Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted script causes popups and re-directs


  • This topic is locked This topic is locked
20 replies to this topic

#1 atazk

atazk

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 31 January 2018 - 12:22 PM

Hello and thank you for your help, have a few problems and need your help to solve! 

 

Started downloading a file and after seeing it was shady canceled the download, however it looks like i still got infected. I have tried to delete the source file, but it does not get deleted. File is MAIL.RU and possibly something else, it runs a script in chrome and causes pop-ups and redirects.

 

May be related: I have trouble installing programs, windows installer is not working properly. Programs and features cannot be un-installed and other actions related to control panel and administrator privileges get rejected.

 

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Andrew (administrator) on FELLSTAR (31-01-2018 11:40:31)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & Anita & Administrator & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149224 2017-07-18] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-798027839-3803069096-2788913540-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C3CB08D-EFFD-410E-8200-61BA9C1DC50F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{310D8136-294A-4BE1-A36B-424D01B38014}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EEA54897-9CFE-4F97-927A-9DECF4962B2B}: [DhcpNameServer] 4.2.2.1 4.2.2.2 10.9.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0a7800a8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0a7800a8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM -> {8acdd076-7141-4655-8487-c35174c89c93} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-798027839-3803069096-2788913540-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-798027839-3803069096-2788913540-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01] (Google Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-19] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\w3omnba1.default [2018-01-28]
FF Extension: (Cuevana Stream) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\w3omnba1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012-01-04] [Legacy] [not signed]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-01-31] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-01] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\itunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-04-03] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-798027839-3803069096-2788913540-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)

Chrome: 
=======
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-01]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-01]
CHR Extension: (Skype) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (MetaMask) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2018-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-17]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-20]
CHR HKU\S-1-5-21-798027839-3803069096-2788913540-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [267480 2010-09-17] (Trend Micro Inc.)
S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1076520 2015-02-03] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [573736 2015-02-03] ()
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-06-30] (Realtek Semiconductor.) [File not signed]
S4 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [670816 2012-04-27] (Wellbia.com Co., Ltd.) [File not signed]
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-31] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 11:40 - 2018-01-31 11:41 - 000023455 _____ C:\Users\Andrew\Downloads\FRST.txt
2018-01-31 11:40 - 2018-01-31 11:40 - 000000000 ____D C:\FRST
2018-01-31 11:39 - 2018-01-31 11:40 - 002393088 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2018-01-31 11:38 - 2018-01-31 11:39 - 001754112 _____ (Farbar) C:\Users\Andrew\Downloads\FRST.exe
2018-01-31 11:30 - 2018-01-31 11:30 - 088719360 _____ C:\Users\Andrew\Downloads\Unconfirmed 110920.crdownload
2018-01-31 11:29 - 2018-01-31 11:29 - 096329929 _____ C:\Users\Andrew\Downloads\Unconfirmed 322827.crdownload
2018-01-31 10:13 - 2018-01-31 11:22 - 490391755 _____ C:\Users\Andrew\Downloads\SA2.zip
2018-01-31 10:13 - 2018-01-31 11:22 - 456294911 _____ C:\Users\Andrew\Downloads\SA1.zip
2018-01-28 15:47 - 2018-01-28 15:47 - 000000000 ____D C:\Users\hedev
2018-01-28 15:29 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2018-01-28 15:29 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2018-01-28 15:29 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2018-01-28 15:23 - 2018-01-28 15:28 - 000001764 _____ C:\Users\Andrew\Desktop\Rkill.txt
2018-01-28 15:23 - 2018-01-28 15:23 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Andrew\Downloads\rkill.exe
2018-01-28 15:23 - 2018-01-28 15:23 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Andrew\Downloads\rkill64.exe
2018-01-28 15:22 - 2018-01-28 15:23 - 001790024 _____ (Malwarebytes) C:\Users\Andrew\Downloads\JRT.exe
2018-01-28 14:55 - 2018-01-28 14:56 - 005660870 ____R (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2018-01-27 16:54 - 2018-01-27 16:54 - 002548090 _____ C:\Users\Andrew\Downloads\1516967407519.webm
2018-01-26 00:37 - 2018-01-26 00:38 - 000013028 _____ C:\Users\Andrew\Documents\Declaracion jurada 2.odt
2018-01-26 00:13 - 2018-01-26 00:13 - 000215136 _____ C:\Users\Andrew\Downloads\formato-declaracion-jurada-reubicacion.pdf
2018-01-24 23:49 - 2018-01-24 23:49 - 000034082 _____ C:\Users\Andrew\Downloads\english (1).json
2018-01-24 13:26 - 2018-01-24 13:26 - 000001234 _____ C:\Users\Andrew\Desktop\malwarebytes2.txt
2018-01-24 13:08 - 2018-01-31 11:34 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-24 12:57 - 2018-01-28 16:22 - 000000000 ____D C:\Users\Andrew\AppData\Local\AvgSetupLog
2018-01-24 12:57 - 2018-01-28 16:22 - 000000000 ____D C:\ProgramData\Avg
2018-01-22 23:08 - 2018-01-22 23:13 - 012591095 _____ C:\Users\Andrew\Downloads\xhamster.com_8883111_so_much_fun_together_bj_obsession_720p.mp4.crdownload
2018-01-21 11:03 - 2018-01-24 12:57 - 000000892 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2018-01-21 11:03 - 2018-01-24 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-01-21 11:03 - 2018-01-24 12:57 - 000000000 ____D C:\Program Files\Nexus Mod Manager
2018-01-21 11:01 - 2018-01-21 11:02 - 006441096 _____ (Black Tree Gaming ) C:\Users\Andrew\Downloads\Nexus Mod Manager-0.63.14.exe
2018-01-21 10:59 - 2018-01-21 11:07 - 229769148 _____ C:\Users\Andrew\Downloads\Total Character Makeover 1.2-1037-1-2.zip
2018-01-20 22:31 - 2018-01-20 22:31 - 000000000 ____D C:\Users\Public\Documents\Steam
2018-01-20 22:31 - 2018-01-20 22:31 - 000000000 ____D C:\Users\Andrew\AppData\Local\Skyrim Special Edition
2018-01-20 22:07 - 2018-01-20 22:23 - 000000910 _____ C:\Users\Andrew\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk
2018-01-20 22:07 - 2018-01-20 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition
2018-01-20 10:04 - 2018-01-24 12:54 - 000000000 ____D C:\AdwCleaner
2018-01-20 09:55 - 2018-01-20 09:56 - 000270664 _____ C:\Windows\Minidump\012018-18813-01.dmp
2018-01-20 09:55 - 2018-01-20 09:55 - 613393571 _____ C:\Windows\MEMORY.DMP
2018-01-19 23:28 - 2018-01-28 15:47 - 000000000 ____D C:\Qoobox
2018-01-19 23:27 - 2018-01-19 23:46 - 000000000 ____D C:\Windows\erdnt
2018-01-19 23:22 - 2018-01-19 23:22 - 008206624 _____ (Malwarebytes) C:\Users\Andrew\Downloads\adwcleaner_7.0.7.0.exe
2018-01-19 23:19 - 2018-01-19 23:19 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\Downloads\AVG_Protection_Free_1606 (1).exe
2018-01-19 21:40 - 2018-01-19 21:40 - 000000000 ____D C:\Users\Andrew\AppData\Local\Avg
2018-01-19 20:51 - 2018-01-19 20:55 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-01-19 17:25 - 2018-01-19 17:25 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-19 17:25 - 2018-01-19 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-19 17:25 - 2018-01-19 17:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-19 17:25 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-19 17:24 - 2018-01-19 17:24 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-19 17:03 - 2018-01-19 17:06 - 000000000 ____D C:\ProgramData\Mail.Ru
2018-01-19 17:03 - 2018-01-19 17:03 - 000003606 _____ C:\Windows\System32\Tasks\hlatomernetkolc
2018-01-19 15:47 - 2016-08-12 21:51 - 000309760 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw64.dll
2018-01-19 15:47 - 2016-08-12 21:51 - 000309760 _____ (RAD Game Tools, Inc.) C:\Windows\system32\binkw64.dll
2018-01-19 15:24 - 2018-01-19 15:24 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\PowerISO
2018-01-19 13:32 - 2018-01-19 14:21 - 1276459081 _____ C:\Users\Andrew\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition.Update.v1.4-CODEX.rar
2018-01-19 11:22 - 2018-01-19 15:49 - 000000000 ____D C:\Program Files (x86)\PowerISO
2018-01-19 11:22 - 2018-01-19 11:22 - 000001009 _____ C:\Users\Public\Desktop\PowerISO.lnk
2018-01-19 11:22 - 2018-01-19 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2018-01-19 11:22 - 2017-06-06 19:36 - 000138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2018-01-19 08:47 - 2018-01-19 09:23 - 1128170150 _____ C:\Users\Andrew\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition.Update.v1.2-CODEX.rar
2018-01-18 23:03 - 2018-01-18 23:37 - 1131570926 _____ C:\Users\Andrew\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition.Update.v1.3-CODEX.rar
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Guest\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Anita\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Andrew\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Administrator\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\Program Files (x86)\MagicISO
2018-01-18 12:54 - 2018-01-18 12:54 - 000000000 ____D C:\Users\Andrew\AppData\Local\Tease_AI
2018-01-14 22:17 - 2018-01-14 22:17 - 000000000 ____D C:\Users\Andrew\AppData\LocalLow\Thunder Lotus Games
2018-01-13 11:02 - 2018-01-13 11:05 - 002368640 _____ (Rainmeter) C:\Users\Andrew\Downloads\Rainmeter-4.1.exe
2018-01-13 10:43 - 2018-01-13 10:43 - 000000000 ____D C:\Users\Andrew\AppData\Local\UnrealEngine
2018-01-13 10:43 - 2018-01-13 10:43 - 000000000 ____D C:\Users\Andrew\AppData\Local\The_Hypno_Dungeon
2018-01-13 09:40 - 2018-01-13 10:40 - 227200840 _____ (NC Interactive, LLC) C:\Users\Andrew\Downloads\BnS_Lite_Installer.exe
2018-01-13 09:18 - 2018-01-13 09:18 - 003987869 _____ C:\Users\Andrew\Downloads\1515535721100.webm
2018-01-08 13:12 - 2018-01-08 13:31 - 000001732 _____ C:\Users\Andrew\Desktop\kymera characteristics.txt
2018-01-08 09:04 - 2018-01-08 09:04 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Google
2018-01-07 18:49 - 2016-03-07 13:22 - 000003486 _____ C:\Users\Andrew\Documents\make me rise.txt
2018-01-07 18:47 - 2017-02-01 03:11 - 000000227 _____ C:\Users\Andrew\Documents\anime.txt
2018-01-07 15:03 - 2018-01-07 15:03 - 000154672 _____ C:\Users\Andrew\Downloads\Unconfirmed 423100.crdownload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 11:34 - 2017-07-02 11:44 - 000000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2018-01-31 11:24 - 2017-03-21 10:24 - 000000272 _____ C:\Windows\Tasks\{0E845189-BDE0-1E3F-B5CE-12C35E37984A}.job
2018-01-31 11:04 - 2013-07-21 00:54 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-01-31 10:43 - 2017-02-20 13:43 - 000000274 _____ C:\Windows\Tasks\{4417CB99-8C84-7BD1-F998-4D0D5F474147}.job
2018-01-31 08:43 - 2009-07-14 00:13 - 000006782 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-29 17:43 - 2015-02-22 15:05 - 000000319 _____ C:\Users\Andrew\AppData\Roaming\WB.CFG
2018-01-29 16:47 - 2011-10-09 12:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-29 16:38 - 2009-07-13 23:45 - 000023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-29 16:38 - 2009-07-13 23:45 - 000023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 16:30 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-28 16:22 - 2012-09-07 11:01 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-28 15:45 - 2009-07-13 21:34 - 000000215 _____ C:\Windows\system.ini
2018-01-28 15:25 - 2015-02-22 14:02 - 000000000 ____D C:\Program Files\COMODO
2018-01-24 13:26 - 2012-11-09 22:23 - 001906586 _____ C:\Windows\ntbtlog.txt
2018-01-20 22:31 - 2013-01-25 17:38 - 000000000 ____D C:\Users\Andrew\Documents\My Games
2018-01-20 10:01 - 2012-02-08 18:24 - 000000000 ____D C:\Users\Andrew\.frostwire5
2018-01-20 09:55 - 2012-11-05 16:45 - 000000000 ____D C:\Windows\Minidump
2018-01-19 20:52 - 2017-07-27 20:41 - 000000000 ____D C:\Windows\SysWOW64\NV
2018-01-19 20:52 - 2017-07-27 20:41 - 000000000 ____D C:\Windows\system32\NV
2018-01-19 17:25 - 2013-01-03 13:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-18 21:17 - 2017-07-09 23:13 - 000002169 _____ C:\Users\Andrew\Desktop\Discord.lnk
2018-01-18 21:17 - 2017-07-09 23:12 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\discord
2018-01-18 21:17 - 2017-07-09 23:12 - 000000000 ____D C:\Users\Andrew\AppData\Local\Discord
2018-01-16 23:28 - 2014-03-06 22:46 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2018-01-14 00:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-08 22:30 - 2013-06-15 17:07 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-08 22:30 - 2011-04-01 23:36 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-08 12:02 - 2014-03-08 15:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-08 09:13 - 2012-01-04 21:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-07 20:21 - 2017-08-09 10:43 - 000000000 ____D C:\Users\Andrew\Desktop\baloo
2018-01-07 15:52 - 2017-07-29 12:24 - 000000000 ____D C:\Program Files (x86)\Peek Through

