Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran a file with Polycrypt


  • This topic is locked This topic is locked
11 replies to this topic

#1 vrap

vrap

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 January 2018 - 07:06 PM

Hi guys, I am a little paranoid right now, was investigating some files a friend sent me and accidentally ran a file that when scanned on VT says its "packed with polycrypt". The file did nothing, so I am assuming it did something in the background.
 
Logs:
First:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Loaded Profiles: defaultuser0 & user (Available Profiles: defaultuser0 & user)
Platform: Windows 10 Pro Version 1607 14393.1944 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.299\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.299\Discord.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15371216 2017-03-07] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [831584 2016-11-15] (MSI)
HKLM-x32\...\Run: [MasterKeys Pro S] => C:\Program Files (x86)\Cooler Master\MasterKeys Pro S With intelligent RGB\MasterKeys Pro S RGB HID.exe [1970688 2017-01-17] (Cooler Master)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-22] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [16918736 2016-06-11] (Corsair Components, Inc.)
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-16] (Valve Corporation)
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [AirParrot2] => [X]
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-21] (Spotify Ltd)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4288987513-595927399-2297819926-1001] => 127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{c3d0f584-0c8d-45c3-8921-8bc6dd8074f6}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{fcc2c6d7-4912-4e25-88b3-d8e52a3a1ab3}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-13] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-13] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: nbozzmt1.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nbozzmt1.default [2017-12-22]
FF NetworkProxy: Mozilla\Firefox\Profiles\nbozzmt1.default -> backup.ftp", "127.0.0.1"
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-04] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-13] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.8.6e -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-01-05]
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-22]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Super Netflix) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2017-12-10]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-16]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-16]
CHR Extension: (Honey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-21]
CHR Extension: (Chrome IG Story) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-10-11]
CHR Extension: (uBlock Origin) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-19]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-16]
CHR Extension: (Tampermonkey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-19]
CHR Extension: (Axure RP Extension for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2016-08-16]
CHR Extension: (File Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\egoilkobbnkdafmcllnicbohlpjcjegl [2016-08-16]
CHR Extension: (Postman - REST Client) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-09-17]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (UX Check) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekhiebdpmljgchjojblnekkcgpdobp [2017-05-10]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-01-04]
CHR Extension: (Chrome extension source viewer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2017-12-09]
CHR Extension: (Cisco WebEx Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-14]
CHR Extension: (Save to Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-02-22]
CHR Extension: (CouchPotato) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2016-10-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-23]
CHR Extension: (RevEye Reverse Image Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf [2017-07-23]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2017-12-11]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2016-08-16]
CHR Extension: (Google Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Hover Zoom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-12-20]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-08-16]
CHR Extension: (Agario Assist) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjghcmcgmlbelimhhcocpogolifaild [2016-08-16]
CHR Extension: (Synology Download Station) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida [2018-01-01]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Extension: (RSS Feed Reader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2017-12-28]
CHR Extension: (Custom JavaScript for websites ) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\poakhlngfciodnhlhhgnaaelnpjljija [2017-02-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcuWVSSchedulerv10; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 10\WVSScheduler.exe [2028296 2016-02-17] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-15] ()
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [77008 2016-06-11] (Corsair Components, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-02-17] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
S3 hns; C:\Windows\System32\HostNetSvc.dll [585216 2018-01-04] (Microsoft Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-19] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-19] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [2169440 2016-11-23] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2206304 2017-01-06] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4172896 2016-12-14] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014816 2016-11-15] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2327648 2016-12-05] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-12-05] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [611936 2016-12-23] (MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [75192 2017-04-12] (Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2286032 2017-03-06] (Micro-Star INT'L CO., LTD.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3815712 2016-04-08] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2130440 2016-09-15] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2195472 2016-09-15] (Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-07-03] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [179840 2017-06-20] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-19] (TeamViewer GmbH)
R3 vmcompute; C:\Windows\system32\vmcompute.exe [1935360 2018-01-04] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14424064 2018-01-04] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cpuz139; C:\Windows\TEMP\cpuz139_x64.sys [43328 2017-02-26] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [543184 2016-07-26] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 GPUZ; C:\Users\user\AppData\Local\Temp\GPUZ.sys [27008 2018-01-02] () <==== ATTENTION
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-17] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-24] (ASUSTeK Computer Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2018-01-04] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-05] (Malwarebytes)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 ng9x25vspat00; C:\Windows\system32\DRIVERS\ng9x25vspat00.sys [41976 2014-08-13] (NETGEAR)
R3 ng9x25vspdm00; C:\Windows\system32\DRIVERS\ng9x25vspdm00.sys [41976 2014-08-13] (NETGEAR)
R3 ng9x25vspnmea00; C:\Windows\system32\DRIVERS\ng9x25vspnmea00.sys [41976 2014-08-13] (NETGEAR)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-10-12] (CACE Technologies, Inc.)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-03-08] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-09-19] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-09-19] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [24576 2018-01-04] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [46592 2018-01-04] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2016-08-16] ()
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2018-01-04] (Microsoft Corporation)
S3 ramparser; C:\Windows\System32\drivers\ramparser.sys [30720 2018-01-04] (Microsoft Corporation)
S3 rtux64w10; C:\Windows\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek )
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-14] (Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-08] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-14] (Razer Inc)
S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\system32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\system32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\system32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\drivers\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\system32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [103424 2018-01-04] (Microsoft Corporation)
S3 tap0901_openvpn_accl; C:\Windows\System32\drivers\tap0901_openvpn_accl.sys [37912 2016-10-05] (The OpenVPN Project)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-11-08] (Windows ® Win 7 DDK provider)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [988672 2018-01-04] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2018-01-04] (Microsoft Corporation)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-05 11:03 - 2018-01-05 11:03 - 000000000 ____D C:\FRST
2018-01-05 09:24 - 2018-01-05 09:24 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-05 09:24 - 2018-01-05 09:24 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-05 09:24 - 2018-01-05 09:24 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-05 09:24 - 2018-01-05 09:24 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-05 09:17 - 2018-01-05 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-05 09:17 - 2018-01-05 09:17 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-05 02:49 - 2018-01-05 02:49 - 000000000 ___SD C:\Windows\system32\containers
