Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad window pop-up every half hour or so and CMD downloading unknown virus files


  • This topic is locked This topic is locked
4 replies to this topic

#1 aryan99

aryan99

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 01 January 2018 - 03:27 PM

Hey so I got a virus called Mail.Ru which put a lot of malware programs and extensions on my google chrome. I was able to remove most of them using malware-bytes software. However every-time I start up my computer I CMD opening and saying it's downloading files. Also every half an hour or so my google chrome will open with an advertisement.  Any help would be very much appreciated! Thank you for taking the time to read this.

 

I found a thread here posted recently with a similar solution. So i followed the first few steps and downloaded the FRST scan tool. I clicked on scan and and below I posted the Addition.txt files:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2018

Ran by Aryan (administrator) on ARYAN-PC (01-01-2018 15:24:39)
Running from C:\Users\Aryan\Downloads
Loaded Profiles: Aryan (Available Profiles: Aryan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(BitTorrent Inc.) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
(f.lux Software LLC) C:\Users\Aryan\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(BitTorrent Inc.) C:\Users\Aryan\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(BitTorrent Inc.) C:\Users\Aryan\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\Run: [uTorrent] => C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\Run: [f.lux] => C:\Users\Aryan\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {2f250737-b89d-11e5-8779-d8cb8a5e7e21} - V:\autorun.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {ae204b78-b942-11e5-a774-d8cb8a5e7e21} - V:\Autorun.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {c078b3a2-ba30-11e5-b5b8-d8cb8a5e7e21} - V:\autorun.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {c43f6b89-85a4-11e6-b653-d8cb8a5e7e21} - V:\setup.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {e8e4ab63-b95f-11e5-bcbe-d8cb8a5e7e21} - V:\autorun.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {e8e4ab65-b95f-11e5-bcbe-d8cb8a5e7e21} - W:\Autorun.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {e8e4ab81-b95f-11e5-bcbe-d8cb8a5e7e21} - V:\Autorun.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {e96663bb-619b-11e6-b77f-d8cb8a5e7e21} - V:\setup.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {f31552b4-ee73-11e7-8c5e-d8cb8a5e7e21} - V:\stp-fifa18.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {f6f3376b-e9a8-11e7-a1a9-d8cb8a5e7e21} - V:\setup.exe
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\MountPoints2: {f917fcca-050a-11e7-b59f-d8cb8a5e7e21} - V:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-04]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-11-22]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-10-09]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4B4E12FC-851B-4395-9EB7-EB7E18CDA546}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D7254C7B-2BE3-471B-8F9E-EBA386902097}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F183C61E-95A4-4D0B-852D-146697D52875}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKU\S-1-5-21-1760868093-3625543798-1474462981-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-1760868093-3625543798-1474462981-1000 -> {F87BE18B-BDD3-4E1D-98D8-48D2B6F9740E} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1760868093-3625543798-1474462981-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1760868093-3625543798-1474462981-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\Aryan\AppData\Local\Google\Chrome\User Data\Default [2018-01-01]
CHR Extension: (No Name) - C:\Users\Aryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi [2017-12-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-01]
CHR Extension: (Chrome Media Router) - C:\Users\Aryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-04-24] (Advanced Micro Devices) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-07-10] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-04-24] (Advanced Micro Devices)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [143928 2015-09-16] (Rivet Networks, LLC.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-03-24] (Echobit, LLC)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [125488 2015-03-18] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-01] (Malwarebytes)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [45928 2017-06-29] (SteelSeries ApS)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-01 15:09 - 2018-01-01 15:24 - 000014213 _____ C:\Users\Aryan\Downloads\FRST.txt
2018-01-01 15:09 - 2018-01-01 15:10 - 000054304 _____ C:\Users\Aryan\Downloads\Addition.txt
2018-01-01 15:07 - 2018-01-01 15:24 - 000000000 ____D C:\FRST
2018-01-01 15:07 - 2018-01-01 15:07 - 002393088 _____ (Farbar) C:\Users\Aryan\Downloads\FRST64.exe
2017-12-31 18:47 - 2017-12-31 19:10 - 000000000 ____D C:\Users\Aryan\Documents\FIFA 18
2017-12-31 18:30 - 2017-12-31 18:30 - 000000784 _____ C:\Users\Public\Desktop\FIFA18.lnk
2017-12-31 18:30 - 2017-12-31 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA18
2017-12-31 18:13 - 2017-12-31 18:33 - 000000000 ____D C:\Program Files\FIFA18
2017-12-31 18:12 - 2017-12-31 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2017-12-31 18:12 - 2017-12-31 18:12 - 000000000 ____D C:\Program Files (x86)\WinCDEmu
2017-12-31 18:11 - 2017-12-31 18:11 - 001697808 _____ (Sysprogs OU) C:\Users\Aryan\Downloads\WinCDEmu-4.1.exe
2017-12-31 17:59 - 2017-12-31 17:59 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-31 17:59 - 2017-12-31 17:59 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-31 17:58 - 2017-12-31 17:58 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-31 17:58 - 2017-12-31 17:58 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-31 16:43 - 2017-12-31 16:45 - 000000000 ____D C:\AdwCleaner
2017-12-31 16:41 - 2017-12-31 16:42 - 008198432 _____ (Malwarebytes) C:\Users\Aryan\Downloads\adwcleaner_7.0.6.0.exe
2017-12-31 16:35 - 2017-12-31 16:35 - 000000000 ____D C:\Users\Aryan\AppData\Roaming\Google
2017-12-31 13:04 - 2017-12-31 14:03 - 000000000 ____D C:\Users\Aryan\Downloads\FIFA.18-STEAMPUNKS