==================== Files in the root of some directories =======

2013-03-18 09:53 - 2017-07-11 20:13 - 000000000 _____ () C:\Users\Andrew\AppData\Roaming\Guides
2013-03-18 09:53 - 2017-07-11 20:15 - 000000000 _____ () C:\Users\Andrew\AppData\Roaming\Hybrid Chords
2017-03-21 10:24 - 2017-03-21 10:24 - 000018837 _____ () C:\Users\Andrew\AppData\Roaming\Nanubugepa
2015-02-22 15:05 - 2018-01-29 17:43 - 000000319 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2017-12-20 00:24 - 2017-12-24 00:43 - 000000068 _____ () C:\Users\Andrew\AppData\Local\3m8rdzl7qc
2015-02-24 11:52 - 2015-02-24 11:52 - 000000001 _____ () C:\Users\Andrew\AppData\Local\DSI.DAT
2012-02-28 04:13 - 2012-02-28 04:13 - 000000036 _____ () C:\Users\Andrew\AppData\Local\housecall.guid.cache
2012-03-25 21:33 - 2017-07-30 18:51 - 000007593 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Windows\Tasks\{0E845189-BDE0-1E3F-B5CE-12C35E37984A}.job
C:\Windows\Tasks\{4417CB99-8C84-7BD1-F998-4D0D5F474147}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 16:13