2018-01-05 02:49 - 2018-01-05 02:49 - 000000000 ____D C:\Windows\system32\BestPractices
2018-01-05 02:49 - 2018-01-05 02:49 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2018-01-05 02:49 - 2018-01-05 02:49 - 000000000 ____D C:\Program Files\Hyper-V
2018-01-05 02:31 - 2018-01-05 02:32 - 000000000 ____D C:\Users\user\AppData\Roaming\NR
2018-01-04 17:08 - 2018-01-04 17:08 - 000000000 ____D C:\Users\user\Documents\boostbot
2018-01-04 12:43 - 2018-01-05 09:17 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-03 23:52 - 2018-01-03 23:52 - 000007475 _____ C:\openssl.cnf
2018-01-03 23:47 - 2018-01-03 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
2018-01-03 23:47 - 2018-01-03 23:47 - 000000000 ____D C:\Program Files (x86)\GnuWin32
2018-01-03 23:21 - 2018-01-03 23:22 - 000000000 ____D C:\Users\user\AppData\Roaming\npm-cache
2018-01-03 23:21 - 2018-01-03 23:21 - 000000000 ____D C:\Users\user\.config
2018-01-03 23:15 - 2018-01-03 23:21 - 000000000 ____D C:\Users\user\AppData\Roaming\npm
2018-01-03 23:15 - 2018-01-03 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2018-01-03 23:15 - 2018-01-03 23:15 - 000000000 ____D C:\Program Files\nodejs
2018-01-03 03:58 - 2018-01-03 03:58 - 000000000 ____D C:\Users\user\AppData\Local\gmt2
2018-01-03 03:39 - 2018-01-03 03:39 - 000000000 ____D C:\Users\user\AppData\Roaming\PE Explorer
2018-01-03 03:35 - 2018-01-03 03:35 - 000000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2018-01-03 03:35 - 2018-01-03 03:35 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-03 03:35 - 2018-01-03 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-03 03:35 - 2018-01-03 03:35 - 000000000 ____D C:\Program Files\WinRAR
2018-01-03 03:16 - 2018-01-03 03:58 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fagenorn
2018-01-02 14:39 - 2018-01-02 14:39 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit
2018-01-02 14:38 - 2018-01-02 14:39 - 000000000 ____D C:\msys64
2018-01-02 14:32 - 2018-01-02 14:32 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.5.0-1-x64
2018-01-02 14:32 - 2018-01-02 14:32 - 000000000 ____D C:\Users\user\.gem
2018-01-02 14:32 - 2018-01-02 14:32 - 000000000 ____D C:\Ruby25-x64
2017-12-27 16:23 - 2018-01-03 04:20 - 000000000 ____D C:\Users\user\AppData\Local\GramMultiToolUI
2017-12-25 16:57 - 2017-12-25 16:57 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Charles
2017-12-25 16:57 - 2017-12-25 16:57 - 000000000 ____D C:\Program Files\Charles
2017-12-23 00:30 - 2018-01-04 12:59 - 000000000 ____D C:\Users\user\AppData\Roaming\Notepad++
2017-12-23 00:30 - 2017-12-23 00:30 - 000000000 ____D C:\Users\user\AppData\Local\Notepad++
2017-12-23 00:30 - 2017-12-23 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-23 00:30 - 2017-12-23 00:30 - 000000000 ____D C:\Program Files (x86)\Notepad++
2017-12-22 23:45 - 2017-12-22 23:45 - 000000000 ____D C:\Users\user\AppData\Roaming\VgrSoft
2017-12-14 00:52 - 2018-01-04 21:34 - 000585216 _____ (Microsoft Corporation) C:\Windows\system32\HostNetSvc.dll
2017-12-14 00:52 - 2018-01-04 21:34 - 000337920 _____ (Microsoft Corporation) C:\Windows\system32\PrivateCloudHNSPlugin.dll
2017-12-14 00:52 - 2018-01-04 21:34 - 000303104 _____ C:\Windows\system32\OverlayHNSPlugin.dll
2017-12-14 00:52 - 2017-11-30 20:45 - 000982392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-12-14 00:52 - 2017-11-30 20:33 - 005688320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-12-14 00:52 - 2017-11-30 20:29 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-12-14 00:52 - 2017-11-30 20:28 - 007625728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-12-14 00:52 - 2017-11-30 20:28 - 000224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-12-14 00:52 - 2017-11-30 20:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-14 00:52 - 2017-11-30 20:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-14 00:52 - 2017-11-30 20:26 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2017-12-14 00:52 - 2017-11-30 20:25 - 000176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2017-12-14 00:52 - 2017-11-30 20:25 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-12-14 00:52 - 2017-11-30 20:25 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-12-14 00:52 - 2017-11-30 20:25 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-12-14 00:52 - 2017-11-30 20:25 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2017-12-14 00:52 - 2017-11-30 20:24 - 000822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-12-14 00:52 - 2017-11-30 20:24 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-14 00:52 - 2017-11-30 20:24 - 000300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2017-12-14 00:52 - 2017-11-30 20:24 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshext.dll
2017-12-14 00:52 - 2017-11-30 20:23 - 000670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2017-12-14 00:52 - 2017-11-30 20:23 - 000431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-12-14 00:52 - 2017-11-30 20:23 - 000205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2017-12-14 00:52 - 2017-11-30 20:22 - 019411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-14 00:52 - 2017-11-30 20:22 - 018366976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-12-14 00:52 - 2017-11-30 20:22 - 012205056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-14 00:52 - 2017-11-30 20:21 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2017-12-14 00:52 - 2017-11-30 20:17 - 000858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2017-12-14 00:52 - 2017-11-30 20:17 - 000579072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2017-12-14 00:52 - 2017-11-30 20:16 - 006066688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-12-14 00:52 - 2017-11-30 20:16 - 003662848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-14 00:52 - 2017-11-30 20:16 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-14 00:52 - 2017-11-30 20:16 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2017-12-14 00:52 - 2017-11-30 20:15 - 001599488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-14 00:52 - 2017-11-30 20:15 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2017-12-14 00:52 - 2017-11-30 20:14 - 002028032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-14 00:52 - 2017-11-30 20:14 - 000859136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2017-12-14 00:52 - 2017-11-30 20:14 - 000656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-14 00:52 - 2017-11-30 19:22 - 007780184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-12-14 00:52 - 2017-11-30 19:17 - 000983896 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-12-14 00:52 - 2017-11-30 19:16 - 001090904 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-12-14 00:52 - 2017-11-30 19:16 - 000947544 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2017-12-14 00:52 - 2017-11-30 19:16 - 000811864 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2017-12-14 00:52 - 2017-11-30 19:15 - 001072240 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-12-14 00:52 - 2017-11-30 18:53 - 022571520 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-12-14 00:52 - 2017-11-30 18:50 - 007219200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-12-14 00:52 - 2017-11-30 18:45 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-12-14 00:52 - 2017-11-30 18:45 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-14 00:52 - 2017-11-30 18:44 - 000173056 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-14 00:52 - 2017-11-30 18:42 - 000862208 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2017-12-14 00:52 - 2017-11-30 18:42 - 000163328 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-12-14 00:52 - 2017-11-30 18:41 - 009129984 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-12-14 00:52 - 2017-11-30 18:40 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-12-14 00:52 - 2017-11-30 18:39 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2017-12-14 00:52 - 2017-11-30 18:38 - 001081856 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-12-14 00:52 - 2017-11-30 18:38 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2017-12-14 00:52 - 2017-11-30 18:38 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-14 00:52 - 2017-11-30 18:37 - 008118272 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000556544 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000388096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2017-12-14 00:52 - 2017-11-30 18:37 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2017-12-14 00:52 - 2017-11-30 18:36 - 023674880 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-14 00:52 - 2017-11-30 18:36 - 013108224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-14 00:52 - 2017-11-30 18:36 - 004749824 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-12-14 00:52 - 2017-11-30 18:36 - 001146880 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2017-12-14 00:52 - 2017-11-30 18:36 - 000761856 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2017-12-14 00:52 - 2017-11-30 18:36 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2017-12-14 00:52 - 2017-11-30 18:34 - 004739584 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-14 00:52 - 2017-11-30 18:33 - 002097664 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-14 00:52 - 2017-11-30 18:33 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-14 00:52 - 2017-11-30 18:33 - 001013760 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2017-12-14 00:52 - 2017-11-30 18:33 - 000583168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-14 00:52 - 2017-11-30 18:32 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-14 00:52 - 2017-11-30 18:32 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2017-12-14 00:52 - 2017-03-04 17:19 - 000635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-14 00:52 - 2016-09-07 15:56 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2017-12-14 00:27 - 2017-12-14 00:29 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2017-12-14 00:27 - 2017-12-14 00:29 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2017-12-14 00:27 - 2017-12-14 00:29 - 000000000 ____D C:\Users\user\usb_driver

