,696 terminpt.sys
07/12/2016  17:34            38,664 tiehdusb.sys
08/05/2015  12:06            39,936 tssecsrv.sys
10/01/2013  21:22            56,832 TsUsbFlt.sys
08/23/2012  09:08            30,208 TsUsbGD.sys
04/20/2014  21:16           117,248 tsusbhub.sys
04/20/2014  21:17           125,440 tunnel.sys
11/09/2007  04:00            26,968 TVALZ_O.SYS
07/13/2009  20:45            64,080 UAGP35.SYS
04/20/2014  21:17           328,192 udfs.sys
07/13/2009  20:45            64,592 ULIAGPKX.SYS
04/20/2014  21:16            48,640 umbus.sys
09/24/2015  17:10    <DIR>          UMDF
07/13/2009  19:06             9,728 umpass.sys
12/31/2017  19:42           142,160 upbosvyb.sys
02/11/2013  23:12            19,968 usb8023.sys
06/10/2015  22:08            54,784 usbaapl64.sys
07/12/2013  05:40           109,824 USBAUDIO.sys
04/20/2014  21:17            32,896 USBCAMD2.sys
11/26/2013  20:41            99,840 usbccgp.sys
07/12/2013  05:41           100,864 usbcir.sys
11/26/2013  20:41             7,808 usbd.sys
11/26/2013  20:41            53,248 usbehci.sys
11/26/2013  20:41           343,040 usbhub.sys
11/26/2013  20:41            25,600 usbohci.sys
11/26/2013  20:41           325,120 usbport.sys
07/13/2009  19:38            25,088 usbprint.sys
04/20/2014  21:17            31,744 usbrpm.sys
02/03/2016  13:07            91,648 USBSTOR.SYS
11/26/2013  20:41            30,720 usbuhci.sys
07/12/2013  05:41           185,344 usbvideo.sys
05/13/2015  16:11           922,704 VBoxDrv.sys
05/13/2015  16:10           141,440 VBoxNetAdp.sys
05/13/2015  16:10           156,360 VBoxNetFlt.sys
05/13/2015  16:10           128,592 VBoxUSBMon.sys
07/13/2009  20:45            36,432 vdrvroot.sys
07/13/2009  18:38            29,184 vga.sys
07/13/2009  18:38            29,184 vgapnp.sys
04/20/2014  21:16           215,936 vhdmp.sys
07/13/2009  20:45            17,488 viaide.sys
07/13/2009  18:38           129,024 videoprt.sys
04/20/2014  21:16           199,552 vmbus.sys
04/20/2014  21:16            21,760 VMBusHID.sys
05/21/2015  17:35            85,584 vmci.sys
05/07/2015  20:32           294,232 VMM.sys
05/31/2015  07:58            27,328 vmnet.sys
05/31/2015  07:58            28,864 vmnetadapter.sys
05/31/2015  07:58            48,832 vmnetbridge.sys
01/29/2007  05:20            79,760 VMNetSrv.sys
05/31/2015  07:59            26,816 vmnetuserif.sys
04/20/2014  21:16             6,656 vms3cap.sys
04/20/2014  21:16            46,464 vmstorfl.sys
05/31/2015  07:59            66,752 vmx86.sys
04/20/2014  21:16            71,552 volmgr.sys
04/20/2014  21:17           363,392 volmgrx.sys
04/20/2014  21:16           295,808 volsnap.sys
07/13/2009  20:45           161,872 vsmraid.sys
05/21/2015  17:36            76,480 vsock.sys
07/13/2009  19:07            24,576 vwifibus.sys
07/13/2009  19:07            59,904 vwififlt.sys
07/13/2009  19:07            17,920 vwifimp.sys
07/13/2009  19:02            27,776 wacompen.sys
04/20/2014  21:17            88,576 wanarp.sys
07/13/2009  18:37            42,496 watchdog.sys
07/13/2009  20:45            21,056 wd.sys
06/25/2013  17:55           785,624 Wdf01000.sys
11/28/2012  17:56            54,376 WdfLdr.sys
07/13/2009  19:09            12,800 wfplwf.sys
07/13/2009  20:45            22,096 wimmount.sys
04/20/2014  21:16            52,096 winhv.sys
04/20/2014  21:16            41,984 winusb.sys
07/13/2009  18:31            14,336 wmiacpi.sys
07/13/2009  20:45            16,464 wmilib.sys
07/13/2009  19:10            21,504 ws2ifsl.sys
07/25/2012  21:26            87,040 WUDFPf.sys
07/25/2012  21:26           198,656 WUDFRd.sys
             342 File(s)     67,526,011 bytes
               5 Dir(s)  101,425,876,992 bytes free
 
HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x2


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 01 January 2018 - 02:19 PM

We will need to run the fix in the Recovery Environment.
 
:step1:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file [attachment=201024:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for it to complete
  • A log called Fixlog.txt will be saved on your USB Flash Drive. Post it in your next reply
:step2:
 
Upon restart perform these duties:
  • Highlight the entire content of the quote box below.

Start::
CMD: lodctr /r
HKLM-x32\...\Run: [win_en_77] => [X]
FirewallRules: [{5291C430-8A4C-4864-A63D-DBD8F28D5BF0}] => (Allow) LPort=2869
FirewallRules: [{E2702C04-7721-41E1-89CE-AD812E00B211}] => (Allow) LPort=1900
FirewallRules: [{90635882-1CBF-434D-820B-1F71A65C58D3}] => (Allow) LPort=1688
FirewallRules: [{5DBFA78F-76BD-48EE-8C96-3C28B7BAF00C}] => (Allow) LPort=9089
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\Windows\system32\drivers\upbwzcgj.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Task: {3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D} - \PostPoneInstall -> No File <==== ATTENTION
Task: {8D3A66D8-341F-45C4-B70B-05F88A08B6DB} - System32\Tasks\Application Installer Schedualer => C:\Program Files (x86)\Application Installer\ApplicationInstaller.exe <==== ATTENTION
BHO-x32: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
BHO-x32: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CustomCLSID: HKU\S-1-5-21-2086994605-1295704852-2410178858-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Marko\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {1AACB93E-AA97-47F1-BD02-8D2AF2815436} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
Task: {3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D} - \PostPoneInstall -> No File <==== ATTENTION
2015-05-07 16:40 - 2015-05-07 16:40 - 000000000 _____ () C:\Users\Marko\AppData\Local\Temp.dat
2017-12-31 15:53 - 2017-12-31 15:53 - 000106768 _____ (Microsoft Corporation) C:\Users\Marko\AppData\Local\Temp\BACC.tmp.exe
2017-10-27 19:04 - 2017-12-09 21:37 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Marko\AppData\Local\Temp\drm_dyndata_7380014.dll
2017-11-10 20:51 - 2017-12-21 22:08 - 000208896 _____ (Sony DADC Austria AG) C:\Users\Marko\AppData\Local\Temp\drm_dyndata_7410004.dll
2017-12-20 18:24 - 2017-12-20 18:25 - 058804680 _____ (Skype Technologies S.A.) C:\Users\Marko\AppData\Local\Temp\SkypeSetup.exe
Task: {0C403BFC-C073-4B08-821E-DF19EC83D854} - System32\Tasks\{CCA401CC-4269-4392-A042-D8DF1F595C08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YGY50HA\csv14full.exe" -d C:\Users\Marko\Desktop
2015-05-11 16:45 - 2015-05-11 16:45 - 000000000 _____ () C:\Users\Marko\AppData\Roaming\9C3.tmp
2016-03-02 16:23 - 2016-03-02 16:23 - 000000000 ____H () C:\Users\Marko\AppData\Local\BIT6614.tmp
2017-12-31 15:53 - 2017-12-31 15:53 - 000106768 _____ (Microsoft Corporation) C:\Users\Marko\AppData\Local\Temp\BACC.tmp.exe
C:\Windows\system32\Drivers\upb*.sys
C:\Windows\system32\Drivers\ptw*.sys
C:\Windows\system32\Drivers\rdv*.sys
C:\Users\Marko\AppData\Local\niebuwx
C:\Windows\System32\wmoinbdsvc.exe
C:\Users\Marko\AppData\Local\cshvgxo
C:\Users\Marko\AppData\Local\igfxmtc
C:\Windows\system32\wmoinbdsvc.exe
C:\Windows\SysWOW64\sparkwl
C:\Windows\system32\sparkwl
R3 udiskMgr; system32\drivers\ptwzcg.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 marko_empire

marko_empire
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 January 2018 - 03:12 PM