==================== End of FRST.txt ============================

and Additon:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Andrew (31-01-2018 11:42:00)
Running from C:\Users\Andrew\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-25 20:15:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-798027839-3803069096-2788913540-500 - Administrator - Disabled) => C:\Users\Administrator
Andrew (S-1-5-21-798027839-3803069096-2788913540-1001 - Administrator - Enabled) => C:\Users\Andrew
Anita (S-1-5-21-798027839-3803069096-2788913540-1006 - Limited - Enabled) => C:\Users\Anita
Guest (S-1-5-21-798027839-3803069096-2788913540-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-798027839-3803069096-2788913540-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
BingProvidedSearch (HKLM-x32\...\{1C6AF4AA-4CEA-252A-FD6A-55AA2DEA862A}) (Version:  - )
Chromium (HKLM-x32\...\{99A07160-C920-A0E0-78A0-D060A82003E0}) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-798027839-3803069096-2788913540-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FrostWire 6.5.3 (HKLM-x32\...\FrostWire 6) (Version: 6.5.3.240 - FrostWire LLC)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-798027839-3803069096-2788913540-1001\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
Hotspot Shield 4.08 (HKLM-x32\...\HotspotShield) (Version: 4.08 - AnchorFree Inc.)
Intel Processor Diagnostic Tool 64Bit (HKLM\...\{6D3B2650-6767-49B6-A63E-CD410C653B05}) (Version: 17.0.0 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Media Player Codec Pack 4.2.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.1 - Media Player Codec Pack)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAOS8200 Software (HKLM-x32\...\{F830AF52-F1FE-4D7E-8652-4C3A6AB7086B}) (Version: 1.00 - Mionix)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.41331 - Grinding Gear Games)
Peek Through (HKLM-x32\...\Peek Through) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 beta r1819 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STDU Viewer version 1.6.180.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.6.180.0 - STDUtility)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.00 - Trend Micro Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-798027839-3803069096-2788913540-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2010-09-17] (Trend Micro Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2010-09-17] (Trend Micro Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00468893-51B5-4D87-AA55-BEEE25F6FC6F} - System32\Tasks\{CC4EEECD-41EA-425F-9681-9414A3199AD2} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {027CA92B-6958-4ACB-ABEE-5CCEB2C8E560} - System32\Tasks\{EEF2620C-C942-46BD-ABAF-64C7BFC8234C} => D:\Kotor2\SWKotOR2\SWKotOR2\launcher.exe [2005-01-18] (Obsidian Entertainment, Inc.)
Task: {051A6C94-B7B2-4B00-97BD-B1C7168F2EFD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {081DBB44-6BF2-4E5A-AB05-8E79FD941531} - System32\Tasks\{71862F0C-37B7-4410-BA1A-D26DD2691962} => D:\League of Legends\lol.launcher.exe
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {165A4C1F-61D9-4981-BC47-2FE8D7993006} - System32\Tasks\{1F0CD420-0FBF-4197-B53A-268817AC9315} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {216F166D-C011-4A09-A883-87BB56A9D117} - System32\Tasks\{0FE7679A-4EE0-4A39-961D-158937DDA1F4} => C:\Users\Andrew\EphineaPSO\online.exe
Task: {23A61F6B-A5BF-4D85-B822-59DED91782E7} - System32\Tasks\{404CC907-6C90-42FB-A6F4-1AF77992E771} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {2459C0B4-A67A-4163-80E7-F6D135BFB927} - System32\Tasks\{2018D1D7-D87C-4356-A570-76F142F2F01A} => D:\League of Legends\lol.launcher.exe
Task: {260F06E4-0704-47C0-8BDE-9789ADB71EAF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {26E7C28D-95F9-4276-BC58-6FCD74F08075} - System32\Tasks\{15919134-D980-4796-B851-90CF58E7E69D} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {276ACA5D-2C46-46F8-9662-0BCFEC7CC8EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
Task: {2A7814C7-AF6A-4DDD-BFC6-CA186AADE6B5} - System32\Tasks\{7BDE5A35-8A1D-4A43-B5CC-DF35173AE8C1} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {2C392984-B050-4239-A261-ADC38164A62F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
Task: {3B839E11-A44C-44B7-8FB9-78DB4B28D66D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {3D587038-A0E0-45E1-99C0-B4F893F81FB8} - System32\Tasks\{C6B0A3A8-EB8B-42D1-93E1-957FF45BC499} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {3E0C616F-2235-44C7-B916-7F3D5D348663} - System32\Tasks\{39B365D1-DE5B-4BEA-90EE-B983D4885B39} => D:\Steam\Steam.exe
Task: {4252861B-69E4-4831-A4C7-7E34A9832DEE} - System32\Tasks\{6EDD9270-CFFE-4C36-A0DC-A81DE5F2EEF8} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {50535C7C-45FB-4432-B3F6-F22006D2097C} - System32\Tasks\{D2EF98B7-EAA8-40B8-BEF3-5D6C7E899E37} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {50F0A9B0-49A2-4C22-9586-9F6AE9A114AC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
Task: {59FB6BB6-7C8C-424E-BA30-7E8B4AC763A6} - System32\Tasks\{E82CB357-FC17-45CD-AACD-59C07D3849DA} => C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
Task: {5DFB783D-86D9-4586-9E71-EF07A055349C} - System32\Tasks\{79F420B2-473B-4ADF-8493-678B14F4ECF3} => C:\Users\Andrew\Desktop\online.exe
Task: {5F151412-1DA5-49F6-BDA7-4BC852B73659} - System32\Tasks\{77B54810-E5C8-4203-885C-DA90E464FE30} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {621C7897-B939-4B9C-B2DA-C4ED0F61BF5C} - System32\Tasks\{7F19761C-6719-4DF8-A857-8894BDD13E39} => C:\Users\Andrew\EphineaPSO\online.exe
Task: {679304BF-FB33-4F66-9E43-584072222501} - System32\Tasks\{4417CB99-8C84-7BD1-F998-4D0D5F474147} => C:\Users\Andrew\AppData\Roaming\wincbee\UpdTask.exe [2013-04-26] () <==== ATTENTION
Task: {6872358B-53DF-4810-AA56-F6B1B51268AB} - System32\Tasks\{D8C9F77E-8B0F-4D30-A016-8C6BF7CC3A73} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {751C14FD-72EC-4A25-B383-AFD578DC195C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {78F15886-1C12-48EA-AC44-1FDF7412F9C8} - System32\Tasks\{E0D52AE8-AFD6-45B6-9207-22F47839794D} => C:\Users\Andrew\EphineaPSO\online.exe
Task: {79C127B7-1CF1-4B93-B4CF-5F530174233F} - System32\Tasks\{F18C4F1C-D670-460E-9AE5-9F7BAA3FFE1D} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {7A920E5D-95A2-45A2-B5CB-3D1673077B85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)
Task: {7BC43D98-C081-4847-8D63-464E283E36E1} - System32\Tasks\{644F3B06-BEBE-4F2A-AD6F-81A7E1A2F623} => C:\Users\Andrew\Desktop\online.exe
Task: {855458F3-E84B-4B98-99EE-0B95BBC96E53} - System32\Tasks\{B2C01138-9704-44C5-A491-FD57D9354109} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {86BA5F95-A2F5-4623-8565-1DDD07C6DAA6} - System32\Tasks\{ADCC636B-B5C9-49ED-BFE6-D721EED5CD7A} => C:\Users\Andrew\Desktop\online.exe
Task: {87F09D21-FCA0-434A-9B1F-4AA126528872} - System32\Tasks\{6707CFB9-50CF-4105-87BC-A72E83F9EF4D} => D:\steam2\Steam.exe [2017-12-15] (Valve Corporation)
Task: {891AD2E9-E2E3-4388-9856-7A15528AF847} - System32\Tasks\{A11AB3E8-3911-4488-BD12-2CF68CF714C2} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {8E043886-BB3E-478F-AED3-4C9ABA3FE4F0} - System32\Tasks\{537F0A26-59E3-420A-BA61-EB7D23C1BCD8} => C:\Users\Andrew\Desktop\online.exe
Task: {96B28F76-6A05-425F-B09B-7536B076307C} - System32\Tasks\{6E3916AA-E93C-4BBB-ABDC-9BF0DE8BE97A} => D:\Kotor2\SWKotOR2\SWKotOR2\launcher.exe [2005-01-18] (Obsidian Entertainment, Inc.)
Task: {9C975448-B9BE-4067-B223-BFA4FD60D948} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {A24152AA-1ABD-4B2E-8232-979370F44750} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {AB87669A-1A82-4E6A-A26B-77DF011B6B54} - System32\Tasks\{30CCFD1B-0404-4EE5-882F-94D86900D12A} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {B35C4B83-7DB5-4CDC-AEAA-A92D0952B86B} - System32\Tasks\{34F7B64D-C7BE-4B6C-A12A-926BC85B79A0} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {C042BD3C-7F4D-4576-A1F7-D4651F41BBA7} - System32\Tasks\{4CF32E0C-7397-4642-9E2A-FE35B0C2F433} => C:\Users\Andrew\Desktop\online.exe
Task: {C0CCBAFD-FF80-4E8B-99BE-BA702D4E2A82} - System32\Tasks\{0E845189-BDE0-1E3F-B5CE-12C35E37984A} => C:\Users\Andrew\AppData\Roaming\bodor\SyncTask.exe [2013-05-01] () <==== ATTENTION
Task: {C26D63CF-160E-49B3-8427-F869AF195C78} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C54FBCAF-2412-437D-A771-D3E5D7D2D648} - System32\Tasks\{30AD2AE4-9F9B-4F7E-9B19-75662F058E13} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {CD353431-BE24-46D5-BA28-AD7C2AC87A73} - System32\Tasks\{F4BDACEE-D6D7-438E-871D-082524D0688B} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\Win64_152815.exe -d C:\Users\Andrew\Downloads
Task: {D0B613A6-835E-4229-8217-3C1BA12FF87C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
Task: {D5F3EFEF-F279-44EC-B522-824E35F531F6} - System32\Tasks\hlatomernetkolc => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hlatomer.net/kolc <==== ATTENTION
Task: {DDE6BF66-B256-4A1A-AE61-52C278C7E4B8} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {E1DA0B53-9E3A-4095-8198-7A88C99F4CD2} - System32\Tasks\{A561597F-F836-4C2E-A287-6913961970B8} => D:\LoL\League of Legends\lol.launcher.exe
Task: {E27C746E-E16A-48BD-A50C-0C7DE31307A7} - System32\Tasks\{E865F843-85AF-4E4B-BA29-18A1B9B3A9D8} => C:\Users\Andrew\Desktop\online.exe
Task: {E59446CD-99A0-4FE5-A2B6-B0064FBE5032} - System32\Tasks\{1CDFB08A-C240-48B3-A956-AC9682012807} => D:\Kotor2\SWKotOR2\SWKotOR2\launcher.exe [2005-01-18] (Obsidian Entertainment, Inc.)
Task: {E5D1C35F-18FF-4F21-AFFE-70C71B1A746B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {EF7E491E-BCDF-4533-AA1D-F4E8E6D1C15D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {F251A8D2-3AA2-408A-8693-7AB1FDF9B01A} - System32\Tasks\{137955A4-4048-4AE0-BAB8-5FB26EF48A06} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {F635E717-4111-48C0-9C3F-7F99ECD5D895} - System32\Tasks\{E2EB3ECE-9DC2-415A-B8CA-4AAAB895FB15} => D:\LoL\League of Legends\lol.launcher.exe
Task: {F6628077-CE76-4D13-9459-632B285808A4} - System32\Tasks\{36C54B94-2189-4485-BC68-DB10545802FD} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {F6ECD962-6EB0-4810-B405-8A4A23086324} - System32\Tasks\{D072C72B-283D-4E1D-B04B-FFE07E9F0ABF} => C:\Users\Andrew\Desktop\online.exe
Task: {F8867CFE-76FE-4525-9185-6DD1CCEBD9D9} - System32\Tasks\{71E63DF1-FC19-4D3A-879E-7A35B8ED5098} => D:\Dekaron\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\{0E845189-BDE0-1E3F-B5CE-12C35E37984A}.job => C:\Users\Andrew\AppData\Roaming\bodor\SyncTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\{4417CB99-8C84-7BD1-F998-4D0D5F474147}.job => C:\Users\Andrew\AppData\Roaming\wincbee\UpdTask.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.5.3-SafeMode.lnk -> D:\FrostWire 6\frostwire.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-01-03 17:33 - 2017-07-18 18:24 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-03 20:46 - 2015-02-03 20:46 - 000573736 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2017-07-11 20:25 - 2017-07-26 12:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2010-07-14 18:11 - 2010-07-14 18:11 - 000031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-07-07 01:12 - 2011-01-26 19:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-01-08 22:30 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 22:30 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-19 17:25 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 001044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-03 20:40 - 2015-02-03 20:40 - 000960808 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2017-07-11 20:14 - 2017-07-26 12:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-01-19 23:45 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-798027839-3803069096-2788913540-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AFBAgent => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Amsp => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TiMiniService => 3
MSCONFIG\Services: TurboBoost => 2
MSCONFIG\Services: ZeroConfigService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Andrew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: Chromium => c:\users\andrew\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Discord => C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "D:\itunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Steam => "D:\steam2\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869
FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900
FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{791077C2-119B-483E-ACC9-A0ED846C0768}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353
FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182
FirewallRules: [{ADA7F8CD-5D3D-445F-88EA-86463AECFE5E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{3924F725-11B5-4E9B-800E-C96010C6BA0A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{BBB2A93C-F452-4207-9B07-E7D75A3147EF}C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe] => (Allow) C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe
FirewallRules: [UDP Query User{5CF3CAE6-F4C4-4B8F-BC6E-2C6C68F68EF1}C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe] => (Allow) C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe
FirewallRules: [{6BED8D52-9DAF-4505-8AB5-F858BC0A7022}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C68A75E-517A-4DBE-96F3-E406481978CD}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{75A61087-CA23-494A-AD5A-92D785E9B110}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{AF15BF0F-9178-4CE7-ADE0-873A743E55E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6F47EB9-FC7C-462C-B3AC-0673A155BC81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFAA03E9-F48A-4F8E-9C67-431A8235325A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4C7FD4C9-5F04-4BC5-87EA-6F6B282AAEB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38A82B99-1870-4034-9C4B-679A9EE9AB21}] => (Allow) D:\FrostWire 5\FrostWire.exe
FirewallRules: [{F6A6588C-5EA5-4AAC-B7C0-19B04E35479B}] => (Allow) D:\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{8308ECB4-5FF0-445F-95BE-BB9F7806DB72}D:\frostwire 5\frostwire.exe] => (Block) D:\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{4063D924-3B4E-4BB4-8070-A2E339EC0909}D:\frostwire 5\frostwire.exe] => (Block) D:\frostwire 5\frostwire.exe
FirewallRules: [{058A3A3C-FD82-46AC-9C09-1B4507D3F885}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{3CFCD97B-C8E8-4C56-A9F7-23BC6289396D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E47A45EB-DF5E-4372-A455-4D3A0483520C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27A1456B-4F32-4473-8AF8-E716CB6E953F}] => (Allow) C:\Program Files (x86)\Nakido\nakido.exe
FirewallRules: [{7591452B-9661-4E37-B1CF-8A006DA31B99}] => (Allow) C:\Program Files (x86)\Nakido\nakido.exe
FirewallRules: [{3D67C885-D3ED-45AE-AFD2-319F96C302C6}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{8AF69540-8886-49C4-AEBA-290A091FA94F}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{4386FBCC-A63E-40C7-A062-E344A4ED7339}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{066738FE-A69A-4412-A717-3F97D08A790A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{F130F22E-9BDB-4B92-8D40-663F9DB80335}C:\users\andrew\downloads\gw2.exe] => (Allow) C:\users\andrew\downloads\gw2.exe
FirewallRules: [UDP Query User{CA9684EB-DFDB-4A2A-A28F-980494289B6F}C:\users\andrew\downloads\gw2.exe] => (Allow) C:\users\andrew\downloads\gw2.exe
FirewallRules: [TCP Query User{79FA4BDB-0EF8-4B10-8B56-24D212838D2A}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{817A9D7B-AED3-4088-9B21-03BC992D1322}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{DA9D4A03-CFEB-4ED4-890C-844C9AB60EF0}D:\mount&blade warband2\mb_warband_old.exe] => (Allow) D:\mount&blade warband2\mb_warband_old.exe
FirewallRules: [UDP Query User{105F6724-1D75-4424-8EBA-0D544A23270F}D:\mount&blade warband2\mb_warband_old.exe] => (Allow) D:\mount&blade warband2\mb_warband_old.exe