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-05 10:51 - 2016-08-16 15:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-05 09:53 - 2016-08-16 01:20 - 000000000 ____D C:\ProgramData\CLink4
2018-01-05 09:18 - 2016-08-16 02:24 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-05 09:17 - 2017-10-17 08:08 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-05 08:44 - 2016-08-16 00:23 - 007960302 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-05 08:41 - 2016-09-02 17:43 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-05 08:39 - 2017-05-17 01:14 - 000000550 __RSH C:\ProgramData\ntuser.pol
2018-01-05 08:39 - 2016-08-16 01:56 - 000003252 _____ C:\Windows\System32\Tasks\GPU Tweak II
2018-01-05 08:39 - 2016-07-16 22:45 - 000000000 ____D C:\Windows\INF
2018-01-05 08:38 - 2016-08-31 14:13 - 000000000 ____D C:\ProgramData\VMware
2018-01-05 08:38 - 2016-08-16 15:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-05 08:38 - 2016-07-16 17:04 - 000786432 _____ C:\Windows\system32\config\BBI
2018-01-05 02:49 - 2016-07-16 22:47 - 000000000 ____D C:\Windows\schemas
2018-01-05 02:49 - 2016-07-16 22:41 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspiper.dll
2018-01-05 02:41 - 2016-08-16 01:40 - 000000000 ____D C:\Users\user\AppData\Local\Battle.net
2018-01-05 02:22 - 2016-09-02 19:37 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2018-01-04 21:36 - 2016-08-31 14:13 - 000000000 ____D C:\Users\user\AppData\Local\VMware
2018-01-04 21:36 - 2016-08-16 01:46 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-01-04 21:36 - 2016-08-16 01:40 - 000000000 ____D C:\Users\user\AppData\Roaming\Charles
2018-01-04 21:35 - 2016-07-16 22:36 - 000000000 ____D C:\Windows\CbsTemp
2018-01-04 21:34 - 2017-11-28 18:19 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2018-01-04 21:34 - 2017-11-28 18:17 - 014424064 _____ (Microsoft Corporation) C:\Windows\system32\vmms.exe
2018-01-04 21:34 - 2017-11-28 18:17 - 001935360 _____ (Microsoft Corporation) C:\Windows\system32\vmcompute.exe
2018-01-04 21:34 - 2017-11-28 18:17 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\vmcompute.dll
2018-01-04 21:34 - 2017-10-11 08:29 - 004407808 _____ (Microsoft Corporation) C:\Windows\system32\rdvgm.exe
2018-01-04 21:34 - 2017-10-11 08:29 - 000346608 _____ (Microsoft Corporation) C:\Windows\system32\TpmEngUM.dll
2018-01-04 21:34 - 2017-10-11 08:28 - 002801664 _____ (Microsoft Corporation) C:\Windows\system32\vmchipset.dll
2018-01-04 21:34 - 2017-10-11 08:28 - 002069688 _____ (Microsoft Corporation) C:\Windows\system32\vmwp.exe
2018-01-04 21:34 - 2017-10-11 08:28 - 001617408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmswitch.sys
2018-01-04 21:34 - 2017-10-11 08:28 - 001241600 _____ (Microsoft Corporation) C:\Windows\system32\vmemulateddevices.dll
2018-01-04 21:34 - 2017-10-11 08:28 - 000988672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vfpext.sys
2018-01-04 21:34 - 2017-10-11 08:28 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\vsconfig.dll
2018-01-04 21:34 - 2017-10-11 08:28 - 000185856 _____ (Microsoft Corporation) C:\Windows\system32\vmsif.dll
2018-01-04 21:34 - 2017-09-13 12:14 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wnv.sys
2018-01-04 21:34 - 2017-09-13 12:14 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2018-01-04 21:34 - 2017-09-13 12:13 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\vmuidevices.dll
2018-01-04 21:34 - 2017-09-13 12:13 - 000434688 _____ (Microsoft Corporation) C:\Windows\system32\VmSynthNic.dll
2018-01-04 21:34 - 2017-09-13 12:13 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2018-01-04 21:34 - 2017-09-13 12:13 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll
2018-01-04 21:34 - 2017-09-13 12:13 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2018-01-04 21:34 - 2017-06-14 10:02 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\VmEmulatedNic.dll
2018-01-04 21:34 - 2017-05-10 21:40 - 002316800 _____ (Microsoft Corporation) C:\Windows\system32\rdp4vs.dll
2018-01-04 21:34 - 2017-05-10 21:40 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmusrv.dll
2018-01-04 21:34 - 2017-04-14 09:41 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\vfpctrl.exe
2018-01-04 21:34 - 2017-04-14 09:41 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\vfpapi.dll
2018-01-04 21:34 - 2017-03-16 22:39 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2018-01-04 21:34 - 2017-03-16 22:38 - 000480256 _____ (Microsoft Corporation) C:\Windows\system32\vmprox.dll
2018-01-04 21:34 - 2017-03-16 22:38 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\vmsmb.dll
2018-01-04 21:34 - 2017-03-16 22:38 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\vmicvdev.dll
2018-01-04 21:34 - 2017-03-16 22:38 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll
2018-01-04 21:34 - 2016-10-30 04:51 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\ActivationVdev.dll
2018-01-04 21:34 - 2016-10-30 04:50 - 000025776 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll
2018-01-04 21:34 - 2016-10-30 04:50 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\HostGuardianServiceClientResources.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\VmEmulatedStorage.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\vmsynthstor.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\vmsynth3dvideo.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\vmdynmem.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000201216 _____ (Microsoft Corporation) C:\Windows\system32\vmsynthfcvdev.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000178688 _____ (Microsoft Corporation) C:\Windows\system32\vmicrdv.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\vmserial.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\vmtpm.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\vmdebug.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\vmbusvdev.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\gpupvdev.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\vpcievdev.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\ContainerUpdater.exe
2018-01-04 21:34 - 2016-09-30 08:14 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\vid.dll
2018-01-04 21:34 - 2016-09-30 08:14 - 000033632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmsproxy.sys
2018-01-04 21:34 - 2016-09-30 08:14 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll
2018-01-04 21:34 - 2016-08-24 23:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\wnvapi.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 001569750 _____ C:\Windows\system32\WindowsVirtualization.V2.mof
2018-01-04 21:34 - 2016-07-16 22:43 - 001149404 _____ C:\Windows\system32\WindowsHyperVCluster.V2.mof
2018-01-04 21:34 - 2016-07-16 22:43 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\vmconnect.exe
2018-01-04 21:34 - 2016-07-16 22:43 - 000248320 _____ (Microsoft Corporation) C:\Windows\system32\RemoteFileBrowse.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\CCG.exe
2018-01-04 21:34 - 2016-07-16 22:43 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\CCGLaunchPad.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000144967 _____ C:\Windows\system32\virtmgmt.msc
2018-01-04 21:34 - 2016-07-16 22:43 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\HgsClientWmi.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000128128 _____ (Microsoft Corporation) C:\Windows\system32\vmsp.exe
2018-01-04 21:34 - 2016-07-16 22:43 - 000075616 _____ (Microsoft Corporation) C:\Windows\system32\rtpm.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\HyperVSysprepProvider.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys
2018-01-04 21:34 - 2016-07-16 22:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ramparser.sys
2018-01-04 21:34 - 2016-07-16 22:43 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\RdvgmProxy.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\RdvGpuInfo.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys
2018-01-04 21:34 - 2016-07-16 22:43 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys
2018-01-04 21:34 - 2016-07-16 22:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lunparser.sys
2018-01-04 21:34 - 2016-07-16 22:43 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RdvgmProxy.dll
2018-01-04 21:34 - 2016-07-16 22:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\synth3dvideoproxy.dll
2018-01-04 21:34 - 2016-07-16 22:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Synth3dVsp.sys
2018-01-04 21:34 - 2016-07-16 22:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcip.sys
2018-01-04 18:06 - 2016-07-16 22:47 - 000000000 ____D C:\Windows\AppReadiness
2018-01-04 17:18 - 2016-08-31 14:13 - 000000000 ____D C:\Users\user\AppData\Roaming\VMware
2018-01-04 15:21 - 2017-05-15 22:43 - 000000000 ____D C:\Users\user\Documents\GitHub
2018-01-04 02:20 - 2016-08-16 00:21 - 000000000 ____D C:\Users\user
2018-01-04 00:00 - 2016-08-16 01:04 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-03 23:49 - 2016-08-16 00:21 - 000000000 ____D C:\Users\user\AppData\Local\VirtualStore
2018-01-03 22:11 - 2017-12-02 14:46 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2018-01-03 22:10 - 2017-12-02 14:45 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify
2018-01-03 03:58 - 2016-08-16 02:30 - 000000000 ____D C:\Users\user\AppData\Local\SquirrelTemp
2018-01-03 03:52 - 2017-08-06 11:54 - 000000000 ____D C:\Users\user\Documents\Visual Studio 2017
2018-01-03 01:21 - 2017-08-06 11:54 - 000000000 ____D C:\Users\user\AppData\Local\.IdentityService
2018-01-02 01:21 - 2016-08-16 02:02 - 000000022 _____ C:\Windows\GPU-Z.INI
2018-01-01 23:43 - 2016-12-25 12:33 - 000000000 ____D C:\Users\user\AppData\Local\Jagex
2018-01-01 23:43 - 2016-12-25 12:33 - 000000000 ____D C:\ProgramData\Jagex
2018-01-01 23:43 - 2016-08-16 00:44 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA
2017-12-20 21:49 - 2016-11-23 14:54 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-12-20 21:49 - 2016-11-23 14:54 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-12-20 21:49 - 2016-08-16 00:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-17 13:03 - 2016-07-16 22:47 - 000000000 ____D C:\Windows\rescache
2017-12-14 22:19 - 2017-06-14 18:36 - 000000000 ___SD C:\Windows\UpdateAssistantV2
2017-12-14 21:46 - 2016-08-16 00:36 - 000000000 ____D C:\Windows\system32\MRT
2017-12-14 21:44 - 2017-10-11 08:29 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-14 21:44 - 2016-08-16 00:36 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-14 00:34 - 2016-08-16 01:04 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-12 23:21 - 2017-05-17 23:33 - 000000000 ____D C:\Users\user\AppData\Local\Discord
2017-12-12 23:21 - 2016-08-16 01:40 - 000000000 ____D C:\Users\user\AppData\Roaming\discord
2017-12-09 13:57 - 2017-09-30 11:08 - 000000000 ____D C:\Program Files\rempl
2017-12-07 22:40 - 2017-09-30 12:18 - 000000000 ____D C:\Users\user\AppData\Local\UnrealEngine