Here are the Frst logs:

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-12-2017
Ran by SYSTEM (01-01-2018 14:36:25) Run:2
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
 
*****************
 
 
==== End of Fixlog 14:36:25 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 01.01.2018
Ran by Marko (01-01-2018 14:45:19) Run:3
Running from C:\Users\Marko\Downloads
Loaded Profiles: Marko (Available Profiles: Marko & Mcx1-MARKO-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: lodctr /r
HKLM-x32\...\Run: [win_en_77] => [X]
FirewallRules: [{5291C430-8A4C-4864-A63D-DBD8F28D5BF0}] => (Allow) LPort=2869
FirewallRules: [{E2702C04-7721-41E1-89CE-AD812E00B211}] => (Allow) LPort=1900
FirewallRules: [{90635882-1CBF-434D-820B-1F71A65C58D3}] => (Allow) LPort=1688
FirewallRules: [{5DBFA78F-76BD-48EE-8C96-3C28B7BAF00C}] => (Allow) LPort=9089
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\Windows\system32\drivers\upbwzcgj.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Task: {3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D} - \PostPoneInstall -> No File <==== ATTENTION
Task: {8D3A66D8-341F-45C4-B70B-05F88A08B6DB} - System32\Tasks\Application Installer Schedualer => C:\Program Files (x86)\Application Installer\ApplicationInstaller.exe <==== ATTENTION
BHO-x32: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File
BHO-x32: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> No File
BHO-x32: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CustomCLSID: HKU\S-1-5-21-2086994605-1295704852-2410178858-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Marko\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {1AACB93E-AA97-47F1-BD02-8D2AF2815436} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
Task: {3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D} - \PostPoneInstall -> No File <==== ATTENTION
2015-05-07 16:40 - 2015-05-07 16:40 - 000000000 _____ () C:\Users\Marko\AppData\Local\Temp.dat
2017-12-31 15:53 - 2017-12-31 15:53 - 000106768 _____ (Microsoft Corporation) C:\Users\Marko\AppData\Local\Temp\BACC.tmp.exe
2017-10-27 19:04 - 2017-12-09 21:37 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Marko\AppData\Local\Temp\drm_dyndata_7380014.dll
2017-11-10 20:51 - 2017-12-21 22:08 - 000208896 _____ (Sony DADC Austria AG) C:\Users\Marko\AppData\Local\Temp\drm_dyndata_7410004.dll
2017-12-20 18:24 - 2017-12-20 18:25 - 058804680 _____ (Skype Technologies S.A.) C:\Users\Marko\AppData\Local\Temp\SkypeSetup.exe
Task: {0C403BFC-C073-4B08-821E-DF19EC83D854} - System32\Tasks\{CCA401CC-4269-4392-A042-D8DF1F595C08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Marko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YGY50HA\csv14full.exe" -d C:\Users\Marko\Desktop
2015-05-11 16:45 - 2015-05-11 16:45 - 000000000 _____ () C:\Users\Marko\AppData\Roaming\9C3.tmp
2016-03-02 16:23 - 2016-03-02 16:23 - 000000000 ____H () C:\Users\Marko\AppData\Local\BIT6614.tmp
2017-12-31 15:53 - 2017-12-31 15:53 - 000106768 _____ (Microsoft Corporation) C:\Users\Marko\AppData\Local\Temp\BACC.tmp.exe
C:\Windows\system32\Drivers\upb*.sys
C:\Windows\system32\Drivers\ptw*.sys
C:\Windows\system32\Drivers\rdv*.sys
C:\Users\Marko\AppData\Local\niebuwx
C:\Windows\System32\wmoinbdsvc.exe
C:\Users\Marko\AppData\Local\cshvgxo
C:\Users\Marko\AppData\Local\igfxmtc
C:\Windows\system32\wmoinbdsvc.exe
C:\Windows\SysWOW64\sparkwl
C:\Windows\system32\sparkwl
R3 udiskMgr; system32\drivers\ptwzcg.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
 