FirewallRules: [{C612A288-EB1B-45E9-A6B5-1125E0B0E27D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{EA20E2DB-6961-44E3-9224-8CABD2DB1975}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{16B15D14-7542-44B7-AE07-1A5EA1DD1A37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{255FABB5-5FB8-4142-AE48-BF1894CC47B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{2679E045-28B9-43EB-BCE5-F1ADA97ED30F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{F05AAB61-B277-40AA-A7D0-DFE8E1B4EB56}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{50BF4398-EF54-4988-B73C-920705071850}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{51A4C651-D5B6-48E8-AEC3-ABB34B48757B}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{FA7C92CF-950B-40E0-ADC8-DAA5E87CC9BB}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{31CC055A-0BDE-484C-B978-2E8E8F3A2E63}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{59B43C24-70A9-41CB-8E4B-076FC63C081D}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [UDP Query User{126D20AF-1513-4F5E-9B4D-5D9AD763B677}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [TCP Query User{7A0F822B-7FA9-464C-B1F0-BC1084D450E8}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [UDP Query User{74EAB33A-F9E9-41EB-B826-AFA4E0E1149A}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [TCP Query User{60C4520B-D740-4F1A-8674-1F8E9D90CD19}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{616BDC0E-26B0-4DD7-9A22-3D88503FDC81}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{AAA2F6AE-8CE8-46EE-8D19-EC5B8BDFD0C7}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B9BE21FC-EC05-41E9-8B54-91C2EE64DFDF}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{26834335-ACCD-4B2F-AA6E-39EDFDA2EF3D}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [UDP Query User{22833369-3EA6-4828-A5C4-CF226E2FC142}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [TCP Query User{2EE0D7DA-154F-4AE3-9C43-F77FCC70A8E7}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{26D45F14-458D-4C1F-BA7F-3DE681ED2B36}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [TCP Query User{345F8DA5-D03B-448C-9C4F-4796EA66DA94}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{6E7E5C5F-B713-4E27-B68B-456E77AF1EE7}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{9B9822E0-643D-4601-91DB-ACBE04B24D51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{6B810B1C-F1AE-45EE-87E1-2F4B1DFA5613}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{C9057340-37E0-4B27-9DEA-1E21FB3B67CE}] => (Allow) D:\Steam\steamapps\common\dead island\DeadIslandGame.exe
FirewallRules: [{EB3C5476-D1E5-4DDA-A33D-BE214555DA52}] => (Allow) D:\Steam\steamapps\common\dead island\DeadIslandGame.exe
FirewallRules: [TCP Query User{70F6E703-8936-44D3-90EA-CEEBECCAE0EB}C:\users\andrew\downloads\pathload2-client.exe] => (Allow) C:\users\andrew\downloads\pathload2-client.exe
FirewallRules: [UDP Query User{00A21B45-89D6-44AC-8822-AC1A45517AE3}C:\users\andrew\downloads\pathload2-client.exe] => (Allow) C:\users\andrew\downloads\pathload2-client.exe
FirewallRules: [{8B169297-61C5-4714-8282-42A9B7F5A4C4}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{7CD74ACC-3E12-4FFD-9E9A-C4FBD1BAA539}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3176CA9A-1C0A-4AFF-9823-BAB1B61670DB}] => (Allow) D:\steam2\Steam.exe
FirewallRules: [{8913157D-77BD-4B7F-8C5F-B1063944A5BF}] => (Allow) D:\steam2\Steam.exe
FirewallRules: [{D6F662DA-5B6C-4B28-81A8-10ADCCB47242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{9198AA4C-DFA5-4613-A8BF-7302FE67AD74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{EF835C1E-E76A-42AD-A34A-F43E39E1CAB0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{560B13CC-3E19-4A6F-8F9C-ECDC9927998D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{E3A7B269-22C7-4548-B41E-95A104E61405}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{E00C7BF7-D922-45DF-A277-9D09CE9DAF33}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{073A06E7-AB64-486F-9259-D699B1FE2D31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{D5F26566-DE8E-4D9B-BF39-1BC13D3E257E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{FF1A4BCE-EA2D-4818-800B-42F115472A72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{CFFC783D-8B14-4E33-A0F6-D8D247D36EDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [TCP Query User{C095E0AD-506F-424F-AFB5-59961903DD4C}D:\mount&blade warband2\mb_warband.exe] => (Allow) D:\mount&blade warband2\mb_warband.exe
FirewallRules: [UDP Query User{AB8468C3-7DB1-4D37-90A9-240D33001A54}D:\mount&blade warband2\mb_warband.exe] => (Allow) D:\mount&blade warband2\mb_warband.exe
FirewallRules: [{17864AA6-9C2C-4316-B40D-3A6BE42AC658}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{1A440C98-FB2E-46F6-8CFE-7171D4CD5559}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{9BEAF18E-7724-4A04-B5A7-BC992FECCDC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{D592D7B8-CEC7-4EC0-8815-3AB8CE0B3F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{80F5A373-7477-4AE9-A2CD-47D0FCF7EAA8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4E774C03-3828-49DB-902E-1F6980155EC2}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{578A070C-0792-4B25-9580-C0240C7C8EBC}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F2CC4A7C-41C3-4262-9369-7D04D64008FC}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{ED05DCB1-806B-4019-AA5F-EE061DE55D13}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{A07AA9CE-CB2C-463F-902A-B864BC8CFD4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{83E8E778-DC71-4CC9-971B-418300B7434A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{992E7C4D-3CAA-4667-B7D4-1FA7F77264E9}] => (Allow) D:\steam2\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2EF5D99C-D4CC-4670-939B-2AAE1EA39AA6}] => (Allow) D:\steam2\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{586770A1-5F1D-45A2-A4E2-97D75D67D93A}D:\age of empires\age2_x1.exe] => (Allow) D:\age of empires\age2_x1.exe
FirewallRules: [UDP Query User{46BFCBC0-2FBC-4E48-A21F-B4FEE227D81B}D:\age of empires\age2_x1.exe] => (Allow) D:\age of empires\age2_x1.exe
FirewallRules: [TCP Query User{0D7F2EE3-3343-4A0C-8AFC-63D9E97E6396}D:\age of empires\empires2.exe] => (Allow) D:\age of empires\empires2.exe
FirewallRules: [UDP Query User{FC2D7828-1C1E-4AB2-8C17-B9197C8F1E05}D:\age of empires\empires2.exe] => (Allow) D:\age of empires\empires2.exe
FirewallRules: [{E53008AB-8583-4AB6-A54D-7110DE0B3AED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{F774AD84-25E7-4D13-B0B7-366324893B40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{713EEAC6-103A-4B0D-BB9B-BB8F612B97F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{79813922-56F1-4FF3-9779-0DB972FAFEEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [TCP Query User{6D115192-C87E-4EBF-B5E2-16D86E6587DE}D:\ageofempires2conquerors\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1.exe
FirewallRules: [UDP Query User{8A4018E0-E849-4E34-85E2-CCE43DBBE06F}D:\ageofempires2conquerors\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1.exe
FirewallRules: [TCP Query User{54E72E93-C4A2-448A-8865-C9EE792B171E}D:\ageofempires2conquerors\age2_x1\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{00C1D67E-31D0-494C-8AB4-71DF371AD0D8}D:\ageofempires2conquerors\age2_x1\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1\age2_x1.exe
FirewallRules: [{B1D383D3-185F-488D-9836-454B626DBC81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{A036E94B-5DA9-4DC7-A3C9-46ACD0CBC859}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{1611757A-5B61-4B9F-A7A8-9948EAA26655}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{81DAE7C4-3268-4FD0-A2E6-8B0C9CCECAB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{A962AC39-F7E7-4307-90AA-ED8DFB22E10F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{985C9A90-55E1-4744-AFBA-47B9EAB665A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{854C57B5-484F-4EEE-83D6-FC069BC93560}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{82173ED5-EA1D-4784-8C3B-1BDE1F485748}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{1590E581-9545-40F1-BA71-1F71C82C3C36}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{670D7F02-FE15-472E-BA93-628BB3077B3C}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{B1D977FB-A942-45F4-8774-AC4402287A0A}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{C6D673C4-0BA9-44F5-B9E3-0B80763539C0}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{D73DFEC5-B3DE-41AE-8E25-F647C5F122E8}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{9002B41F-5D64-4FF7-AABC-5836807CE535}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{C0D5166B-7CAB-4325-A4B6-6E85723B9396}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{B0F77B8F-6FB3-4CEF-B4A9-C32F1F84B974}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{D5C416BC-0883-4FA9-BDED-D70D502C05FD}C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [UDP Query User{96CD8A34-B8E8-48AC-B593-8BC263DA8C6F}C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [TCP Query User{278D24D8-5993-42C5-892A-D8A5ED275896}D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{C822BE2E-FA89-4A9E-A8E7-2C03877D3497}D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{2EB01ED8-224B-43B1-8CAF-86EA96B0288E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{99E4DA69-A75B-4553-88A3-EAB1F3EF6000}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{4B3B3481-3733-4FDB-9ED1-7D17D4DDEA91}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{974D2D94-E211-4E48-BB30-64440EA6863E}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{19447939-C48E-4C70-B1CC-FAAB5FD1BF31}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{DAA00769-147F-4004-BFD1-F24A6CF6CD00}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{E45E19E1-3B07-4E13-A92B-9C665C70636A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{62159AE7-3A9A-4F63-B871-B0CB21026CFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{4EE7F841-9DDA-45B4-9F49-475C20130BB6}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{86FD4AE0-D85F-4AC5-9ECD-A83922A54339}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{DE7A84FA-F204-482A-95D9-0D2EB9A46F33}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{D5BDE7DB-0CF8-474F-8C98-29817141B7CD}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{2F7AEA7D-172E-42CF-A75C-7B78D2D8FEEA}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{97131126-1276-4537-9F04-7A19A18A46F7}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{CF8D90FE-D81B-4200-88A4-3F3C910C38D8}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{742DB499-6EF1-4E20-9438-4D8E3E604A64}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{F40695AF-4DA9-4C3B-BD9A-DFC16317CB24}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{462A636B-88FC-4FCD-8493-E79C742762F6}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4F81F97A-CCB6-4D5B-A226-76FCDFB7CB04}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{9303D7F7-5A71-4FE8-B8F3-0553D21B2982}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{4A79CBFF-E22A-4CF3-9907-28FFF85E2890}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{266C6CE0-418A-4B58-B6BC-9857521FA250}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1E39A6CB-E719-446D-8CA4-9E31D4F6F55F}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{46831A19-28DF-4678-814D-9F7017D76328}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C86BF37B-6BD2-4B95-920C-6E3642E1513E}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{A7D0FEA4-2F9E-43C8-AC31-4A26362679EF}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{352AE908-4FC6-4F41-B39E-422B76706C07}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{90AF1764-EE59-4308-8C1E-323AD0289DFC}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B1B4E729-9F7E-4EC7-8BC8-0688D7994C29}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8CD423EE-1942-40B6-A675-9FC9EF87C1E1}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3A120C0F-72DD-46C2-82AF-1959E16040C4}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{EE7A9F34-4C96-40CE-98AE-40E139ADC0B0}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{ED369A52-6958-4413-AEDF-34BAB28A70C8}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DB5FA594-3A93-4FDB-80C9-4C2CDB67C1B6}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{13060051-CA59-4D8D-A606-3C9DB3720AB1}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A9AD0C80-4E1B-457C-87D4-F142CD6CF112}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9A80016F-E623-4619-9393-F910608A5B20}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DC7F1BC6-63B4-4931-A96C-AA80C6668187}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{328F4DCE-5FF7-421E-BCDF-AEAE53DEB3C5}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A5D5ACB0-30F0-498E-9147-17A58DA3524B}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{6AB5E8B0-0D48-4818-A13D-0ECE6F614CF2}] => (Allow) D:\FrostWire2 5\FrostWire.exe
FirewallRules: [{58AA3300-DC2A-47CA-8AF8-6F27E1FAEFEC}] => (Allow) D:\FrostWire2 5\FrostWire.exe
FirewallRules: [{7F66D1BA-F4F4-4187-9969-47616B29CA4A}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2984B10F-76EB-48E0-8A84-DD38C06257CD}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A54ED20F-9B96-43BB-83CA-CFF02DEE446D}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{0875220E-C475-40FA-A693-08D330B7343D}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{2C23774F-7D5A-4237-B110-B6E07361AAFA}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{5478E87F-57BB-4111-AA1C-C0EA3E9581FD}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{611E8A58-1DB0-40AC-B2CD-FFD97B539E12}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{B3B11C4D-92AC-4571-B9F1-B7E7050CB6ED}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{4B4C1706-46C3-462A-9689-D98C8E438F47}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{6D18E872-B44C-4BD7-B182-4FDCE474107A}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{D4F8A343-19C4-47A1-A646-63700F1F0975}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{5E733605-E4DB-4A62-AB17-56C7C1BAF34A}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3847C149-B529-43CF-89D3-DF78BF665775}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3BBD4E35-D9E8-435D-A84F-AEF125CB1654}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{FAC933DE-FD91-408B-B356-DE0A5BB1CF09}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{503DC868-6993-47D0-BE90-A95B910DF76B}] => (Allow) D:\steam2\bin\steamwebhelper.exe
FirewallRules: [{33C447E1-7396-482C-833B-A60231CC7255}] => (Allow) D:\steam2\bin\steamwebhelper.exe
FirewallRules: [{8AEBF0BB-7AC0-4413-9CEA-5BA8F028DB4D}] => (Allow) D:\FrostWire 6\FrostWire.exe
FirewallRules: [{D46C62F1-DFC8-4597-98F0-BCBC0064B6E4}] => (Allow) D:\FrostWire 6\FrostWire.exe
FirewallRules: [{98FF5181-2EAD-4547-AC80-6979DD4A3D11}] => (Allow) D:\itunes\iTunes.exe
FirewallRules: [{49D5314F-5AEB-42EA-84C1-553C1C062BC6}] => (Allow) D:\steam2\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{72351D9D-06C8-458B-8478-2DFBB5A3899D}] => (Allow) D:\steam2\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{AC66C599-2C68-4BD0-BC73-0DEA649AAB32}] => (Allow) D:\steam2\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9780F93F-2136-4865-B0A1-039851D36810}] => (Allow) D:\steam2\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AC181317-19BD-4BDA-A96B-9A9F919E3D68}] => (Allow) C:\Users\Andrew\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{F17CE30A-4099-45D9-8187-14776520DF4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6AA6F4E7-B396-4BF0-A50F-E8766B2D40DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{50554F85-7FE1-4485-880F-4DC75FA33F5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9DDD786A-01F5-4EBA-9CA0-47BC9DE5BE7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8676214-B079-41FA-8C0E-222F134BBAB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D6CF513A-0307-4C1D-93AE-9DE9B7C469AF}] => (Allow) D:\steam2\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{D6CCE5A5-C874-4F51-A2A6-01DB7049DA52}] => (Allow) D:\steam2\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{1F171E3E-D4E9-410F-834C-214AED745718}] => (Allow) C:\SteamLibrary\steamapps\common\Dark and Light\DNL\Binaries\Win64\DNL.exe
FirewallRules: [{573983DB-61FD-4604-B5D0-2F45DF331764}] => (Allow) C:\SteamLibrary\steamapps\common\Dark and Light\DNL\Binaries\Win64\DNL.exe
FirewallRules: [{D0201F65-26DE-4CEB-8971-83C1FEBB5832}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D2A6FB2B-C27E-46DE-B5CD-36519A8C2728}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{50F73A89-DB1D-43B5-B2E4-5B23669555C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{49CE8944-ABBF-4040-BA7D-FC7EA58F977D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A527E5B-B171-47E3-AA44-F828C949F88D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7ECB94BB-739A-408D-8189-B5265E509FE4}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{EA95BBDB-A529-422D-BC82-64F0F0AEDC0D}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{BA274825-4BC4-47B0-9268-BC4A8F5EBEE0}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{A5A34CA1-0B34-4001-BDB7-0FD6170CBCC1}] => (Allow) D:\steam2\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{A26D11CB-95F2-4498-973F-0EB0B609619F}] => (Allow) D:\steam2\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{23DF91F4-1066-4AC9-B11D-7A8C726A47B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{617D3757-1A07-4F13-BC36-1AF5072F2446}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91D91EAF-B24C-4AF6-9400-9DC1DE4CC1F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CDD2A322-B3FE-41F3-A864-FFAE190E2BF9}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{E69EA6F4-90B0-4645-A736-93F62E96C811}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{AA563D83-566A-4FD6-A6A6-7BA5886207D5}] => (Allow) C:\Users\Andrew\AppData\Local\Lite\Application\lite.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 11:34:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: assistant.exe, version: 3.0.0.1284, time stamp: 0x5a15aaf4
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x910
Faulting application start time: 0x01d39ab14e886888
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 990a91dd-06a4-11e8-8695-5404a64fa631