==================== Files in the root of some directories =======

2016-11-08 10:16 - 2017-05-21 22:10 - 000003983 _____ () C:\Users\user\AppData\Roaming\VoiceMeeterDefault.xml
2017-03-07 20:16 - 2017-03-07 20:16 - 000001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-04-06 18:23 - 2017-09-09 19:28 - 000000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2016-10-18 20:49 - 2016-10-18 20:49 - 000000032 RSHOT () C:\Users\user\AppData\Local\t80.dat

Some files in TEMP:
====================
2018-01-02 14:32 - 2018-01-02 14:33 - 071003102 _____ () C:\Users\user\AppData\Local\Temp\msys2-x86_64-20161025.exe
2018-01-03 13:11 - 2018-01-03 13:11 - 000737792 _____ () C:\Users\user\AppData\Local\Temp\Protect74fad4c4.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-28 17:41

==================== End of FRST.txt ============================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Windows 10 Pro Version 1607 14393.1944 (X64) (2016-08-15 13:20:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4288987513-595927399-2297819926-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4288987513-595927399-2297819926-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4288987513-595927399-2297819926-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4288987513-595927399-2297819926-501 - Limited - Disabled)
user (S-1-5-21-4288987513-595927399-2297819926-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Acunetix Web Vulnerability Scanner 10.5 (HKLM-x32\...\{A2EE73C0-01F6-4CD0-B771-9370F6E1EDEF}_is1) (Version: 10.5 - Acunetix)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
AirMyPC (HKLM-x32\...\AirMyPC_is1) (Version: 1.8.0.3 - AirMyPC)
AirParrot 2 (HKLM\...\{F4ED93AD-466C-4713-831A-7336457B68C7}) (Version: 2.7.0.0 - Squirrels)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Artemis (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Artemis) (Version: 1.10.0.0 - SpoinkyNL)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.2 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.2 - ASUSTek COMPUTER INC.)
AURA(GRAPHICS CARD) (HKLM-x32\...\{EF7AF9C6-39B4-4982-AD1C-F826F65BFC9B}) (Version: 0.0.4.1 - )
Axure RP 8 (HKLM-x32\...\{84D1C178-5670-4E76-A5C0-1CD01B4732E5}) (Version: 8.0.0.3312 - Axure Software Solutions, Inc.) Hidden
Axure RP 8 (HKLM-x32\...\Axure RP 8) (Version: 8.0.0.3312 - Axure Software Solutions, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.17.1 - Bethesda Softworks)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Burp Suite Professional 1.7.19 (HKLM\...\7318-9294-3757-1226) (Version: 1.7.19 - PortSwigger Web Security)
Charles 4.2.1 (HKLM\...\{771BD564-B600-4125-A6E1-C30798C81013}) (Version: 4.2.1.4 - XK72 Ltd)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Cooler Master Portal Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_PORTAL) (Version: 0.52 - Cooler Master)
Corsair Link 4 (HKLM-x32\...\{ca37ff55-4f68-48ab-b12f-1c33e36c1410}) (Version: 4.2.4.25 - Corsair Components, Inc.)
Corsair Link 4 (HKLM-x32\...\{CDAB94CB-C456-4BA6-B9CC-C6305DE469D4}) (Version: 4.2.4.25 - Corsair Components, Inc.) Hidden
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version: - Corsair Memory, Inc.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{9F55B4DA-23ED-44FA-910E-BDDBD6D942CF}) (Version: 1.1.123.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
GitHub (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gram Multitool 2 (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\gmt2) (Version: 0.6.4 - Fagenorn)
Gram Multitool 2 (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\gmt2-0.6.4-full - Copy) (Version: 0.6.4 - Fagenorn)
Gram Multitool 2 (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\gmt2-0.6.4-full-exclusive) (Version: 0.6.4 - Fagenorn)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MasterKeys Pro S Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_MASTERKEYS_PRO_S) (Version: 1.01 - Cooler Master)
Microsoft OneDrive (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30642.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 2.0.0.45 - MSI)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.15 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI)
MSYS2 64bit (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\{95a8bcb9-0f24-4f1d-95cc-3aa18e4e1010}) (Version: 20161025 - The MSYS2 Developers)
NETGEAR AC78xS Driver Package (HKLM-x32\...\AC78xSDrvInstaller) (Version: 4.3.0.0 - NETGEAR)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
Node.js (HKLM\...\{2C5A12C8-7CB4-467B-B5DA-50F3CDD389EC}) (Version: 9.3.0 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Omnius for SE v1.41 (HKLM-x32\...\Omnius for SE) (Version: v1.41 - Omnius Team)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
OWASP Zed Attack Proxy 2.6.0 (HKLM\...\OWASP ZAP) (Version: 2.6.0 - OWASP ZAP)
PCVITA OST Converter 5.5 (HKLM-x32\...\PCVITA OST Converter_is1) (Version: - )
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Quake Champions (HKLM-x32\...\Quake Champions) (Version: - Bethesda Softworks)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.3.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
Ruby 2.5.0-1-x64 (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\RubyInstaller-2.5-x64-mingw32_is1) (Version: 2.5.0-1 - RubyInstaller Team)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
South Park The Fractured But Whole version 1.0 (HKLM\...\South Park The Fractured But Whole_is1) (Version: 1.0 - CODEPUNKS)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Sublime Text Build 3103 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-06] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-12] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-12] (Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-12] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-12] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DB557E-1DCE-42AF-932B-C4CC7CDF5452} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-07-23] (TODO: <Company name>)
Task: {1046144B-AA2D-4875-8708-CFBF86167CD7} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {10C3077E-F172-4025-9518-72D5CB872118} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {1FA537BC-5714-4662-A562-C2BE4F992C5B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
Task: {295D189F-A3DD-40C3-8582-0DFCDDE0B25D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {3328418C-E6FC-424C-8F47-1ADCE84E3CE3} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2016-07-13] (TODO: <Company name>)
Task: {3B195968-98D7-40F3-8B48-BF76BB99D8CD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {40BD45C3-CC63-4A28-964C-5C12DC987154} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {466C7E84-40A1-4B8F-9F2B-1C3B02D2E3A4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-09-19] (NVIDIA Corporation)
Task: {59807C16-9B14-47D9-8505-AA07EDEE6B02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {62105FE2-9A1E-4F39-999D-ADC2DD2FE051} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {85692B69-A204-4829-AB04-8871635D1593} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {86ACDBED-A89F-4E86-9753-B5601719ECEB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {9D1DDE60-99D9-486B-A43F-58F78FEC7C36} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {A6A4B726-C124-4E8F-BBB6-8C67337F2F0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B31E2FBB-B2C8-49CB-A225-CB167C801B6D} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {B74C998F-C48B-41FC-8C59-EC59C20A08E0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {C1033F42-4935-4AAA-91E6-87494177E835} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
Task: {CAB54076-C1A8-46E5-9A57-849B339446FE} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {D5BB1A68-EBD7-4F00-8D47-3F1E9CFE8BF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {EE0016DA-DD29-4AFF-A27F-A86E631795E2} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 22:42 - 2016-07-16 22:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-09-13 12:14 - 2017-09-07 17:01 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 03:49 - 2017-09-01 03:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-12 15:22 - 2017-09-19 18:23 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-25 08:20 - 2016-09-25 08:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-23 19:06 - 2016-06-14 17:35 - 000187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2016-09-18 16:06 - 2016-09-07 15:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 22:38 - 2017-03-04 17:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 22:38 - 2017-03-04 17:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 22:38 - 2017-03-04 17:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 22:38 - 2017-03-04 17:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-14 00:52 - 2017-11-30 18:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-14 00:52 - 2017-11-30 18:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-11 15:45 - 2017-09-11 15:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 15:45 - 2017-09-11 15:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-10-17 08:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-17 08:08 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-14 00:34 - 2017-12-06 15:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 00:34 - 2017-12-06 15:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2016-11-23 08:32 - 2016-11-23 08:33 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 08:32 - 2016-11-23 08:33 - 020433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-16 01:53 - 2016-08-16 01:55 - 000680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 08:32 - 2016-11-23 08:33 - 001046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 08:32 - 2016-11-23 08:33 - 000353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-17 01:37 - 2016-07-17 01:37 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-09-30 12:18 - 2017-09-30 12:19 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2017-09-30 12:19 - 2017-09-30 12:19 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2017-09-30 12:19 - 2017-09-30 12:19 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2016-08-16 17:24 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-16 17:24 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-16 17:24 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-16 17:24 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-16 17:24 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-03-29 19:50 - 2005-07-18 13:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-05-23 19:06 - 2016-06-14 17:35 - 000163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2016-08-16 02:26 - 2017-11-29 16:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-16 02:26 - 2016-09-01 12:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-16 02:26 - 2017-12-16 06:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-17 10:46 - 2017-11-04 12:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-17 10:46 - 2017-11-04 12:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-17 10:46 - 2017-11-04 12:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-17 10:46 - 2017-11-04 12:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-17 10:46 - 2017-11-04 12:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2016-08-16 02:26 - 2016-09-01 12:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-16 02:26 - 2016-09-01 12:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-16 02:26 - 2017-12-16 06:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-16 02:26 - 2016-07-05 09:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-12-12 23:21 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\user\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 23:21 - 2017-12-12 23:21 - 001886712 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001773560 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-06-10 17:20 - 2017-09-07 13:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-13 10:57 - 2017-10-31 15:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-09-15 12:32 - 2015-09-25 10:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-12-12 23:21 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\user\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 23:21 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\user\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 23:21 - 2017-12-12 23:21 - 009802232 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001505784 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 23:21 - 2017-12-12 23:21 - 000513016 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 23:21 - 2017-12-12 23:21 - 002662904 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001517048 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 23:22 - 2017-12-12 23:22 - 002749944 _____ () \\?\C:\Users\user\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2016-08-16 01:20 - 2016-07-06 15:18 - 001744384 _____ () C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\Vender.dll