2017-12-30 16:13 - 2018-01-01 14:49 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-30 16:13 - 2018-01-01 14:49 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-30 16:13 - 2018-01-01 14:49 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-30 16:13 - 2017-12-30 16:13 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-30 16:13 - 2017-12-30 16:13 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-30 16:13 - 2017-12-30 16:13 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-30 16:13 - 2017-12-30 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-30 16:13 - 2017-12-30 16:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-30 16:13 - 2017-12-30 16:13 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-30 16:13 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-30 16:12 - 2017-12-30 16:12 - 083316440 _____ (Malwarebytes ) C:\Users\Aryan\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-30 15:05 - 2017-12-30 15:05 - 000000000 ____D C:\Users\Aryan\AppData\LocalLow\Unity
2017-12-30 15:05 - 2017-12-30 15:05 - 000000000 ____D C:\Users\Aryan\AppData\Local\Unity
2017-12-30 15:02 - 2018-01-01 14:51 - 000003470 _____ C:\Windows\System32\Tasks\SGEyVAu
2017-12-30 15:02 - 2017-12-30 15:02 - 000003594 _____ C:\Windows\System32\Tasks\hoYMUYuOuI
2017-12-30 15:02 - 2017-12-30 15:02 - 000003238 _____ C:\Windows\System32\Tasks\IPeIU
2017-12-30 15:02 - 2017-12-30 15:02 - 000000001 _____ C:\Users\Aryan\AppData\Local\WMI.ini
2017-12-30 15:02 - 2016-11-09 10:55 - 000073216 _____ (Microsoft Corporation) C:\Users\Aryan\aXiqd.exe
2017-12-30 15:02 - 2010-11-20 22:24 - 000186368 _____ (Microsoft Corporation) C:\Users\Aryan\AppData\Roaming\JBuUpjAPo.exe
2017-12-30 15:02 - 2009-07-13 20:14 - 000000073 _____ C:\Windows\UuEWUUKT
2017-12-30 15:01 - 2017-12-30 15:01 - 000003600 _____ C:\Windows\System32\Tasks\bltopncomhohoj
2017-12-28 17:27 - 2018-01-01 14:49 - 000000000 ____D C:\Users\Aryan\AppData\LocalLow\uTorrent
2017-12-26 13:26 - 2017-12-26 13:26 - 000000222 _____ C:\Users\Aryan\Desktop\Grand Theft Auto V.url
2017-12-25 16:39 - 2017-12-25 16:39 - 000000219 _____ C:\Users\Aryan\Desktop\Counter-Strike Global Offensive.url
2017-12-25 13:01 - 2017-12-25 13:01 - 000000220 _____ C:\Users\Aryan\Desktop\Garry's Mod.url
2017-12-25 12:56 - 2018-01-01 14:50 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-25 12:56 - 2017-12-25 12:56 - 000000967 _____ C:\Users\Public\Desktop\Steam.lnk
2017-12-25 12:56 - 2017-12-25 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-25 12:55 - 2017-12-25 12:55 - 001446792 _____ C:\Users\Aryan\Downloads\SteamSetup.exe
2017-12-22 21:03 - 2017-12-22 21:03 - 000001973 _____ C:\Users\Public\Desktop\The Witcher 3 - Wild Hunt.lnk
2017-12-22 21:03 - 2017-12-22 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-12-22 20:43 - 2017-12-22 20:43 - 000000000 ____D C:\GOG Games
2017-12-19 19:33 - 2017-12-30 15:47 - 000000052 _____ C:\Users\Aryan\Desktop\staples.txt
2017-12-12 18:21 - 2017-11-16 23:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-12 18:21 - 2017-11-14 20:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-12 18:21 - 2017-11-14 19:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-12 18:21 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-12 18:21 - 2017-11-13 22:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-12 18:21 - 2017-11-13 22:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-12 18:21 - 2017-11-13 22:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-12 18:21 - 2017-11-13 22:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-12 18:21 - 2017-11-13 22:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-12 18:21 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-12 18:21 - 2017-11-13 22:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-12 18:21 - 2017-11-13 22:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-12 18:21 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-12 18:21 - 2017-11-13 22:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-12 18:21 - 2017-11-13 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-12 18:21 - 2017-11-13 22:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-12 18:21 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-12 18:21 - 2017-11-13 22:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-12 18:21 - 2017-11-13 22:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-12 18:21 - 2017-11-13 22:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-12 18:21 - 2017-11-13 22:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-12 18:21 - 2017-11-13 22:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-12 18:21 - 2017-11-13 22:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-12 18:21 - 2017-11-13 22:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-12 18:21 - 2017-11-13 22:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-12 18:21 - 2017-11-13 22:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-12 18:21 - 2017-11-13 22:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-12 18:21 - 2017-11-13 22:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-12 18:21 - 2017-11-13 21:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-12 18:21 - 2017-11-13 21:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-12 18:21 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-12 18:21 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-12 18:21 - 2017-11-13 21:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-12 18:21 - 2017-11-13 21:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-12 18:21 - 2017-11-13 21:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-12 18:21 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-12 18:21 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-12 18:21 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-12 18:21 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-12 18:21 - 2017-11-13 20:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-12 18:21 - 2017-11-13 20:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-12 18:21 - 2017-11-13 20:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-12 18:21 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-12 18:21 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-12 18:21 - 2017-11-13 19:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-12 18:21 - 2017-11-07 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-12 18:21 - 2017-11-07 15:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-12 18:21 - 2017-11-07 15:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-12 18:21 - 2017-11-07 15:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-12 18:21 - 2017-11-07 15:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-12 18:21 - 2017-11-07 15:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-12 18:21 - 2017-11-07 15:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-12 18:21 - 2017-11-07 15:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-12 18:21 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-12 18:21 - 2017-11-07 15:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-12 18:21 - 2017-11-07 15:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-12 18:21 - 2017-11-07 15:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-12 18:21 - 2017-11-07 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-12 18:21 - 2017-11-07 15:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-12 18:21 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-12 18:21 - 2017-11-07 15:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-12 18:21 - 2017-11-07 15:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-12 18:21 - 2017-11-07 15:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-12 18:21 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-12 18:21 - 2017-11-07 15:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-12 18:21 - 2017-11-07 15:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-12 18:21 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-12 18:21 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-12 18:21 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-12 18:21 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-12 18:21 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-12 18:21 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-12 18:21 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-12 18:21 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-12 18:21 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-12 18:21 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-12 18:21 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-12 18:21 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-12 18:21 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-12 18:21 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-12 18:21 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-12 18:21 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-12 18:21 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-12 18:21 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-12 18:21 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-12 18:21 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-09 14:53 - 2017-12-09 14:53 - 000000035 _____ C:\Users\Aryan\Desktop\games.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-01 15:24 - 2015-08-15 22:29 - 000000000 ____D C:\Users\Aryan\AppData\Roaming\uTorrent
2018-01-01 14:54 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-01 14:53 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-01 14:48 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-01 14:47 - 2015-08-17 14:48 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-01 14:46 - 2009-07-13 23:45 - 000026112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-01 14:46 - 2009-07-13 23:45 - 000026112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-31 18:32 - 2015-08-15 20:35 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-31 17:59 - 2015-08-15 09:13 - 000000000 ____D C:\Users\Aryan\AppData\Local\Google
2017-12-31 17:58 - 2015-08-15 12:59 - 000000000 ____D C:\Users\Aryan\AppData\Local\Deployment
2017-12-31 17:58 - 2015-08-15 09:13 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-31 17:57 - 2015-08-15 11:21 - 000001417 _____ C:\Users\Aryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-30 16:21 - 2015-08-15 09:26 - 000000000 ____D C:\Program Files (x86)\Windows Loader
2017-12-30 15:45 - 2015-10-11 21:22 - 000000000 ____D C:\Users\Aryan\Documents\Telltale Games
2017-12-30 15:02 - 2015-09-06 20:14 - 000000400 __RSH C:\ProgramData\ntuser.pol
2017-12-30 15:02 - 2015-08-15 11:21 - 000000000 ____D C:\Users\Aryan
2017-12-29 20:46 - 2016-05-29 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-12-27 14:47 - 2015-08-25 23:00 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-27 14:47 - 2015-08-25 23:00 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-26 13:26 - 2017-04-30 08:53 - 000000000 ____D C:\Users\Aryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-23 21:59 - 2016-08-04 09:55 - 000000000 ____D C:\Users\Aryan\Documents\The Witcher 3
2017-12-22 21:06 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-16 20:12 - 2015-08-15 22:26 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-12-16 20:11 - 2015-08-15 22:26 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-12-13 04:05 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-12-13 03:22 - 2009-07-13 23:45 - 000433064 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-13 03:21 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-13 03:21 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-13 03:04 - 2015-09-23 14:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-12-13 03:04 - 2009-07-13 21:34 - 000000478 _____ C:\Windows\win.ini
2017-12-13 03:02 - 2015-08-15 19:12 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 03:01 - 2017-10-11 02:07 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 03:01 - 2015-08-15 19:12 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-09 15:24 - 2015-08-21 18:15 - 000000000 ____D C:\Users\Aryan\AppData\Local\Ubisoft Game Launcher
2017-12-09 15:23 - 2015-08-26 08:32 - 000000000 ____D C:\ProgramData\Origin
2017-12-09 15:21 - 2017-07-13 18:34 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-12-09 14:56 - 2017-03-28 22:00 - 000000000 ____D C:\Users\Aryan\AppData\Local\Discord
2017-12-06 19:40 - 2016-01-13 19:14 - 000000000 ____D C:\ProgramData\Orbit
2017-12-05 20:54 - 2015-10-11 20:06 - 000000000 ____D C:\Users\Aryan\AppData\Roaming\.minecraft
2017-12-05 20:40 - 2015-08-15 12:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2017-12-30 15:02 - 2016-11-09 10:55 - 000073216 _____ (Microsoft Corporation) C:\Users\Aryan\aXiqd.exe
2017-12-30 15:02 - 2009-07-13 20:14 - 000001074 _____ () C:\Program Files (x86)\Common Files\tBposcp
2009-07-13 20:14 - 2009-07-13 20:14 - 000001074 ____N () C:\Program Files (x86)\Common Files\tBposcp.bat
2016-01-01 15:37 - 2016-01-01 15:37 - 000000030 _____ () C:\Users\Aryan\AppData\Roaming\.pgbiasfx
2017-12-30 15:02 - 2010-11-20 22:24 - 000186368 _____ (Microsoft Corporation) C:\Users\Aryan\AppData\Roaming\JBuUpjAPo.exe
2015-08-15 09:28 - 2015-08-15 09:28 - 000000064 _____ () C:\Users\Aryan\AppData\Local\c2a1a5db4f766401a23a7ac2bf3396ce
2015-08-15 12:49 - 2015-12-04 16:22 - 000000000 _____ () C:\Users\Aryan\AppData\Local\Driver_LOM_8161Present.flag
2017-12-30 15:02 - 2017-12-30 15:02 - 000000001 _____ () C:\Users\Aryan\AppData\Local\WMI.ini
 