Error: (01/31/2018 11:34:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x10f8
Faulting application start time: 0x01d39ab14f7d2c5d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 8e93bc73-06a4-11e8-8695-5404a64fa631

Error: (01/31/2018 08:43:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/31/2018 08:43:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/30/2018 01:12:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkyrimSE.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 760

Start Time: 01d399cdd5f2eab0

Termination Time: 852

Application Path: D:\Program Files (x86)\The Elder Scrolls V Skyrim Special Edition\SkyrimSE.exe

Report Id:

Error: (01/30/2018 08:25:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/30/2018 08:25:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/29/2018 07:00:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Instantiating VSS server

Error: (01/29/2018 07:00:49 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].


Operation:
   Instantiating VSS server

Error: (01/29/2018 07:00:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (01/31/2018 11:34:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/30/2018 01:14:37 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.

Error: (01/29/2018 04:45:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {7B33B0B5-F719-4B0B-B48A-0B8F20CA08A5} did not register with DCOM within the required timeout.

Error: (01/29/2018 04:30:33 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.

Error: (01/29/2018 04:30:33 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80040154

Error: (01/29/2018 04:30:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/29/2018 04:30:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (01/29/2018 04:30:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (01/29/2018 04:30:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (01/29/2018 04:30:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Service Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2018-01-19 23:44:04.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-19 23:44:04.759
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 22:13:29.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 22:13:29.788
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 17:25:28.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 16:34:20.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:17.187
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:17.109
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:15.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Netwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:15.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Netwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 8102.7 MB
Available physical RAM: 4048.32 MB
Total Virtual: 16203.57 MB
Available Virtual: 11586.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:73.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:57.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 31 January 2018 - 01:50 PM

Hi atazk :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 atazk

atazk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 31 January 2018 - 03:40 PM

Hello Aura, thanks for the prompt reply, here is the Malwarebytes summary:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/31/18
Scan Time: 3:03 PM
Log File: bfce4f2a-06c1-11e8-9ccf-00ff251bc318.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3833
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fellstar\Andrew

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351915
Threats Detected: 46
Threats Quarantined: 46
Time Elapsed: 17 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 12
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99A07160-C920-A0E0-78A0-D060A82003E0}, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1C6AF4AA-4CEA-252A-FD6A-55AA2DEA862A}, Quarantined, [472], [484244],1.0.3833
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\HLATOMERNETKOLC, Quarantined, [7828], [481503],1.0.3833
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D5F3EFEF-F279-44EC-B522-824E35F531F6}, Quarantined, [7828], [481503],1.0.3833
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D5F3EFEF-F279-44EC-B522-824E35F531F6}, Quarantined, [7828], [481503],1.0.3833
PUP.Optional.MailRu, HKU\S-1-5-21-798027839-3803069096-2788913540-1001\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\ru.mail.go.ext_info_host, Quarantined, [618], [485554],1.0.3833
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{0E845189-BDE0-1E3F-B5CE-12C35E37984A}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C0CCBAFD-FF80-4E8B-99BE-BA702D4E2A82}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C0CCBAFD-FF80-4E8B-99BE-BA702D4E2A82}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{4417CB99-8C84-7BD1-F998-4D0D5F474147}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{679304BF-FB33-4F66-9E43-584072222501}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{679304BF-FB33-4F66-9E43-584072222501}, Quarantined, [0], [392686],1.0.3833

Registry Value: 1
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D5F3EFEF-F279-44EC-B522-824E35F531F6}|PATH, Quarantined, [7828], [481502],1.0.3833

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ANDREW\APPDATA\LOCAL\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ANDREW\APPDATA\LOCAL\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}, Quarantined, [472], [484244],1.0.3833