========= lodctr /r =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5291C430-8A4C-4864-A63D-DBD8F28D5BF0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2702C04-7721-41E1-89CE-AD812E00B211}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90635882-1CBF-434D-820B-1F71A65C58D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DBFA78F-76BD-48EE-8C96-3C28B7BAF00C}" => removed successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"C:\Windows\system32\drivers\upbwzcgj.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F3B1741-3850-41E9-B87B-0A1D1D8F5F9D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D3A66D8-341F-45C4-B70B-05F88A08B6DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3A66D8-341F-45C4-B70B-05F88A08B6DB}" => removed successfully
C:\Windows\System32\Tasks\Application Installer Schedualer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Application Installer Schedualer" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} => key not found
"HKLM\Software\Classes\PROTOCOLS\Handler\WSAMVCUchrome" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\WSISVCUchrome" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKU\S-1-5-21-2086994605-1295704852-2410178858-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\###MegaContextMenuExt" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AimersoftVideoConverterFileOpreation" => removed successfully
HKLM\Software\Classes\CLSID\{1AACB93E-AA97-47F1-BD02-8D2AF2815436} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\iSkysoftVideoConverterFileOpreation" => removed successfully
HKLM\Software\Classes\CLSID\{BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt" => removed successfully
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
 
 R e s u l t   o f   s c h e d u l e d   f i l e s   t o   m o v e   ( B o o t   M o d e :   S a f e   M o d e   ( m i n i m a l ) )   ( D a t e & T i m e :   0 1 - 0 1 - 2 0 1 8   1 4 : 5 3 : 4 2 ) 
 
 
 
 
==== End of Fixlog 14:53:42 ====
 
And here are the logs from AdwCleaner
 
# AdwCleaner 7.0.6.0 - Logfile created on Mon Jan 01 20:06:22 2018
# Updated on 2017/21/12 by Malwarebytes 
# Database: 01-01-2018.1
# Running on Windows 7 Enterprise (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\yuna software
PUP.Optional.Legacy, C:\ProgramData\messenger plus! for skype
PUP.Optional.Legacy, C:\ProgramData\Application Data\messenger plus! for skype
PUP.Optional.Legacy, C:\Users\All Users\messenger plus! for skype
PUP.Optional.Legacy, C:\Users\Marko\Documents\messenger plus! for skype
PUP.Optional.Privoxy.PrxySvrRST, C:\Users\Marko\AppData\Local\VirtualStore\Program Files (x86)\Alfasistem Memory
PUP.Adware.Heuristic, C:\ProgramData\329c00d000001e5d
PUP.Adware.Heuristic, C:\ProgramData\693f53cf00001bac
PUP.Adware.Heuristic, C:\ProgramData\81fafd6a00002cea
PUP.Adware.Heuristic, C:\ProgramData\848621360000518a
PUP.Adware.Heuristic, C:\ProgramData\dd9b0e9800004772
PUP.Adware.Heuristic, C:\ProgramData\Service1291
 
 
***** [ Files ] *****
 
PUP.Optional.SpyHunter, C:\Windows\SysNative\drivers\EsgScanner.sys
PUP.Optional.SpyHunter, C:\Windows\SysNative\drivers\EsgScanner.sys
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
PUP.Optional.Legacy, C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - "http:\\esurf.biz\?ssid=1456926373&a=1003478&src=sh&uuid=7e5a8ea8-125c-42fe-b8aa-d12c6f730249"
PUP.Optional.Legacy, C:\Users\Marko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - "http:\\esurf.biz\?ssid=1456926373&a=1003478&src=sh&uuid=7e5a8ea8-125c-42fe-b8aa-d12c6f730249"
 