Some files in TEMP:
====================
2017-12-30 15:01 - 2017-12-30 15:01 - 002575544 _____ () C:\Users\Aryan\AppData\Local\Temp\d2tgppl15h.exe
2017-04-18 23:22 - 2017-04-18 23:22 - 000739904 _____ (Oracle Corporation) C:\Users\Aryan\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-05-11 14:40 - 2016-05-11 14:40 - 000739904 _____ (Oracle Corporation) C:\Users\Aryan\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-09-18 15:08 - 2015-09-18 15:09 - 000178824 ____R (Microsoft Corporation) C:\Users\Aryan\AppData\Local\Temp\ose00000.exe
2017-01-25 22:30 - 2016-01-28 19:51 - 004235264 _____ (New Technology Studio) C:\Users\Aryan\AppData\Local\Temp\ovi-uninstall.exe
2015-08-17 14:40 - 2015-08-17 14:45 - 060685368 _____ () C:\Users\Aryan\AppData\Local\Temp\raptrpatch.exe
2015-08-17 14:40 - 2015-08-17 14:40 - 000221632 _____ () C:\Users\Aryan\AppData\Local\Temp\raptr_stub.exe
2011-11-03 09:13 - 2011-11-03 09:13 - 001786688 _____ () C:\Users\Aryan\AppData\Local\Temp\sonarinst.exe
2017-07-16 21:36 - 2017-07-16 21:40 - 498689040 _____ (AMD Inc.) C:\Users\Aryan\AppData\Local\Temp\tmpD0D5.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-29 00:29
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.01.2018
Ran by Aryan (01-01-2018 15:24:57)
Running from C:\Users\Aryan\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-15 16:20:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1760868093-3625543798-1474462981-500 - Administrator - Disabled)
Aryan (S-1-5-21-1760868093-3625543798-1474462981-1000 - Administrator - Enabled) => C:\Users\Aryan
Guest (S-1-5-21-1760868093-3625543798-1474462981-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
ACP Application (HKLM\...\{7D552BF8-C8FC-24F8-C147-17C8A9284262}) (Version: 2017.0424.2109.30 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
BIAS FX Plugins Pack (64bit) (HKLM\...\{6502036B-F358-4A52-A9C2-947C0DF3E3D0}) (Version: 1.2.6.1031 - PositiveGrid)
Catalyst Control Center Next Localization BR (HKLM\...\{37279C7E-563D-74E3-01A1-2AF4C7BB8902}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{58047A50-A83D-A387-762F-859C215E98CD}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{31930655-65C3-F302-A8A9-2DA497F8F0CC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{FD70BF9B-A0BF-3A1C-FD39-3506741B7470}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{6A87C0E9-DD41-E42B-BAF2-6020D9320319}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{97A3CC05-780B-3EA1-1161-864AC7D054EC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DF92DBC7-6395-296D-AC80-B21FE73E8B0A}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{4FC98BB6-0498-1E6E-8DFB-64FD38B98EB6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{E8DC1490-CAE0-0B16-A710-58CB66103118}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{528682FD-4908-19B2-3E09-8C647177E520}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{90BDCB9E-0ED0-3C6D-BB4C-DB29F03F6B0E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{50F75FA1-3CA8-B32F-1E61-1C6C0612B365}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{90D6CCC2-F199-7CF1-C752-723AF7EBF9BC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{23982FD6-592C-540A-132C-5B10980A6C59}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{869FF845-CAE1-2C9F-A948-E7E1012891C2}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7E4DB8D3-92E7-4711-C6B0-000150EBB8A7}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4F18D58A-4B7A-80B0-2CE1-C7EA4040159C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{30421E3E-D306-906F-1FC4-9A4BAB10A9AA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{55CE5A99-1DA2-4FB3-0E14-2CD742000F5D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{163A3B5E-26D5-7DC2-9ACC-631A1BB85AF2}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{F5ED12E5-A19E-7189-71A6-BF8110EF6B28}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
f.lux (HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\Flux) (Version:  - f.lux Software LLC)
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Driver Update Utility 2.2 (HKLM-x32\...\{3EE9923D-3045-46AB-9CAA-E375993AEB4A}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4251 - Intel Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{24BA7D32-B740-47A3-BE0E-2F4863A05D13}) (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer E220x Drivers (HKLM\...\{921ABFC0-9681-487D-9379-89C1712EFEBF}) (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{E21E50A4-4A55-4A7E-B1AA-16F8F9E255C8}) (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.4 - NETGEAR)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.5.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.5.0 - SteelSeries ApS)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Unity Web Player (HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB4011284) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0CFCD910-8950-4626-80EB-AA0B64A186E8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011284) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0CFCD910-8950-4626-80EB-AA0B64A186E8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011284) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0CFCD910-8950-4626-80EB-AA0B64A186E8}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1760868093-3625543798-1474462981-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-10] (Intel Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2F8557CD-06D4-48C3-8141-789886813A1A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2F8B7795-DEC9-4309-8574-59F88D8A2051} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-31] (Google Inc.)
Task: {33293C25-6BB9-43E9-841C-D66558E0B243} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {49FF85E7-C14F-4359-A26E-D1493F3929E4} - System32\Tasks\hoYMUYuOuI => C:\Users\Aryan\aXiqd.exe [2016-11-09] (Microsoft Corporation)
Task: {4F481B90-C303-4544-8813-54E4DBF81F77} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" bltopn.com/hohoj <==== ATTENTION