File: 31
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ANDREW\APPDATA\LOCAL\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\cela, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\bapi_chmm.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\bapi_ff.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\bapi_ie.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\install.log, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\mice, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\neme, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\nite, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\sade.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\Sqlite3.dll, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\tada.cfg, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\uninst.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\uninst.exe, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{9846AE1A-BCEE-C2A2-D176-E74AF51E1BD2}\uninstp.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ANDREW\APPDATA\LOCAL\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\cela, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\bapi_chmm.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\bapi_ff.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\bapi_ie.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\install.log, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\lose, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\mice, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\nite, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\Sqlite3.dll, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\uninst.dat, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\uninst.exe, Quarantined, [472], [484244],1.0.3833
PUP.Optional.WinYahoo.TskLnk, C:\Users\Andrew\AppData\Local\{E0D3D68F-C47B-BA37-A9E3-9FDF8D8B6347}\uninstp.dat, Quarantined, [472], [484244],1.0.3833
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\HLATOMERNETKOLC, Quarantined, [7828], [481503],1.0.3833
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{0E845189-BDE0-1E3F-B5CE-12C35E37984A}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, C:\USERS\ANDREW\APPDATA\ROAMING\BODOR\SYNCTASK.EXE, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{4417CB99-8C84-7BD1-F998-4D0D5F474147}, Quarantined, [0], [392686],1.0.3833
Generic.Malware/Suspicious, C:\USERS\ANDREW\APPDATA\ROAMING\WINCBEE\UPDTASK.EXE, Quarantined, [0], [392686],1.0.3833

Physical Sector: 0
(No malicious items detected)


(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 31 January 2018 - 03:41 PM

Awesome. This should've got the main infection. Let's do a quick sweep with RogueKiller and AdwCleaner now.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 atazk

atazk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 31 January 2018 - 05:00 PM

Rogue Killer log:

RogueKiller:



RogueKiller V12.12.2.0 (x64) [Jan 29 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrew [Administrator]
Started from : C:\Users\Andrew\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 01/31/2018 15:59:03 (Duration : 00:39:34)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[PUP.MailRU|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -> Deleted
[PUP.Auslogics] (X64) HKEY_USERS\.DEFAULT\Software\Auslogics -> Deleted
[PUP.Auslogics] (X86) HKEY_USERS\.DEFAULT\Software\Auslogics -> Deleted
[PUP.MailRU|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Mail.Ru -> Deleted
[PUP.MailRU|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Mail.Ru -> Deleted
[PUP.Auslogics] (X64) HKEY_USERS\S-1-5-18\Software\Auslogics -> Deleted
[PUP.Auslogics] (X86) HKEY_USERS\S-1-5-18\Software\Auslogics -> Deleted
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555;https=127.0.0.1:8555  -> ERROR [2]
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0a7800a8  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0a7800a8  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EEA54897-9CFE-4F97-927A-9DECF4962B2B} | DhcpNameServer : 4.2.2.1 4.2.2.2 10.9.10.1 ([-][-][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EEA54897-9CFE-4F97-927A-9DECF4962B2B} | DhcpNameServer : 4.2.2.1 4.2.2.2 10.9.10.1 ([-][-][X])  -> Replaced ()
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{BBB2A93C-F452-4207-9B07-E7D75A3147EF}C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe|Name=kcstraydownloaderengine.exe|Desc=kcstraydownloaderengine.exe|Defer=User| [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5CF3CAE6-F4C4-4B8F-BC6E-2C6C68F68EF1}C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe|Name=kcstraydownloaderengine.exe|Desc=kcstraydownloaderengine.exe|Defer=User| [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D67C885-D3ED-45AE-AFD2-319F96C302C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8AF69540-8886-49C4-AEBA-290A091FA94F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA563D83-566A-4FD6-A6A6-7BA5886207D5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Andrew\AppData\Local\Lite\Application\lite.exe|Name=Lite (mDNS-In)|Desc=Inbound rule for Lite to allow mDNS traffic.|EmbedCtxt=Lite| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{BBB2A93C-F452-4207-9B07-E7D75A3147EF}C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe|Name=kcstraydownloaderengine.exe|Desc=kcstraydownloaderengine.exe|Defer=User| [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5CF3CAE6-F4C4-4B8F-BC6E-2C6C68F68EF1}C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\andrew\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe|Name=kcstraydownloaderengine.exe|Desc=kcstraydownloaderengine.exe|Defer=User| [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D67C885-D3ED-45AE-AFD2-319F96C302C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8AF69540-8886-49C4-AEBA-290A091FA94F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA563D83-566A-4FD6-A6A6-7BA5886207D5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Andrew\AppData\Local\Lite\Application\lite.exe|Name=Lite (mDNS-In)|Desc=Inbound rule for Lite to allow mDNS traffic.|EmbedCtxt=Lite| [x] -> Deleted

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\{0E845189-BDE0-1E3F-B5CE-12C35E37984A}.job -- C:\Users\Andrew\AppData\Roaming\bodor\SyncTask.exe (/Check) -> Deleted
[Suspicious.Path] %WINDIR%\Tasks\{4417CB99-8C84-7BD1-F998-4D0D5F474147}.job -- C:\Users\Andrew\AppData\Roaming\wincbee\UpdTask.exe (/Check) -> Deleted

¤¤¤ Files : 3 ¤¤¤
[PUP.MailRU|PUP.Gen1][Folder] C:\ProgramData\Mail.Ru -> Deleted
[PUP.MailRU|PUP.Gen1][File] C:\ProgramData\Mail.Ru\Id -> Deleted
[PUP.MailRU|PUP.Gen1][File] C:\ProgramData\Mail.Ru\ifrm -> Deleted
[PUP.MailRU|PUP.Gen1][Folder] C:\ProgramData\Mail.Ru -> ERROR [3]
[PUP.Gen1][File] C:\Users\Guest\Desktop\Popcorn Time.lnk [LNK@] C:\Users\Guest\AppData\Local\POPCOR~1\NODE-W~1\POPCOR~1.EXE . -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen2][Firefox:Addon] w3omnba1.default : Hotspot Shield Extension [afproxy@anchorfree.com] -> Deleted
[PUM.SearchEngine][Firefox:Config] w3omnba1.default : user_pref("browser.search.selectedEngine", "Search Provided by Bing"); -> Deleted
[PUM.SearchEngine][Firefox:Config] w3omnba1.default : user_pref("browser.search.defaultenginename", "Search Provided by Bing"); -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] c8d2ec0b5b59e1980388d829ccacdeea
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK









Adware Cleaner:

# AdwCleaner 7.0.7.0 - Logfile created on Wed Jan 31 21:55:57 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\C2MP
Deleted: C:\Windows\SysWOW64\C2MP
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Key] - HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted: [Key] - HKLM\SOFTWARE\Sunisoft
Deleted: [Key] - HKU\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Sunisoft
Deleted: [Key] - HKCU\Software\Sunisoft


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: Ask.com - askws
Startpage deleted: http://search.imesh.net
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.0.2.14&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.2.0.1&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=15.2.0.5&pid=avg&sg=&sap=hp
Startpage deleted: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
Startpage deleted: http://search.imesh.net
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.0.2.14&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.2.0.1&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=15.2.0.5&pid=avg&sg=&sap=hp
Startpage deleted: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
Startpage deleted: http://search.imesh.net
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.0.2.14&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.2.0.1&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=15.2.0.5&pid=avg&sg=&sap=hp
Startpage deleted: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
Startpage deleted: http://search.imesh.net
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.0.2.14&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.2.0.1&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=15.2.0.5&pid=avg&sg=&sap=hp
Startpage deleted: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
Startpage deleted: http://search.imesh.net
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.0.2.14&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=14.2.0.1&pid=avg&sg=&sap=hp
Startpage deleted: http://isearch.avg.com/?cid={AC35FCD6-2F64-4F34-A659-E2A530B5F524}&mid=1fe59ddda26f47d092e71de63e1ec52b-61c804808f3baa3db74f4c7f629c78897ad1f3e3&lang=en&ds=dw011&pr=sa&d=2012-03-12 12:05:28&v=15.2.0.5&pid=avg&sg=&sap=hp
Startpage deleted: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2848 B] - [2018/1/31 21:52:31]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 31 January 2018 - 08:44 PM

Awesome! Now please run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 atazk

atazk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 01 February 2018 - 11:56 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Andrew (administrator) on FELLSTAR (01-02-2018 11:35:29)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & Anita & Administrator & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bethesda Softworks) D:\Program Files (x86)\The Elder Scrolls V Skyrim Special Edition\SkyrimSELauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149224 2017-07-18] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-798027839-3803069096-2788913540-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C3CB08D-EFFD-410E-8200-61BA9C1DC50F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{310D8136-294A-4BE1-A36B-424D01B38014}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM -> {8acdd076-7141-4655-8487-c35174c89c93} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-798027839-3803069096-2788913540-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-798027839-3803069096-2788913540-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a7800a8&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01] (Google Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-19] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\w3omnba1.default [2018-01-31]
FF Extension: (Cuevana Stream) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\w3omnba1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012-01-04] [Legacy] [not signed]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-01-31] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-01] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\itunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-04-03] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-798027839-3803069096-2788913540-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)