2016-07-19 11:22 - 2016-07-19 11:22 - 000061440 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll
2016-07-14 04:46 - 2016-07-14 04:46 - 001746944 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll
2016-08-30 00:19 - 2016-08-30 00:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-09-12 15:22 - 2017-09-19 18:23 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-22 21:13 - 2017-05-22 21:13 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\.exe: exefile => <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1000\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 22:47 - 2017-05-13 11:56 - 000456157 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15637 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4288987513-595927399-2297819926-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\gengar_by_gardor-d4vscib.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AcuWVSSchedulerv10 => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Origin Web Helper Service => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "MasterKeys Pro S"
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\...\StartupApproved\Run: => "NETGEARGenie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{62D678AF-6175-4D90-961F-88D51D3E5176}H:\overwatch\overwatch.exe] => (Allow) H:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5DD594A3-B278-41DC-B194-6B40F82FC1FA}H:\overwatch\overwatch.exe] => (Allow) H:\overwatch\overwatch.exe
FirewallRules: [{B72463D6-5C3E-4FE4-B9E6-3EBC117E3AD4}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A563143-241F-4188-87B6-F9797614A25B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3502DCC5-87B2-4777-9BC7-CD6D17CE0EC2}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E5F92CF0-8953-4067-B026-FF2765743C7C}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{022A1733-7026-4A0C-9A87-77F7C6277613}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D46DE19D-448B-45FF-9D60-96E712A09953}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{35237AA3-5F15-4BFB-8F7C-1FA275F14E36}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0501EC48-612B-4099-AE9F-0F1EFBB06C95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{74E04F28-CE5B-490C-A152-F14EE00E80B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54D9CFFC-AED2-4CC3-8D13-1DC879B37B99}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD53AA53-163B-4DEB-9E2D-D2448A507176}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEFD4235-C054-4B8F-A994-9D1A368F3D98}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4C9078AE-6AA9-462D-8A7C-66813514511C}H:\overwatch\overwatch.exe] => (Allow) H:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C801E52E-0CE4-4234-85E2-0523C6A15580}H:\overwatch\overwatch.exe] => (Allow) H:\overwatch\overwatch.exe
FirewallRules: [{204566CB-D4D9-473B-BA50-F6AA93571F33}] => (Allow) F:\SteamLibrary\steamapps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{CF3992A5-9546-4F24-A270-0DBD96C43D5B}] => (Allow) F:\SteamLibrary\steamapps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [TCP Query User{36C8A938-190F-4EF5-B310-52DEF84BD3B0}H:\diablo iii\diablo iii.exe] => (Block) H:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{CDD06943-B930-4F37-93B5-EF1BA3CA184A}H:\diablo iii\diablo iii.exe] => (Block) H:\diablo iii\diablo iii.exe
FirewallRules: [{C646C3FB-C7F7-4522-98C7-9A5EB3A10F85}] => (Allow) C:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{98FA395E-6BA4-4650-B544-67CF4DED6A3F}] => (Allow) C:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{53B2AC6D-413E-4C36-9EB0-F7175C21232D}C:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DC9FE3BE-C819-46B1-B681-74AFD8D7A334}C:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{05D0A9DE-A538-4DC0-BE9E-7E56BFB30F69}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{72449494-3101-43EC-A770-83F1A417716E}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E173C23F-3B30-4CD7-9C71-E60E5F0E2B7B}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E6F2F3B0-B224-4130-8394-001FD6780EC1}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{415CE367-97B0-423A-A9BB-2F742809B3B0}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FEB6ABC2-6124-4828-97AC-080D9CAA08BB}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FFCC5E82-486E-4E37-85AF-99091CA5E600}] => (Allow) F:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3E691D22-461B-4528-98AA-303ACF5A20B2}] => (Allow) F:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{5F54E9DC-76C9-4318-9459-EE2A35A9AA9F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{74F1E964-2129-4E2E-90AD-4702960A736E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{C8D3CF47-D062-4233-98F8-0F1519670CDF}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{AF43B09E-0583-404C-A4E1-A0F989E62B0C}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{725B1659-50FC-4C2F-8A87-280B695294C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{210999AD-A4B7-41AD-8EDE-779A38C48CFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D5B5FD09-75C3-4809-A8ED-19E5CA3E2564}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0BC9B0A5-B796-475D-A912-1071066C926E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{44D93A66-5175-48CC-9A61-9AB59270DB90}] => (Allow) E:0\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{E9C9CB91-1A25-4A93-9720-1330591C5FD0}] => (Allow) E:0\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{E4FADF98-A749-4663-A489-86B49D57BF44}] => (Allow) E:0\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{8AB8D8FC-C725-4EB1-8505-71D27E74DA10}] => (Allow) E:0\SteamLibrary\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [TCP Query User{069B8DF1-012F-404C-B55D-A70E7662C711}E:0\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) E:0\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{BC8A8B2E-FBF6-48D8-AA3E-027BEF23ECD0}E:0\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) E:0\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{D1E76573-5D51-4902-83B8-6E21B3894088}] => (Allow) C:\Program Files (x86)\FlyVPN\FlyVPN.exe
FirewallRules: [{89DC77FD-44AE-4C00-A5DA-9EB618B4FE05}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0DB35A3B-5447-46E7-921D-6F16EC9FB627}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1A10C8E1-0444-4032-B552-357209161F3E}] => (Allow) E:0\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{AC39FCC7-115A-4FEE-8C3C-0A639CB17985}] => (Allow) E:0\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{D21B2A69-9D25-4E78-A1FA-2CED13987BC6}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{022A33EE-3F87-4881-B4D3-98813408ABE3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{7656549B-6029-4BC6-9072-631822593807}] => (Allow) F:\SteamLibrary\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{4D1A65D9-E68D-4C5B-82F7-CF0B713C23C2}] => (Allow) F:\SteamLibrary\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{DD0676A3-2421-409C-B329-6CD9A566A8C4}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{290AB096-F161-436F-8858-CD1CD39CA370}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1F770936-DAB0-4DF3-A27B-50B6E11790F3}] => (Allow) H:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BCBDF8DB-C57C-42BA-86C3-586C4CCE80B4}] => (Allow) H:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5DDEDF45-3FC7-4786-BB15-25AFD360F205}] => (Allow) E:0\SteamLibrary\steamapps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [{545957D2-FA59-4752-9FB3-01328E1B1852}] => (Allow) E:0\SteamLibrary\steamapps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [{FF99CCA2-17EE-46C8-9B68-11B1B56AD832}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{A3FB16C6-1CA8-4C5E-B31F-E98807F88133}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{0FDE091A-DE75-4AB2-B877-F96D1DACFAAA}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [TCP Query User{DC269A06-1DCA-4352-9F6D-96D9626C8612}C:\program files (x86)\airmypc\airmypc.exe] => (Allow) C:\program files (x86)\airmypc\airmypc.exe
FirewallRules: [UDP Query User{2833519B-84F4-40AD-83BD-A6A67D3C493D}C:\program files (x86)\airmypc\airmypc.exe] => (Allow) C:\program files (x86)\airmypc\airmypc.exe
FirewallRules: [TCP Query User{1A2DB83D-8D18-40F6-AE33-55C510E6AA7D}C:\program files (x86)\airmypc\airmypc.exe] => (Allow) C:\program files (x86)\airmypc\airmypc.exe
FirewallRules: [UDP Query User{4C140474-7C20-4916-84BD-2DB9F0F06129}C:\program files (x86)\airmypc\airmypc.exe] => (Allow) C:\program files (x86)\airmypc\airmypc.exe
FirewallRules: [{51D260A5-AC19-4E45-AC8F-C85AB8F39C6D}] => (Allow) E:0\SteamLibrary\steamapps\common\Drawful 2\Drawful 2.exe
FirewallRules: [{4EF3EE2A-48BD-4ED9-B1F9-24F5A08D497C}] => (Allow) E:0\SteamLibrary\steamapps\common\Drawful 2\Drawful 2.exe
FirewallRules: [{E05E5669-018E-484C-A2FB-7163E73376A0}] => (Allow) E:0\SteamLibrary\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe
FirewallRules: [{88A8C3AD-E971-4EED-963C-BA455A939DAF}] => (Allow) E:0\SteamLibrary\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe
FirewallRules: [TCP Query User{6E3E4FDD-71D3-4BD9-88E7-4FAE5CF1D837}F:\blizzard games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3F494E3C-4DE6-457D-A34E-00C3C0384966}F:\blizzard games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{72808586-B710-4EDE-9690-8544FFDE0E9A}C:\Users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\Users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [UDP Query User{5148A72F-474E-45F0-BD63-E0D55A765F81}C:\Users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\Users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [TCP Query User{DD46FCA3-4A6F-497B-856E-1C7C0C1346D3}C:\Users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe] => (Allow) C:\Users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe
FirewallRules: [UDP Query User{70D11539-1332-455E-83BF-30B152E54E29}C:\Users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe] => (Allow) C:\Users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe
FirewallRules: [TCP Query User{A2833905-D53F-42B5-920D-07FD0BA8C944}C:\warcraft iii\war3.exe] => (Allow) C:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{AAA5EAA8-039D-4F62-999F-3F397ACD0532}C:\warcraft iii\war3.exe] => (Allow) C:\warcraft iii\war3.exe
FirewallRules: [{BC92F57B-2B82-4FF6-85F4-A184393A43EF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{997F224B-2593-4898-B098-0B2E24E87DA3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{26F78D94-F5FF-4032-8A88-FF2F33B12699}F:\blizzard games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A9532DF0-A821-4BD7-A47C-03E3E615B4D3}F:\blizzard games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{BC95734D-6327-491E-B050-48CAB1AE185B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5608AC55-C6D8-4A83-94DE-28329B98E4DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DE2953BE-D07C-4200-87F7-B3B69BE5CA6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62094227-C15A-4B02-8A1F-CEBA08B440FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEB50B8C-27FA-4F52-9AAC-A9A6AB011A07}] => (Allow) F:\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{E6BEA636-06FE-46F5-B5E9-D413DD342F10}] => (Allow) F:\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{027DF8A7-A2DC-40FD-B5AB-E0AB322CE7D2}] => (Allow) C:\Program Files\AirParrot 2\AirParrot2.exe