Task: {62331EB2-AEFD-4BF9-9E1C-A0979CDDD5C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-31] (Google Inc.)
Task: {8D56989B-75AF-45EB-9ECA-159B12A4299B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {96D9ABE6-3745-4946-A190-48063E1AC1FE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {975D9B1E-5815-48FA-B347-34F3AF6F5BFD} - System32\Tasks\SGEyVAu => C:\Program Files (x86)\nTNbAEwQyOX.bat <==== ATTENTION
Task: {D0E5AD50-4CCA-47EE-AD2D-21227061B5D7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D64816D0-74DA-48AE-9A35-F305144291D2} - System32\Tasks\IPeIU => C:\Windows\UuEWUUKT.bat [2009-07-13] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Aryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-22 18:00 - 2014-08-18 17:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 01:59 - 2016-09-14 01:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 01:59 - 2016-09-14 01:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 02:00 - 2016-09-14 02:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-12-30 16:13 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-30 16:13 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-11-22 18:00 - 2014-08-18 17:49 - 008274648 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2015-09-29 09:50 - 2015-09-29 09:50 - 000505096 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SSEdevice.dll
2017-12-31 17:59 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2017-12-31 17:59 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
2015-11-22 18:00 - 2015-02-26 20:19 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2017-04-24 20:36 - 2017-04-24 20:36 - 000356744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2017-12-25 12:57 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-12-25 12:57 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-25 12:57 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-12-25 12:57 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-25 12:57 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-25 12:57 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-25 12:57 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-25 12:57 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-25 12:57 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-25 12:57 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-25 12:57 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-12-25 12:57 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-11-22 18:00 - 2014-07-22 10:18 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2017-12-25 12:57 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-12-25 12:57 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-12-25 12:57 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A171C187-6790-4E39-8FD3-CBC441F5DF5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{702B2B1F-06E1-457B-AE3A-9BD9CAF0242A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB83F398-4BEE-4561-ABD1-C0B3BF436CD7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F7E6CF8D-A2D1-4279-BEB8-819D3E190707}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0884C753-F09A-4B74-8B61-E210E928AB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{811C1C0F-3386-47D4-BBA7-7DE56E5BEBC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{85292943-D003-42F8-A93A-5B935FD85035}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{19AF67EB-4C7C-4C7C-8D67-CBF6A38D4099}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EB0607FB-1622-4906-913D-55445EE300DB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9F45BED4-B514-4029-9605-463AEC125F16}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4ACE40F5-9FD2-45B9-AC58-F082B66CDB6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{549E0C54-2343-40D5-9E6D-ED9EC5AE379B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{30805710-4863-4BD5-AA02-E38224C35F18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{AC4E638C-3791-4E93-AAA5-389E287AA055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{52648A8A-F521-4DE9-A490-95D0B1BB8AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{43C60425-06B2-4908-950E-9F3A7BF8E05E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{2084265A-848B-4BD0-BB77-7087281804FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{0AA91A07-E97B-4141-84CF-B93CDBA3AD49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B77EF16A-1E27-4D3A-9CED-E8C93CA6E60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4F100073-4C66-4D26-9996-8454732A5078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{001B05DC-0B0A-455F-B189-E8C4035BC9EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{AF5EC733-B0BB-4291-BC6E-1AB81D2597A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{DFA44976-9832-456D-BC42-58B7936E8BBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{4D0E3923-35E3-43CF-9228-FE3316A4FF28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{1A35F5C8-9BD6-44EE-8F8B-6E76756EA709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{48D3045D-0328-49B8-87B9-8EF1461BC4F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe
FirewallRules: [{2F68016B-E349-4F2D-91EA-19F75739FAF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe
FirewallRules: [{4B76070A-EBB3-4CBC-9258-384AAB5DDC6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{53034F37-5DD0-4436-AF71-B22A7CB6F756}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{EAB26269-0860-482C-8841-C7B5CE9F2531}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{4F112468-A66F-45A9-8A6E-D2F2066F6E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{E71715B5-B195-46C3-A2DE-85165485AE23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{33ECD2CE-8228-4B8A-B653-50C400F48DB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{35BB9DD5-284F-45C3-8457-1A34592CDAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{3589AF44-E6A3-4A73-8394-67C35219BCA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{63F2DE52-2032-49EE-B8C1-569E9C30F555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{E1AB349B-B7CF-448B-A518-F0D179BE82AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{A68697E6-6F5C-4806-8FEC-A6977C9E0F01}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{3860E11C-65BF-4101-9318-ADBC69A5646D}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C92B5964-0338-4AAA-9B3C-3BC950D825AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{15229F6D-3F40-4F42-BF1B-AD7B8C3E0BE6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{578214E3-4F4F-4D44-A366-E963EA10DE9C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D73C39C4-E8F5-4ABB-8E95-908FDB119369}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F6136D92-FEFF-4124-8207-19C4913A6C86}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E7D13527-0A05-4160-8D8C-DCE3E27395C2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{25D74917-662B-4413-BB20-5EB6700AC95F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{0656D8B1-B875-498D-BAB7-F59D805DEEA1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{483918A0-585C-4522-A7A7-12DF68560E11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C64F1245-3B8C-4EC8-A002-26B37ADA328D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{CDDEF04A-33F5-499B-975F-15BB32DA5EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{9AB6F9C0-BC76-4699-8243-2CEED16A1ACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{2E4EA268-D5D0-4593-872E-17DF70EB7A67}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{80D0496D-807C-47A7-8C3F-F0B4096FFE83}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{5785B71A-69EF-40AA-91C6-9A56125076BA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{A8B59985-01EC-4983-B873-EFBB2EDAFF72}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{934C936A-185F-4439-93B0-6C65A0484C00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{7E8463C9-891B-40FB-A4C7-5DA964E84F24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{EFCC7AAD-EEAE-4AE7-9C94-7F483FCA25E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{9B6704CE-61D1-4696-B3B5-9299020D34EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{19ECE80A-A921-48F1-8901-1307FAF1AA0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{EB0A8E41-F55C-47EA-8A27-1D4555379C9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{687F12D4-0EEF-46FA-BE93-335564D28597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{4284740F-4BE1-4474-B08A-E0E16B9E7EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{27F3A0F2-CE3A-4218-A5AC-B8B834D72088}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{C146B009-9837-4E25-8578-EED7E53FFF5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{F7FB7457-AD39-4DE6-8C37-D6E5536A1DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{005BE8A8-C536-411C-A447-A872B3982484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{06BB5D61-5D75-4E94-A5A9-6488DAF4A424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{4AE5A7B5-7B68-4FAB-A55A-44942A834C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{39B3E86A-6904-471F-9D72-44C230591C7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{AC5427E1-EB85-4531-A5E2-A549D3741D1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{9C440464-A526-4681-9732-9F5856ED1844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{1BD78C02-C7CC-47AF-AE9A-04D0FB00AF1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{9B31D18F-27D9-4A4F-8474-0A7868BBDA91}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{782F2374-52FE-4DD7-A995-322F37CD11ED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{77DD05EF-D064-4AB8-B884-2F1545D310A1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A064EC0D-1765-4145-B1B4-8BFBF11CAFCC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F686CD52-30EC-4F69-90D0-FCDF2CA12373}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9DEACCC5-8B4E-4AD8-BE57-A95E6C33059C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A73D8064-4BA6-45EB-A4CE-611949AE8EF7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{93559455-AD6A-444F-B979-3DF38D73C026}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{EE1C0161-5D6B-4FD9-8225-9D4B16C0F722}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{C9A9C1C0-A0AE-4F21-8586-32335705DC1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{C540F6D2-33A6-4530-BBB3-85E055BE9D21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{256490EB-52D6-48F8-98F8-E9E02644B5AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [TCP Query User{EFAA225E-DF22-4CB9-9214-94630990B196}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{48CA9B7C-A346-49D3-9397-0963DFD6C6C2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0CD7780B-70B3-4040-B07E-A0568C06F4AF}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4A229791-3BAA-475C-AE6E-964034EF32FB}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{26C1CD26-863B-4C32-8B5F-3F6B89E3FAFC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5124DA46-5455-4F5B-94F4-38D806F47DB2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A84375F4-D20B-45CF-BFED-211A77B17FED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{39038E4A-5493-420F-A80B-AB29EC5880A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A22AD330-0847-4C88-BB5D-0B106D3E248B}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{4CCC6514-FD37-4C9C-919F-78D48E047DE1}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [TCP Query