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Clara
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SecureWebChannel
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\yuna software
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\yuna software
PUP.Optional.Legacy, [Key] - HKCU\Software\yuna software
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SmartDNS
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Tinstalls
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Tinstalls
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\DataHelper
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\PrivoxyService
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Trojan.NetMon, [Key] - HKU\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\NetMon
Trojan.NetMon, [Key] - HKCU\Software\NetMon
PUP.Optional.Spoutly, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
PUP.Optional.ExpressDownloader, [Key] - HKLM\SOFTWARE\SimpleFiles
Adware.TryMedia, [Key] - HKLM\SOFTWARE\Trymedia Systems
Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
PUP.Optional.BrowseFox.A, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 01 January 2018 - 05:19 PM

Please repeat the instructions on post #6. Some of the reports are incomplete. See if you can run a FRST's Scan in WinRE and post the FRST.txt produced.

 

Rather than AdwCleaner, run RogueKiller as follows:

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Edited by JSntgRvr, 01 January 2018 - 05:41 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 marko_empire

marko_empire
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 January 2018 - 08:08 PM

The viruses were found but were not deleted. I highlighted them in red.
RogueKiller V12.11.30.0 (x64) [Dec 26 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Marko [Administrator]
Started from : C:\Users\Marko\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 01/01/2018 17:46:49 (Duration : 01:59:11)
 
¤¤¤ Processes : 6 ¤¤¤
[VT.Unknown] msnmsgr.exe(3672) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[-] -> Found
[Suspicious.Path] cshvgxo.exe(5144) -- C:\Users\Marko\AppData\Local\cshvgxo\cshvgxo.exe[x] -> Found
[Suspicious.Path] igfxmtc.exe(5540) -- C:\Users\Marko\AppData\Local\igfxmtc\igfxmtc.exe[x] -> Found
[Suspicious.Path] dsihekl.exe(4432) -- C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe[x] -> Found
[Suspicious.Path] dsihekl.exe(4988) -- C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe[x] -> Found
[Suspicious.Path] dsihekl.exe(4280) -- C:\Users\Marko\AppData\Local\cshvgxo\dsihekl.exe[x] -> Found
 
¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\WebApp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\WebApp -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsgPlusService ("C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe") -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsgPlusService ("C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe") -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4D936AB4-48BA-4608-BB5D-4347884F6588} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4D936AB4-48BA-4608-BB5D-4347884F6588} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2086994605-1295704852-2410178858-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 12 ¤¤¤
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto -> Found
[PUP.Gen1][File] C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe "http://esurf.biz/?ssid=1456926373&a=1003478&src=sh&uuid=7e5a8ea8-125c-42fe-b8aa-d12c6f730249" -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goat Simulator.lnk [LNK@] C:\PROGRA~2\COFFEE~1\GOATSI~1\redist\GoatGame.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Marko\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto -> Found
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\Coffee Stain Studios\Goat Simulator\redist\GoatGame.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK7575GSX ATA Device +++++
--- User ---
[MBR] 22498e3d9ae6ff0d9aa4442418c759a3
[BSP] ebf1b19d66521206131484144437d356 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1499 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3072000 | Size: 647184 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1328504832 | Size: 66720 MB[Invalid]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Edited by marko_empire, 01 January 2018 - 08:14 PM.


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 01 January 2018 - 10:37 PM

You started with the last first.

Run a scan with Frst in the Recovery Environment.

Then repeat the suggestions on Post no. 6, except for AdwCleaner.

And last, run RogueKiller.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 04 January 2018 - 01:38 PM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 marko_empire

marko_empire
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 04 January 2018 - 01:40 PM

When I try to use FRST in recovery mode, it isn't able to scan my hard drive.

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 04 January 2018 - 01:48 PM

Try FRST 32 bits rather to scan the computer in the recovery environment. Remember, in this case the command is FRST, instead of FRST64.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 05 January 2018 - 07:15 PM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:34 AM

Posted 10 January 2018 - 04:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users