Chrome: 
=======
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-02-01]
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-01]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-01]
CHR Extension: (Skype) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (MetaMask) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2018-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-17]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-20]
CHR HKU\S-1-5-21-798027839-3803069096-2788913540-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [267480 2010-09-17] (Trend Micro Inc.)
S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1076520 2015-02-03] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [573736 2015-02-03] ()
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-06-30] (Realtek Semiconductor.) [File not signed]
S4 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [670816 2012-04-27] (Wellbia.com Co., Ltd.) [File not signed]
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-31] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 16:53 - 2018-01-31 16:54 - 000008334 _____ C:\Users\Andrew\Desktop\New Text Document (2).txt
2018-01-31 16:45 - 2018-01-31 16:46 - 008206624 _____ (Malwarebytes) C:\Users\Andrew\Desktop\AdwCleaner.exe
2018-01-31 15:59 - 2018-01-31 15:59 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-31 15:58 - 2018-01-31 16:49 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-31 15:52 - 2018-01-31 15:53 - 026917960 _____ (Adlice Software) C:\Users\Andrew\Desktop\RogueKiller_portable64.exe
2018-01-31 15:35 - 2018-01-31 15:35 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-31 11:42 - 2018-01-31 11:42 - 000079765 _____ C:\Users\Andrew\Downloads\Addition.txt
2018-01-31 11:40 - 2018-02-01 11:36 - 000021674 _____ C:\Users\Andrew\Downloads\FRST.txt
2018-01-31 11:40 - 2018-02-01 11:35 - 000000000 ____D C:\FRST
2018-01-31 11:39 - 2018-01-31 11:40 - 002393088 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2018-01-31 11:38 - 2018-01-31 11:39 - 001754112 _____ (Farbar) C:\Users\Andrew\Downloads\FRST.exe
2018-01-31 11:30 - 2018-01-31 12:27 - 424127292 _____ C:\Users\Andrew\Downloads\SA4.zip
2018-01-31 11:29 - 2018-01-31 12:33 - 512068910 _____ C:\Users\Andrew\Downloads\SA3.zip
2018-01-31 10:13 - 2018-01-31 11:22 - 490391755 _____ C:\Users\Andrew\Downloads\SA2.zip
2018-01-31 10:13 - 2018-01-31 11:22 - 456294911 _____ C:\Users\Andrew\Downloads\SA1.zip
2018-01-28 16:19 - 2018-01-28 16:19 - 000026108 _____ C:\Users\Andrew\Desktop\combofix.txt
2018-01-28 15:47 - 2018-01-28 15:47 - 000026108 _____ C:\ComboFix.txt
2018-01-28 15:47 - 2018-01-28 15:47 - 000000000 ____D C:\Users\hedev
2018-01-28 15:29 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2018-01-28 15:29 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2018-01-28 15:29 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2018-01-28 15:29 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2018-01-28 15:23 - 2018-01-28 15:28 - 000001764 _____ C:\Users\Andrew\Desktop\Rkill.txt
2018-01-28 15:23 - 2018-01-28 15:23 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Andrew\Downloads\rkill.exe
2018-01-28 15:23 - 2018-01-28 15:23 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Andrew\Downloads\rkill64.exe
2018-01-28 15:22 - 2018-01-28 15:23 - 001790024 _____ (Malwarebytes) C:\Users\Andrew\Downloads\JRT.exe
2018-01-28 14:55 - 2018-01-28 14:56 - 005660870 ____R (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2018-01-27 16:54 - 2018-01-27 16:54 - 002548090 _____ C:\Users\Andrew\Downloads\1516967407519.webm
2018-01-26 00:37 - 2018-01-26 00:38 - 000013028 _____ C:\Users\Andrew\Documents\Declaracion jurada 2.odt
2018-01-26 00:13 - 2018-01-26 00:13 - 000215136 _____ C:\Users\Andrew\Downloads\formato-declaracion-jurada-reubicacion.pdf
2018-01-24 23:49 - 2018-01-24 23:49 - 000034082 _____ C:\Users\Andrew\Downloads\english (1).json
2018-01-24 13:26 - 2018-01-24 13:26 - 000001234 _____ C:\Users\Andrew\Desktop\malwarebytes2.txt
2018-01-24 12:57 - 2018-01-28 16:22 - 000000000 ____D C:\Users\Andrew\AppData\Local\AvgSetupLog
2018-01-24 12:57 - 2018-01-28 16:22 - 000000000 ____D C:\ProgramData\Avg
2018-01-21 11:03 - 2018-01-24 12:57 - 000000892 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2018-01-21 11:03 - 2018-01-24 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-01-21 11:03 - 2018-01-24 12:57 - 000000000 ____D C:\Program Files\Nexus Mod Manager
2018-01-21 11:01 - 2018-01-21 11:02 - 006441096 _____ (Black Tree Gaming ) C:\Users\Andrew\Downloads\Nexus Mod Manager-0.63.14.exe
2018-01-21 10:59 - 2018-01-21 11:07 - 229769148 _____ C:\Users\Andrew\Downloads\Total Character Makeover 1.2-1037-1-2.zip
2018-01-20 22:31 - 2018-01-20 22:31 - 000000000 ____D C:\Users\Public\Documents\Steam
2018-01-20 22:31 - 2018-01-20 22:31 - 000000000 ____D C:\Users\Andrew\AppData\Local\Skyrim Special Edition
2018-01-20 22:07 - 2018-01-20 22:23 - 000000910 _____ C:\Users\Andrew\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk
2018-01-20 22:07 - 2018-01-20 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition
2018-01-20 10:04 - 2018-01-31 16:55 - 000000000 ____D C:\AdwCleaner
2018-01-20 09:55 - 2018-01-20 09:56 - 000270664 _____ C:\Windows\Minidump\012018-18813-01.dmp
2018-01-20 09:55 - 2018-01-20 09:55 - 613393571 _____ C:\Windows\MEMORY.DMP
2018-01-19 23:28 - 2018-01-28 15:47 - 000000000 ____D C:\Qoobox
2018-01-19 23:27 - 2018-01-19 23:46 - 000000000 ____D C:\Windows\erdnt
2018-01-19 23:22 - 2018-01-19 23:22 - 008206624 _____ (Malwarebytes) C:\Users\Andrew\Downloads\adwcleaner_7.0.7.0.exe
2018-01-19 23:19 - 2018-01-19 23:19 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Andrew\Downloads\AVG_Protection_Free_1606 (1).exe
2018-01-19 21:40 - 2018-01-19 21:40 - 000000000 ____D C:\Users\Andrew\AppData\Local\Avg
2018-01-19 20:51 - 2018-01-19 20:55 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-01-19 17:25 - 2018-01-19 17:25 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-19 17:25 - 2018-01-19 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-19 17:25 - 2018-01-19 17:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-19 17:25 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-19 17:24 - 2018-01-19 17:24 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-19 15:47 - 2016-08-12 21:51 - 000309760 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw64.dll
2018-01-19 15:47 - 2016-08-12 21:51 - 000309760 _____ (RAD Game Tools, Inc.) C:\Windows\system32\binkw64.dll
2018-01-19 15:24 - 2018-01-19 15:24 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\PowerISO
2018-01-19 13:32 - 2018-01-19 14:21 - 1276459081 _____ C:\Users\Andrew\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition.Update.v1.4-CODEX.rar
2018-01-19 11:22 - 2018-01-19 15:49 - 000000000 ____D C:\Program Files (x86)\PowerISO
2018-01-19 11:22 - 2018-01-19 11:22 - 000001009 _____ C:\Users\Public\Desktop\PowerISO.lnk
2018-01-19 11:22 - 2018-01-19 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2018-01-19 11:22 - 2017-06-06 19:36 - 000138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2018-01-19 08:47 - 2018-01-19 09:23 - 1128170150 _____ C:\Users\Andrew\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition.Update.v1.2-CODEX.rar
2018-01-18 23:03 - 2018-01-18 23:37 - 1131570926 _____ C:\Users\Andrew\Downloads\The.Elder.Scrolls.V.Skyrim.Special.Edition.Update.v1.3-CODEX.rar
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Guest\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Anita\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Andrew\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000001801 _____ C:\Users\Administrator\Desktop\MagicISO.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\Program Files (x86)\MagicISO
2018-01-18 12:54 - 2018-01-18 12:54 - 000000000 ____D C:\Users\Andrew\AppData\Local\Tease_AI
2018-01-14 22:17 - 2018-01-14 22:17 - 000000000 ____D C:\Users\Andrew\AppData\LocalLow\Thunder Lotus Games
2018-01-13 11:02 - 2018-01-13 11:05 - 002368640 _____ (Rainmeter) C:\Users\Andrew\Downloads\Rainmeter-4.1.exe
2018-01-13 10:43 - 2018-01-13 10:43 - 000000000 ____D C:\Users\Andrew\AppData\Local\UnrealEngine
2018-01-13 10:43 - 2018-01-13 10:43 - 000000000 ____D C:\Users\Andrew\AppData\Local\The_Hypno_Dungeon
2018-01-13 09:40 - 2018-01-13 10:40 - 227200840 _____ (NC Interactive, LLC) C:\Users\Andrew\Downloads\BnS_Lite_Installer.exe
2018-01-13 09:18 - 2018-01-13 09:18 - 003987869 _____ C:\Users\Andrew\Downloads\1515535721100.webm
2018-01-08 13:12 - 2018-01-08 13:31 - 000001732 _____ C:\Users\Andrew\Desktop\kymera characteristics.txt
2018-01-08 09:04 - 2018-01-08 09:04 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Google
2018-01-07 18:49 - 2016-03-07 13:22 - 000003486 _____ C:\Users\Andrew\Documents\make me rise.txt
2018-01-07 18:47 - 2017-02-01 03:11 - 000000227 _____ C:\Users\Andrew\Documents\anime.txt
2018-01-07 15:03 - 2018-01-07 15:03 - 000154672 _____ C:\Users\Andrew\Downloads\Unconfirmed 423100.crdownload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-01 11:13 - 2009-07-13 23:45 - 000023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-01 11:13 - 2009-07-13 23:45 - 000023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-01 11:09 - 2009-07-14 00:13 - 000006782 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-01 11:07 - 2011-10-09 12:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-01 11:04 - 2013-07-21 00:54 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-02-01 11:03 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-31 15:27 - 2017-03-21 10:24 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\bodor
2018-01-31 15:27 - 2017-02-20 13:42 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\wincbee
2018-01-31 11:34 - 2017-07-02 11:44 - 000000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2018-01-29 17:43 - 2015-02-22 15:05 - 000000319 _____ C:\Users\Andrew\AppData\Roaming\WB.CFG
2018-01-28 16:22 - 2012-09-07 11:01 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-28 15:45 - 2009-07-13 21:34 - 000000215 _____ C:\Windows\system.ini
2018-01-28 15:25 - 2015-02-22 14:02 - 000000000 ____D C:\Program Files\COMODO
2018-01-24 13:26 - 2012-11-09 22:23 - 001906586 _____ C:\Windows\ntbtlog.txt
2018-01-20 22:31 - 2013-01-25 17:38 - 000000000 ____D C:\Users\Andrew\Documents\My Games
2018-01-20 10:01 - 2012-02-08 18:24 - 000000000 ____D C:\Users\Andrew\.frostwire5
2018-01-20 09:55 - 2012-11-05 16:45 - 000000000 ____D C:\Windows\Minidump
2018-01-19 20:52 - 2017-07-27 20:41 - 000000000 ____D C:\Windows\SysWOW64\NV
2018-01-19 20:52 - 2017-07-27 20:41 - 000000000 ____D C:\Windows\system32\NV
2018-01-19 17:25 - 2013-01-03 13:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-18 21:17 - 2017-07-09 23:13 - 000002169 _____ C:\Users\Andrew\Desktop\Discord.lnk
2018-01-18 21:17 - 2017-07-09 23:12 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\discord
2018-01-18 21:17 - 2017-07-09 23:12 - 000000000 ____D C:\Users\Andrew\AppData\Local\Discord
2018-01-16 23:28 - 2014-03-06 22:46 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2018-01-14 00:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-08 22:30 - 2013-06-15 17:07 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-08 22:30 - 2011-04-01 23:36 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-08 12:02 - 2014-03-08 15:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-08 09:13 - 2012-01-04 21:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-07 20:21 - 2017-08-09 10:43 - 000000000 ____D C:\Users\Andrew\Desktop\baloo
2018-01-07 15:52 - 2017-07-29 12:24 - 000000000 ____D C:\Program Files (x86)\Peek Through