User{D3C10A8B-3251-424D-84F7-ECA4A298AF26}C:\users\aryan\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\aryan\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C7ECC04F-542E-4EEF-9C6D-8D9F56DBDA7B}C:\users\aryan\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\aryan\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5C94FA06-1320-4CDA-B268-CFA1B17DD8A1}] => (Block) C:\users\aryan\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{37479966-B508-4EB7-96A1-FDCFECE3422E}] => (Block) C:\users\aryan\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{EA3EEA32-CD76-4F76-BC31-5B7F92F5DA6A}C:\users\aryan\documents\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\aryan\documents\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7E132F32-6AE3-41C7-BC86-CA54C19CFE21}C:\users\aryan\documents\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\aryan\documents\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E735757D-D2BB-4C7E-86EB-B0CDD268179C}] => (Block) C:\users\aryan\documents\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{509469A7-DC45-444E-87AF-4289716D43B7}] => (Block) C:\users\aryan\documents\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{27D61EEC-2787-45C8-9E0A-59B9C6636BFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{034D9096-402C-45EB-A276-B0674CBE703F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6954ACCC-8482-4C7C-AC40-9245487DFF44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{7E3A95CC-7552-4CBB-A1E1-36A0FAD41BA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{AB219D2B-26F3-4109-8ED1-03D92B00C551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{D3AC2E75-6B0D-48A2-A7D8-6748C1CE35C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{20B5BF11-E94C-4E17-A8D0-C1310510DB34}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{96DD3B16-FBCE-4AAF-B463-5C2270EDEBED}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{BDC1373D-BA7F-40EC-AA3C-110EB4923DD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A30FF416-B3FC-4938-B579-3BAF955CFCA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{935A71AC-4C5E-4550-A5F8-703B82CD0995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CAAEFAD4-5AED-43CB-8A51-87AD84471951}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{1A48BACF-3A56-437A-8393-C86DDBFCB5B2}C:\program files\java\jre1.8.0_77\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\java.exe
FirewallRules: [UDP Query User{362687FB-4AFB-4892-BE51-C0388E59F671}C:\program files\java\jre1.8.0_77\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\java.exe
FirewallRules: [{D0F058A7-D57D-4EFE-A74A-06BE225E88BF}] => (Block) C:\program files\java\jre1.8.0_77\bin\java.exe
FirewallRules: [{4C13EC79-A5BD-427E-A0DA-2B029C00319A}] => (Block) C:\program files\java\jre1.8.0_77\bin\java.exe
FirewallRules: [TCP Query User{542E796B-F5AA-48B8-8433-9C37B8E0DC18}C:\program files (x86)\age of empires iii - complete collection\age3.exe] => (Allow) C:\program files (x86)\age of empires iii - complete collection\age3.exe
FirewallRules: [UDP Query User{A8F14F65-44B0-4F82-BB45-58354F3807AA}C:\program files (x86)\age of empires iii - complete collection\age3.exe] => (Allow) C:\program files (x86)\age of empires iii - complete collection\age3.exe
FirewallRules: [{627A6D5E-2576-407B-8B9B-CC24035A3A78}] => (Block) C:\program files (x86)\age of empires iii - complete collection\age3.exe
FirewallRules: [{58C61417-1696-47EC-8F0A-F8265C12259D}] => (Block) C:\program files (x86)\age of empires iii - complete collection\age3.exe
FirewallRules: [{F395A4A5-2F06-4028-A7B8-E7BD61DE4C29}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{403DF84A-E7ED-4E11-913A-21F981D4EC83}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{55E480FC-4EA1-4F79-9EDE-2F665DC0A043}] => (Allow) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F0DB700-12E1-40C2-811D-01B82DAC9FDE}] => (Allow) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{05B790A4-89AB-4689-B649-D9C6D5D0A298}] => (Allow) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{683ACF4E-18D1-4BA0-AF0A-3D7E6BEC4FC7}] => (Allow) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22DA5D03-6710-4792-82B1-C664C61F3A4D}] => (Allow) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FF3573D-CD25-410D-93D1-6C804F25F8EE}] => (Allow) C:\Users\Aryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A6FC8D4-9E4C-4644-87E7-0C2279B7E814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{6FE1699E-F8E0-4FDC-8793-086021436176}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{B9BCBBE1-A568-479A-AA39-7506E80B236D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{90DA8CA0-1578-4010-8785-14142D5ABBC9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D9486630-59E4-47C7-9281-AD97B2867127}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EAD6EC7B-96EC-47C6-BC8E-26875D07D57F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{438D5B39-C608-4DA0-8430-37535CFBF7A2}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{BC7AE020-22F7-40E7-A59E-1DF55AF07F55}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [{302E9A53-C13A-478E-AF48-B48A05A63126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9FFCCB6D-D82C-47AF-93E5-7CAFC630D619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{49ADDD21-0351-461B-83F8-5324D438F7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A0A2BCDC-CD63-4489-9BDE-1D18991B1366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{741E27D3-14E1-4A6C-AD78-83AAF347B134}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{9F0FA453-20E1-48C0-B8D5-26E4C23F353A}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{89EFFDBB-1D24-4446-A5E3-94EF77EA4917}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F30052F8-6D63-412A-9666-D5FB2203FB1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A74056A0-C808-4662-8614-59EAD55C6D30}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FEAECD97-7F4D-41B4-9484-8015F41D356D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FCA2D07E-ED35-45DF-8295-B0E2EFD663F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CFF0F1A3-622C-44FA-B03F-EF9ADDB160E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{81DF07E9-186E-41F4-AB90-ADEBD2A8FD1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{5ABA6A4B-20A1-48A8-AAA4-6F37DA183A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{ACE7BE36-4599-46AE-BACC-DED76408B9D6}] => (Allow) C:\Users\Aryan\AppData\Local\Go!\Application\go.exe
FirewallRules: [{16BF53FC-82E4-4BFD-B535-A7CF232B75B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0E1214BA-0465-4A68-A488-4BCC22BFABEE}C:\program files\fifa18\fifa18.exe] => (Allow) C:\program files\fifa18\fifa18.exe
FirewallRules: [UDP Query User{1F00DD07-E22E-481E-8A85-001F570B5F40}C:\program files\fifa18\fifa18.exe] => (Allow) C:\program files\fifa18\fifa18.exe
 