FirewallRules: [TCP Query User{E08A58F9-168D-4AAA-AA18-E6A25F5CE3D7}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{5FD9E74F-F49B-4533-B93E-1164552CD6D0}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{AF1571D7-A9A7-46AF-87EE-1AA036CAA9A8}F:\blizzard games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5BBF6BD2-84C3-4317-A0A9-8631FBC462A5}F:\blizzard games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B5AE2FAA-A913-4B25-905D-3332F4D1A920}F:\blizzard games\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{22974105-A67B-45FA-839D-F302C77B9CF4}F:\blizzard games\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{87BC6D26-562B-475D-AA10-FF1EDC123E4D}C:\quake champions\client\bin\pc\quakechampions.exe] => (Allow) C:\quake champions\client\bin\pc\quakechampions.exe
FirewallRules: [UDP Query User{59BB6D82-D8F8-44EF-9F86-E7582D6C4650}C:\quake champions\client\bin\pc\quakechampions.exe] => (Allow) C:\quake champions\client\bin\pc\quakechampions.exe
FirewallRules: [{1182887D-4794-416C-A226-4BFE10F919F9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{C9EEEFEA-39EB-4DB7-BA81-49BA653FBC89}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{7DDA303B-D109-4A85-B6B5-676A5A1E699E}F:\blizzard games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D971DF05-67F3-4CF0-81E4-7E83CB8173AE}F:\blizzard games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) F:\blizzard games\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{57448A05-197D-4D9D-9517-1CFE4C1107AE}] => (Allow) LPort=26789
FirewallRules: [{B647BE37-2F43-4A11-ABDF-B556DF934CF2}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{951CE7C4-609B-4DC1-B531-1634990FE7C5}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{28299B74-FE6C-442B-A698-D1BCA16DAC31}H:\diablo iii\x64\diablo iii64.exe] => (Allow) H:\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{DE17C9DA-74A7-43D9-86B2-6E2AD4BB09D8}H:\diablo iii\x64\diablo iii64.exe] => (Allow) H:\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{A3EEACCA-DE11-4116-95A0-B50D7AEFE863}C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe
FirewallRules: [UDP Query User{1225D322-BC00-40E4-B7F0-ADFB130F03DF}C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe
FirewallRules: [{847BE14A-1F86-4E39-8849-79DE10898BAA}] => (Allow) F:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{125DC08D-8661-440C-AB10-85A8B6A39B82}] => (Allow) F:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{DE74FDF8-B773-4BF1-B8F0-C9B7F3CE362B}C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe
FirewallRules: [UDP Query User{01C21DF3-15FB-4B28-9C4A-ABAC03D80A79}C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_144\jre\bin\javaw.exe
FirewallRules: [{D3579A9D-6818-4A57-AB61-1EB31752A6B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0DDF16B7-7D48-4B06-82E3-1881DB00B382}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9DAE05C-F504-4942-9397-293DCB309916}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CDF234EA-9720-4CAF-AA21-6B98AB01DE56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0598139E-A8EF-449E-A37C-A80DD2D9B9ED}] => (Allow) F:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6A662050-5EB5-4E9B-9EF8-23D488467418}] => (Allow) F:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{D3A1139C-B637-47D4-B653-96A435DA97E5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{354CB8D8-ECC8-4F01-97C3-A5A4E7F27EBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1DCC8465-00FB-441F-B993-EF3441BCB051}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{56F43FB1-5A33-4A8D-AE7C-10B2BC597F90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9E09C1C1-D7F5-40CC-9061-68CD0FCE8F59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11D9E832-7BD0-4E9E-BE4A-E0654E308D82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{02380C94-5626-46B2-916A-2427BD9B5124}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{80807D3E-FD55-497B-B960-C7E8317ACF9D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{3F625DA1-89E0-4D2A-BB73-6F82B8837272}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{1B00DFF9-5C28-49ED-8E25-9F45D50E80C6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{3D9B5873-99F4-4BBB-BD58-25EC2321023F}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{178A79C4-B0D8-4C18-91A2-D864D72B21D9}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E7CF6FAB-B0AA-4955-8637-B6EC6963D16D}F:\warcraft iii\warcraft iii.exe] => (Allow) F:\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{DC8E0B9F-BA05-43CD-A01D-E3E131C303A2}F:\warcraft iii\warcraft iii.exe] => (Allow) F:\warcraft iii\warcraft iii.exe
FirewallRules: [TCP Query User{25583A1E-DE36-428E-9A5A-57D9B59CC420}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{AB169843-A56C-4E6B-8687-AB41937C91AB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{3F04D6E0-39AB-42AE-892F-A3DF434D6874}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{91C384A8-325C-4C0C-8C16-335551751309}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D5BCF211-1797-41C2-A2AD-91EDCC089AAA}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{D97BB767-DCCD-47FD-BAB1-D05E54D10EB3}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{18D6D7ED-21F4-4498-A224-94FE18723BF0}] => (Allow) C:\Users\user\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{13C0132C-7E4D-45FC-979F-6F731A558B56}] => (Allow) F:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{FA4FF3A1-2F5B-46F2-AF3C-AB73707BE717}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{E254DB36-47BC-4778-A1EC-FDE353840118}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{1AAF02C3-97F7-44BC-84A3-83375EE17D70}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{CCFF4601-A3C4-46D7-B3A8-13C5037C6CD4}] => (Allow) F:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{29E2129A-86D0-4408-AB5E-08B4E164F03B}] => (Allow) C:\Users\user\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{A6B07315-B212-4EF7-9D8C-B53D2214E124}] => (Allow) F:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{BDDB28A0-A40D-4770-BCBD-652EDE23DE2F}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8BD4A566-DCC0-4E63-AB8F-252E70CA3520}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5D7CCBCA-37CE-454B-991D-13C6B675E0F1}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9107A34C-633C-4DD0-94E6-6A9025000574}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4CA87C25-0ADB-4DD1-AF3C-606AE5AF53AE}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C107086A-A6EC-4265-BD0C-CC3CE3D46050}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D161A957-E669-4C94-80D3-F5740397B299}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{00CA864A-45B5-49A9-A639-EF5A40206968}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D9859CA7-E9C0-4833-A4DE-EB9723A56AC4}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C243E922-12A1-4FB7-AA3D-1B094AF57C46}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{656A5A60-78BA-4B92-AD8C-653F07E16606}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{FB5152A6-9391-4328-B455-9F11C87D6920}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A3B818F2-DB41-46B7-B597-6B63D0BAE82C}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8E5DC5C0-057B-4ACF-AEA1-A51D7E2D8F7C}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{523BC2B6-C3C2-4406-8C59-26B73BBA6C16}] => (Allow) F:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{4F914EDA-7C4A-45C4-B957-97C0FBB131CB}] => (Allow) F:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{C226D09B-C0F9-459D-AECE-07038F374948}] => (Allow) E:0\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{DC1DEC12-5D56-4CFB-A948-76D3B4A6B8E2}] => (Allow) E:0\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{F29A9BC2-ABB2-4F93-AC20-A8650B8BB3CC}] => (Allow) F:\SteamLibrary\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [{08D455AC-2949-4A52-98BD-AE70D041BFB1}] => (Allow) F:\SteamLibrary\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [TCP Query User{A6A4333B-1571-48A6-9FA8-E24B2B329975}C:\blizzard games\destiny 2\destiny2.exe] => (Allow) C:\blizzard games\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{5C0F4A6B-7295-485A-8FC8-0FB7B6B5C2C3}C:\blizzard games\destiny 2\destiny2.exe] => (Allow) C:\blizzard games\destiny 2\destiny2.exe
FirewallRules: [{A2E90E58-71E5-4089-90DB-67654FDF81EF}] => (Allow) F:\SteamLibrary\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{1840CC8F-2898-4E4C-ADEF-E344592B7A3A}] => (Allow) F:\SteamLibrary\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [TCP Query User{C6FE37A1-C074-4E1E-AEF1-E3B246CA09B9}C:\Users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\Users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A2D0544C-E9B2-4432-A162-35EAF8E7C9A4}C:\Users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\Users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BDA94A34-1C30-46F8-BA88-A7B913B855E2}] => (Allow) F:\SteamLibrary\steamapps\common\Scoregasm\Scoregasm.exe
FirewallRules: [{55F15A6E-B813-4DEC-944A-B99834FFA985}] => (Allow) F:\SteamLibrary\steamapps\common\Scoregasm\Scoregasm.exe
FirewallRules: [{3ED2AFE8-279B-4E59-8424-ACEB15F11EF3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BB6E65B3-5711-4964-931A-F17FF3F9A75A}] => (Allow) F:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{EDF49FD0-74C1-439E-B38F-697F851D1689}] => (Allow) F:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{EE5D4D22-EB4C-4245-97FE-901D052907F8}] => (Allow) F:\SteamLibrary\steamapps\common\Crayon Physics Deluxe\launcher.exe
FirewallRules: [{23EBDA07-5DA0-40F3-BBFA-844C12924FD7}] => (Allow) F:\SteamLibrary\steamapps\common\Crayon Physics Deluxe\launcher.exe
FirewallRules: [{E02635B4-B0B4-49C6-8A2F-2BDBFCCA33B6}] => (Allow) F:\SteamLibrary\steamapps\common\Jamestown\Jamestown.exe
FirewallRules: [{C8A69FFD-8C21-42DF-88CE-D7A561235079}] => (Allow) F:\SteamLibrary\steamapps\common\Jamestown\Jamestown.exe
FirewallRules: [{55BA408D-370B-4F6A-AFB8-BBF0249252E4}] => (Allow) F:\SteamLibrary\steamapps\common\Nightsky\NightSky.exe
FirewallRules: [{503C9E46-74C7-4EC0-999B-0C72A143ADC5}] => (Allow) F:\SteamLibrary\steamapps\common\Nightsky\NightSky.exe
FirewallRules: [{AC538716-22D9-4E29-8E23-8D11A45DE65E}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{45618F5C-AC75-4631-AC5D-46C81D528B3E}] => (Allow) F:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CAC92D7A-FD53-436B-8D74-0670E26987FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B001E968-98A4-45B5-8637-4C19D27E3B1E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{948D34BC-68ED-4645-B5E5-9935338CF9FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E4FE0BB8-942E-4F13-B04A-DC039C970203}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ABF25FCE-32BC-4D32-92F5-C5ABFB41AE4C}] => (Allow) F:\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{86B6930C-2B37-4081-A78F-60AE99AC32A7}] => (Allow) F:\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{150E490E-D0DE-482D-8BB1-DFFB65AE2F22}] => (Allow) F:\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{FF633074-3830-4471-96AB-A9A030896D93}] => (Allow) F:\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{FC98238E-BC07-454A-AD0F-027992B8734F}] => (Allow) F:\SteamLibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{20ACF601-9506-49B1-8E28-6A5E2941D418}] => (Allow) F:\SteamLibrary\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{6CF092BE-13A3-40D1-B397-A3277B29C6AC}C:\ruby25-x64\bin\ruby.exe] => (Allow) C:\ruby25-x64\bin\ruby.exe
FirewallRules: [UDP Query User{87F7A600-C884-4A5F-B225-068E5C38521D}C:\ruby25-x64\bin\ruby.exe] => (Allow) C:\ruby25-x64\bin\ruby.exe
FirewallRules: [TCP Query User{30B45611-4621-468F-A520-911A912893E8}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{4FDDFBD8-5280-48FC-8DC0-7C5FEF3081CE}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [{C286518A-ED3D-47BC-94D2-07FF4F0D666B}] => (Allow) F:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{DE2B90BE-5B47-4DDF-A3C8-3E4DBE41E784}] => (Allow) F:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-12-2017 00:31:52 Windows Modules Installer
22-12-2017 16:55:38 Scheduled Checkpoint
25-12-2017 16:57:08 Installed Charles 4.2.1
03-01-2018 04:50:44 Scheduled Checkpoint
04-01-2018 21:34:44 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2018 09:33:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RzSynapse.exe version 2.20.17.413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 276c