==================== Restore Points =========================
 
31-12-2017 18:30:57 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
31-12-2017 18:31:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
31-12-2017 18:32:09 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
31-12-2017 18:32:38 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2018 02:49:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/01/2018 02:48:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/01/2018 02:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/01/2018 02:23:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/01/2018 02:10:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/01/2018 02:46:30 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (01/01/2018 02:07:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (01/01/2018 01:59:36 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/01/2018 01:57:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/31/2017 07:38:56 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (01/01/2018 02:49:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/01/2018 02:47:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/01/2018 02:10:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/01/2018 02:46:30 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding
 
Error: (01/01/2018 01:57:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/31/2017 05:38:56 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding
 
Error: (12/31/2017 04:51:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (12/31/2017 04:46:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/31/2017 04:45:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/31/2017 04:45:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8143.81 MB
Available physical RAM: 5486.46 MB
Total Virtual: 16285.81 MB
Available Virtual: 13136.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:563.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 51177836)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Any help would be very much appreciated! Thank you for taking the time to read this.

Edited by aryan99, 01 January 2018 - 05:47 PM.


BC AdBot (Login to Remove)

 


#2 aryan99

aryan99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 01 January 2018 - 03:33 PM

Is anyone able to help?


Edited by aryan99, 01 January 2018 - 05:47 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 02 January 2018 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1760868093-3625543798-1474462981-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
Task: {49FF85E7-C14F-4359-A26E-D1493F3929E4} - System32\Tasks\hoYMUYuOuI => C:\Users\Aryan\aXiqd.exe [2016-11-09] (Microsoft Corporation)
Task: {4F481B90-C303-4544-8813-54E4DBF81F77} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" bltopn.com/hohoj <==== ATTENTION
Task: {975D9B1E-5815-48FA-B347-34F3AF6F5BFD} - System32\Tasks\SGEyVAu => C:\Program Files (x86)\nTNbAEwQyOX.bat <==== ATTENTION
Task: {D64816D0-74DA-48AE-9A35-F305144291D2} - System32\Tasks\IPeIU => C:\Windows\UuEWUUKT.bat [2009-07-13] () <==== ATTENTION

C:\Wnkdows\System32\Tasks\hoYMUYuOuI
C:\Users\Aryan\aXiqd.exe
C:\Wnkdows\System32\Tasks\bltopncomhohoj
C:\Wnkdows\System32\Tasks\SGEyVAu
C:\Program Files (x86)\nTNbAEwQyOX.ba
C:\Wnkdows\System32\Tasks\IPeIU
C:\Windows\UuEWUUKT.bat

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please post the fixlog.txt and let me know if the problem persists.

#4 aryan99

aryan99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 02 January 2018 - 02:15 PM

Hey Nasdaq, I followed your procedure and everything seems back to normal again! Thank you for your help, I greatly appreciated it. Here is the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Aryan (02-01-2018 10:53:46) Run:1
Running from C:\Users\Aryan\Downloads
Loaded Profiles: Aryan (Available Profiles: Aryan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1760868093-3625543798-1474462981-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
Task: {49FF85E7-C14F-4359-A26E-D1493F3929E4} - System32\Tasks\hoYMUYuOuI => C:\Users\Aryan\aXiqd.exe [2016-11-09] (Microsoft Corporation)
Task: {4F481B90-C303-4544-8813-54E4DBF81F77} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" bltopn.com/hohoj <==== ATTENTION
Task: {975D9B1E-5815-48FA-B347-34F3AF6F5BFD} - System32\Tasks\SGEyVAu => C:\Program Files (x86)\nTNbAEwQyOX.bat <==== ATTENTION
Task: {D64816D0-74DA-48AE-9A35-F305144291D2} - System32\Tasks\IPeIU => C:\Windows\UuEWUUKT.bat [2009-07-13] () <==== ATTENTION
 
C:\Wnkdows\System32\Tasks\hoYMUYuOuI
C:\Users\Aryan\aXiqd.exe
C:\Wnkdows\System32\Tasks\bltopncomhohoj
C:\Wnkdows\System32\Tasks\SGEyVAu
C:\Program Files (x86)\nTNbAEwQyOX.ba
C:\Wnkdows\System32\Tasks\IPeIU
C:\Windows\UuEWUUKT.bat
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKU\S-1-5-21-1760868093-3625543798-1474462981-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => removed successfully
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll" => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal" => removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO" => removed successfully
"HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO" => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO" => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49FF85E7-C14F-4359-A26E-D1493F3929E4} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49FF85E7-C14F-4359-A26E-D1493F3929E4}" => removed successfully
C:\Windows\System32\Tasks\hoYMUYuOuI => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hoYMUYuOuI" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F481B90-C303-4544-8813-54E4DBF81F77}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F481B90-C303-4544-8813-54E4DBF81F77}" => removed successfully
C:\Windows\System32\Tasks\bltopncomhohoj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bltopncomhohoj" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{975D9B1E-5815-48FA-B347-34F3AF6F5BFD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{975D9B1E-5815-48FA-B347-34F3AF6F5BFD}" => removed successfully
C:\Windows\System32\Tasks\SGEyVAu => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SGEyVAu" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D64816D0-74DA-48AE-9A35-F305144291D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D64816D0-74DA-48AE-9A35-F305144291D2}" => removed successfully
C:\Windows\System32\Tasks\IPeIU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IPeIU" => removed successfully
"C:\Wnkdows\System32\Tasks\hoYMUYuOuI" => not found
C:\Users\Aryan\aXiqd.exe => moved successfully
"C:\Wnkdows\System32\Tasks\bltopncomhohoj" => not found
"C:\Wnkdows\System32\Tasks\SGEyVAu" => not found
"C:\Program Files (x86)\nTNbAEwQyOX.ba" => not found
"C:\Wnkdows\System32\Tasks\IPeIU" => not found
C:\Windows\UuEWUUKT.bat => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 111068408 B
Java, Flash, Steam htmlcache => 845893706 B
Windows/system/drivers => 976461615 B
Edge => 0 B
Chrome => 239718544 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 1023226 B
Aryan => 3261036629 B
 
RecycleBin => 0 B
EmptyTemp: => 5.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:56:39 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 AM

Posted 02 January 2018 - 02:22 PM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users