Start Time: 01d385a47a7776d3

Termination Time: 3

Application Path: C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Report Id: 3eb15cbd-f19f-11e7-ab61-4ccc6a07dc17

Faulting package full name:

Faulting package-relative application ID:

Error: (01/05/2018 02:49:36 AM) (Source: MSI_ActiveX_Service) (EventID: 0) (User: )
Description: Failed to stop service. System.Management.ManagementException: Shutting down
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop()
at MSI_ActiveX_Service.ActiveX_Service.OnStop()
at System.ServiceProcess.ServiceBase.DeferredStop()

Error: (01/05/2018 02:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ConfuserEx Dynamic Unpacker.exe, version: 1.0.0.0, time stamp: 0x5a4c3111
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1770, time stamp: 0x59bf2bcf
Exception code: 0xe0434352
Fault offset: 0x000daa12
Faulting process id: 0x884
Faulting application start time: 0x01d3856fcaa9e145
Faulting application path: F:\Users\user\Downloads\ConfuserEx-Unpacker-master\ConfuserEx-Unpacker-master\ConfuserEx Dynamic Unpacker\bin\Debug\ConfuserEx Dynamic Unpacker.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 9a0ce7ed-ff1a-4553-bea3-a75332ca3c96
Faulting package full name:
Faulting package-relative application ID:

Error: (01/05/2018 02:22:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ConfuserEx Dynamic Unpacker.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.BadImageFormatException
at System.Reflection.RuntimeAssembly._nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean)
at System.Reflection.RuntimeAssembly.nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean)
at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(System.Reflection.AssemblyName, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean)
at System.Reflection.RuntimeAssembly.InternalLoadFrom(System.String, System.Security.Policy.Evidence, Byte[], System.Configuration.Assemblies.AssemblyHashAlgorithm, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
at System.Reflection.Assembly.LoadFrom(System.String)
at ConfuserEx_Dynamic_Unpacker.Program.Main(System.String[])

Error: (01/05/2018 02:21:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ConfuserEx Dynamic Unpacker.exe, version: 1.0.0.0, time stamp: 0x5a4c3111
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1770, time stamp: 0x59bf2bcf
Exception code: 0xe0434352
Fault offset: 0x000daa12
Faulting process id: 0x1258
Faulting application start time: 0x01d3856fb7ec5f0f
Faulting application path: F:\Users\user\Downloads\ConfuserEx-Unpacker-master\ConfuserEx-Unpacker-master\ConfuserEx Dynamic Unpacker\bin\Debug\ConfuserEx Dynamic Unpacker.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: cd921261-bcf3-402a-a31b-031f21fc63e1
Faulting package full name:
Faulting package-relative application ID:

Error: (01/05/2018 02:21:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ConfuserEx Dynamic Unpacker.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.BadImageFormatException
at System.Reflection.RuntimeAssembly._nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean)
at System.Reflection.RuntimeAssembly.nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean)
at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(System.Reflection.AssemblyName, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean)
at System.Reflection.RuntimeAssembly.InternalLoadFrom(System.String, System.Security.Policy.Evidence, Byte[], System.Configuration.Assemblies.AssemblyHashAlgorithm, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
at System.Reflection.Assembly.LoadFrom(System.String)
at ConfuserEx_Dynamic_Unpacker.Program.Main(System.String[])

Error: (01/05/2018 01:59:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: de4dot.exe, version: 3.1.41592.3405, time stamp: 0x5a4e412b
Faulting module name: KERNELBASE.dll, version: 6.2.14393.1770, time stamp: 0x59bf2bcf
Exception code: 0xe0434f4d
Fault offset: 0x000daa12
Faulting process id: 0x%9
Faulting application start time: 0xde4dot.exe0
Faulting application path: de4dot.exe1
Faulting module path: de4dot.exe2
Report Id: de4dot.exe3
Faulting package full name: de4dot.exe4
Faulting package-relative application ID: de4dot.exe5

Error: (01/05/2018 01:01:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NetGuard Control Flow.exe, version: 1.0.0.0, time stamp: 0x59e3dd1f
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1770, time stamp: 0x59bf2bcf
Exception code: 0xe0434352
Fault offset: 0x000daa12
Faulting process id: 0x11b0
Faulting application start time: 0x01d3856476746696
Faulting application path: F:\Users\user\Downloads\WRobot_7.3.0_25195\WRobot\NetGuard Control Flow.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 64ae8b40-6ccd-461a-af0a-a20b51ac2e5f
Faulting package full name:
Faulting package-relative application ID:

Error: (01/05/2018 01:01:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NetGuard Control Flow.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at dnlib.IO.MemoryMappedFileStreamCreator+Windows.Mmap(dnlib.IO.MemoryMappedFileStreamCreator, Boolean)
at dnlib.IO.MemoryMappedFileStreamCreator.CreateWindows(System.String, Boolean)
at dnlib.IO.ImageStreamCreator.CreateMemoryMappedFileStreamCreator(System.String, Boolean)
at dnlib.IO.ImageStreamCreator.Create(System.String, Boolean)
at dnlib.PE.PEImage..ctor(System.String, Boolean, Boolean)
at dnlib.PE.PEImage..ctor(System.String, Boolean)
at dnlib.PE.PEImage..ctor(System.String)
at dnlib.DotNet.MD.MetaDataCreator.Load(System.String)
at dnlib.DotNet.ModuleDefMD.Load(System.String, dnlib.DotNet.ModuleCreationOptions)
at DynamicClass.(System.String[])
at ‬‎‬‎‬‍‍‌‭‭​‭‪‎‫​‫‬‪‏‪‎‍.‏‬‍‭‎‎‎‪​‌‫‏‍‫‪‬‪‏‬‏‬‬‫‌​(System.String[])

Error: (01/05/2018 12:58:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NetGuard Control Flow.exe, version: 1.0.0.0, time stamp: 0x59e3dd1f
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1770, time stamp: 0x59bf2bcf
Exception code: 0xe0434352
Fault offset: 0x000daa12
Faulting process id: 0x330c
Faulting application start time: 0x01d385635dc46dfa
Faulting application path: F:\Users\user\Downloads\WRobot_7.3.0_25195\WRobot\Bin\NetGuard Control Flow.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: ac100d5d-ee5d-4cfa-abd8-85129e8c5dcf
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/05/2018 11:02:06 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T15CQRK)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (01/05/2018 11:00:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (01/05/2018 09:38:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/05/2018 09:34:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/05/2018 09:28:25 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T15CQRK)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (01/05/2018 09:26:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (01/05/2018 09:26:25 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T15CQRK)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (01/05/2018 09:24:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (01/05/2018 08:46:30 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T15CQRK)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (01/05/2018 08:44:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error


CodeIntegrity:
===================================
Date: 2018-01-05 11:03:28.467
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:03:28.465
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:03:28.454
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:03:28.453
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:01:48.139
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:01:48.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:01:48.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 11:01:48.134
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 09:30:13.189
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-05 09:30:13.187
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 18%
Total physical RAM: 32728.39 MB
Available physical RAM: 26613.91 MB
Total Virtual: 37592.39 MB
Available Virtual: 30801.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.33 GB) (Free:47.39 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data) (Fixed) (Total:931.39 GB) (Free:297.78 GB) NTFS
Drive g: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Games) (Fixed) (Total:55.8 GB) (Free:12.43 GB) NTFS
Drive i: (Games 2) (Fixed) (Total:54.92 GB) (Free:3.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 355940B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C097BA57)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 06656C40)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27
)
==================== End of Addition.txt ============================]

Edited by Jo*, 05 January 2018 - 11:02 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 08 January 2018 - 03:04 PM

Greetings vrap and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Is your computer displaying any symptoms?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-4288987513-595927399-2297819926-1001] => 127.0.0.1:8080
FF NetworkProxy: Mozilla\Firefox\Profiles\nbozzmt1.default -> backup.ftp", "127.0.0.1"
2016-10-18 20:49 - 2016-10-18 20:49 - 000000032 RSHOT () C:\Users\user\AppData\Local\t80.dat
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA​ [16]
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\.exe: exefile => <==== ATTENTION
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Symptoms?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 11 January 2018 - 05:55 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 vrap

vrap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 January 2018 - 06:58 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

 

Hello! Sorry I did not get a notification of the reply :( I am performing the steps now.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 13 January 2018 - 08:46 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 vrap

vrap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 January 2018 - 11:52 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.
 
Here is my Fixlog, no symptoms at the moment, just very worried!
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran user (14-01-2018 13:46:41) Run:1
Running from F:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: defaultuser0 & user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-4288987513-595927399-2297819926-1001] => 127.0.0.1:8080
FF NetworkProxy: Mozilla\Firefox\Profiles\nbozzmt1.default -> backup.ftp", "127.0.0.1"
2016-10-18 20:49 - 2016-10-18 20:49 - 000000032 RSHOT () C:\Users\user\AppData\Local\t80.dat
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA​ [16]
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\.exe: exefile => <==== ATTENTION
Removeproxy:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
Firefox Proxy settings were reset.
C:\Users\user\AppData\Local\t80.dat => moved successfully
C:\Users\user\AppData\Local\Temp => ":$DATA​" ADS removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\exefile" => removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\.exe" => removed successfully

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88338730 B
Java, Flash, Steam htmlcache => 430304735 B
Windows/system/drivers => 3254162 B
Edge => 103695543 B
Chrome => 663722961 B
Firefox => 151759632 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 956458 B
LocalService => 428182 B
NetworkService => 419460 B
defaultuser0 => 128 B
user => 1350833549 B

RecycleBin => 3643597059 B
EmptyTemp: => 6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:51:12 ====

Edited by Oh My!, 14 January 2018 - 10:16 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 14 January 2018 - 10:22 AM

Greetings.

I can understand why you would be worried because computers are complex beasts and therefore what we don't know makes us feel vulnerable. All that said, your computer is looking pretty good. I would like to run a few more tools while we monitor things.

Please do these things.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 17 January 2018 - 12:02 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 vrap

vrap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 17 January 2018 - 09:26 PM

Hello, 

 

Eset took too long and I am unable to leave it running, here are the other two:

 

SALog:

Result of Security Analysis by Rocket Grannie (x86) Updated: 29th December, 2017
Running from:F:\Users\user\Downloads (16:34:08 - 01/15/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (63.0.3239.132)
Java (8.0.1440.1) ==> is out of Date
Malwarebytes (3.3.1.2183)
Mozilla Firefox (57.0)
Spybot - Search & Destroy (2.4.40)

***----------------Analysis Complete-------------------------***

Adware:

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran by user (14-01-2018 13:46:41) Run:1
Running from F:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: defaultuser0 & user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-4288987513-595927399-2297819926-1001] => 127.0.0.1:8080
FF NetworkProxy: Mozilla\Firefox\Profiles\nbozzmt1.default -> backup.ftp", "127.0.0.1"
2016-10-18 20:49 - 2016-10-18 20:49 - 000000032 RSHOT () C:\Users\user\AppData\Local\t80.dat
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA​ [16]
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\.exe: exefile => <==== ATTENTION
Removeproxy:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
Firefox Proxy settings were reset.
C:\Users\user\AppData\Local\t80.dat => moved successfully
C:\Users\user\AppData\Local\Temp => ":$DATA​" ADS removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\exefile" => removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\Software\Classes\.exe" => removed successfully

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4288987513-595927399-2297819926-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88338730 B
Java, Flash, Steam htmlcache => 430304735 B
Windows/system/drivers => 3254162 B
Edge => 103695543 B
Chrome => 663722961 B
Firefox => 151759632 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 956458 B
LocalService => 428182 B
NetworkService => 419460 B
defaultuser0 => 128 B
user => 1350833549 B

RecycleBin => 3643597059 B
EmptyTemp: => 6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:51:12 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 17 January 2018 - 09:33 PM

Greetings.

That is not the AdwCleaner report.

Let's use a different Online Scanner that should be faster.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click Yes to update now
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes on the detection of PUP's pop up window
  • Click Scanner settings at the bottom
  • Select Quarantine detected objects and leave the other default settings
  • Click Scan now
  • Click Malware Scan
  • Click Quarantine selected
  • Once completed click View Report
  • Copy and paste the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner report
  • Emsisoft report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 20 January 2018 - 09:40 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 22 January 2018 - 08:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users