==================== Files in the root of some directories =======

2013-03-18 09:53 - 2017-07-11 20:13 - 000000000 _____ () C:\Users\Andrew\AppData\Roaming\Guides
2013-03-18 09:53 - 2017-07-11 20:15 - 000000000 _____ () C:\Users\Andrew\AppData\Roaming\Hybrid Chords
2017-03-21 10:24 - 2017-03-21 10:24 - 000018837 _____ () C:\Users\Andrew\AppData\Roaming\Nanubugepa
2015-02-22 15:05 - 2018-01-29 17:43 - 000000319 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2017-12-20 00:24 - 2017-12-24 00:43 - 000000068 _____ () C:\Users\Andrew\AppData\Local\3m8rdzl7qc
2015-02-24 11:52 - 2015-02-24 11:52 - 000000001 _____ () C:\Users\Andrew\AppData\Local\DSI.DAT
2012-02-28 04:13 - 2012-02-28 04:13 - 000000036 _____ () C:\Users\Andrew\AppData\Local\housecall.guid.cache
2012-03-25 21:33 - 2017-07-30 18:51 - 000007593 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-01-31 15:58 - 2017-03-07 23:34 - 001732864 _____ (Microsoft Corporation) C:\Users\Andrew\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 16:13

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Andrew (01-02-2018 11:36:43)
Running from C:\Users\Andrew\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-25 20:15:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-798027839-3803069096-2788913540-500 - Administrator - Disabled) => C:\Users\Administrator
Andrew (S-1-5-21-798027839-3803069096-2788913540-1001 - Administrator - Enabled) => C:\Users\Andrew
Anita (S-1-5-21-798027839-3803069096-2788913540-1006 - Limited - Enabled) => C:\Users\Anita
Guest (S-1-5-21-798027839-3803069096-2788913540-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-798027839-3803069096-2788913540-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-798027839-3803069096-2788913540-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FrostWire 6.5.3 (HKLM-x32\...\FrostWire 6) (Version: 6.5.3.240 - FrostWire LLC)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-798027839-3803069096-2788913540-1001\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
Hotspot Shield 4.08 (HKLM-x32\...\HotspotShield) (Version: 4.08 - AnchorFree Inc.)
Intel Processor Diagnostic Tool 64Bit (HKLM\...\{6D3B2650-6767-49B6-A63E-CD410C653B05}) (Version: 17.0.0 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Media Player Codec Pack 4.2.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.1 - Media Player Codec Pack)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAOS8200 Software (HKLM-x32\...\{F830AF52-F1FE-4D7E-8652-4C3A6AB7086B}) (Version: 1.00 - Mionix)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.41331 - Grinding Gear Games)
Peek Through (HKLM-x32\...\Peek Through) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 beta r1819 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STDU Viewer version 1.6.180.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.6.180.0 - STDUtility)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.00 - Trend Micro Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-798027839-3803069096-2788913540-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2010-09-17] (Trend Micro Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2010-09-17] (Trend Micro Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00468893-51B5-4D87-AA55-BEEE25F6FC6F} - System32\Tasks\{CC4EEECD-41EA-425F-9681-9414A3199AD2} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {027CA92B-6958-4ACB-ABEE-5CCEB2C8E560} - System32\Tasks\{EEF2620C-C942-46BD-ABAF-64C7BFC8234C} => D:\Kotor2\SWKotOR2\SWKotOR2\launcher.exe [2005-01-18] (Obsidian Entertainment, Inc.)
Task: {051A6C94-B7B2-4B00-97BD-B1C7168F2EFD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {081DBB44-6BF2-4E5A-AB05-8E79FD941531} - System32\Tasks\{71862F0C-37B7-4410-BA1A-D26DD2691962} => D:\League of Legends\lol.launcher.exe
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {165A4C1F-61D9-4981-BC47-2FE8D7993006} - System32\Tasks\{1F0CD420-0FBF-4197-B53A-268817AC9315} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {216F166D-C011-4A09-A883-87BB56A9D117} - System32\Tasks\{0FE7679A-4EE0-4A39-961D-158937DDA1F4} => C:\Users\Andrew\EphineaPSO\online.exe
Task: {23A61F6B-A5BF-4D85-B822-59DED91782E7} - System32\Tasks\{404CC907-6C90-42FB-A6F4-1AF77992E771} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {2459C0B4-A67A-4163-80E7-F6D135BFB927} - System32\Tasks\{2018D1D7-D87C-4356-A570-76F142F2F01A} => D:\League of Legends\lol.launcher.exe
Task: {260F06E4-0704-47C0-8BDE-9789ADB71EAF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {26E7C28D-95F9-4276-BC58-6FCD74F08075} - System32\Tasks\{15919134-D980-4796-B851-90CF58E7E69D} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {276ACA5D-2C46-46F8-9662-0BCFEC7CC8EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
Task: {2A7814C7-AF6A-4DDD-BFC6-CA186AADE6B5} - System32\Tasks\{7BDE5A35-8A1D-4A43-B5CC-DF35173AE8C1} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {2C392984-B050-4239-A261-ADC38164A62F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
Task: {3B839E11-A44C-44B7-8FB9-78DB4B28D66D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {3D587038-A0E0-45E1-99C0-B4F893F81FB8} - System32\Tasks\{C6B0A3A8-EB8B-42D1-93E1-957FF45BC499} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {3E0C616F-2235-44C7-B916-7F3D5D348663} - System32\Tasks\{39B365D1-DE5B-4BEA-90EE-B983D4885B39} => D:\Steam\Steam.exe
Task: {4252861B-69E4-4831-A4C7-7E34A9832DEE} - System32\Tasks\{6EDD9270-CFFE-4C36-A0DC-A81DE5F2EEF8} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {50535C7C-45FB-4432-B3F6-F22006D2097C} - System32\Tasks\{D2EF98B7-EAA8-40B8-BEF3-5D6C7E899E37} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {50F0A9B0-49A2-4C22-9586-9F6AE9A114AC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
Task: {59FB6BB6-7C8C-424E-BA30-7E8B4AC763A6} - System32\Tasks\{E82CB357-FC17-45CD-AACD-59C07D3849DA} => C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
Task: {5DFB783D-86D9-4586-9E71-EF07A055349C} - System32\Tasks\{79F420B2-473B-4ADF-8493-678B14F4ECF3} => C:\Users\Andrew\Desktop\online.exe
Task: {5F151412-1DA5-49F6-BDA7-4BC852B73659} - System32\Tasks\{77B54810-E5C8-4203-885C-DA90E464FE30} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {621C7897-B939-4B9C-B2DA-C4ED0F61BF5C} - System32\Tasks\{7F19761C-6719-4DF8-A857-8894BDD13E39} => C:\Users\Andrew\EphineaPSO\online.exe
Task: {6872358B-53DF-4810-AA56-F6B1B51268AB} - System32\Tasks\{D8C9F77E-8B0F-4D30-A016-8C6BF7CC3A73} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {751C14FD-72EC-4A25-B383-AFD578DC195C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {78F15886-1C12-48EA-AC44-1FDF7412F9C8} - System32\Tasks\{E0D52AE8-AFD6-45B6-9207-22F47839794D} => C:\Users\Andrew\EphineaPSO\online.exe
Task: {79C127B7-1CF1-4B93-B4CF-5F530174233F} - System32\Tasks\{F18C4F1C-D670-460E-9AE5-9F7BAA3FFE1D} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {7A920E5D-95A2-45A2-B5CB-3D1673077B85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)
Task: {7BC43D98-C081-4847-8D63-464E283E36E1} - System32\Tasks\{644F3B06-BEBE-4F2A-AD6F-81A7E1A2F623} => C:\Users\Andrew\Desktop\online.exe
Task: {855458F3-E84B-4B98-99EE-0B95BBC96E53} - System32\Tasks\{B2C01138-9704-44C5-A491-FD57D9354109} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {86BA5F95-A2F5-4623-8565-1DDD07C6DAA6} - System32\Tasks\{ADCC636B-B5C9-49ED-BFE6-D721EED5CD7A} => C:\Users\Andrew\Desktop\online.exe
Task: {87F09D21-FCA0-434A-9B1F-4AA126528872} - System32\Tasks\{6707CFB9-50CF-4105-87BC-A72E83F9EF4D} => D:\steam2\Steam.exe [2017-12-15] (Valve Corporation)
Task: {891AD2E9-E2E3-4388-9856-7A15528AF847} - System32\Tasks\{A11AB3E8-3911-4488-BD12-2CF68CF714C2} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {8E043886-BB3E-478F-AED3-4C9ABA3FE4F0} - System32\Tasks\{537F0A26-59E3-420A-BA61-EB7D23C1BCD8} => C:\Users\Andrew\Desktop\online.exe
Task: {96B28F76-6A05-425F-B09B-7536B076307C} - System32\Tasks\{6E3916AA-E93C-4BBB-ABDC-9BF0DE8BE97A} => D:\Kotor2\SWKotOR2\SWKotOR2\launcher.exe [2005-01-18] (Obsidian Entertainment, Inc.)
Task: {9C975448-B9BE-4067-B223-BFA4FD60D948} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {A24152AA-1ABD-4B2E-8232-979370F44750} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {AB87669A-1A82-4E6A-A26B-77DF011B6B54} - System32\Tasks\{30CCFD1B-0404-4EE5-882F-94D86900D12A} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {B35C4B83-7DB5-4CDC-AEAA-A92D0952B86B} - System32\Tasks\{34F7B64D-C7BE-4B6C-A12A-926BC85B79A0} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {C042BD3C-7F4D-4576-A1F7-D4651F41BBA7} - System32\Tasks\{4CF32E0C-7397-4642-9E2A-FE35B0C2F433} => C:\Users\Andrew\Desktop\online.exe
Task: {C26D63CF-160E-49B3-8427-F869AF195C78} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C54FBCAF-2412-437D-A771-D3E5D7D2D648} - System32\Tasks\{30AD2AE4-9F9B-4F7E-9B19-75662F058E13} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {CD353431-BE24-46D5-BA28-AD7C2AC87A73} - System32\Tasks\{F4BDACEE-D6D7-438E-871D-082524D0688B} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\Win64_152815.exe -d C:\Users\Andrew\Downloads
Task: {D0B613A6-835E-4229-8217-3C1BA12FF87C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
Task: {DDE6BF66-B256-4A1A-AE61-52C278C7E4B8} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {E1DA0B53-9E3A-4095-8198-7A88C99F4CD2} - System32\Tasks\{A561597F-F836-4C2E-A287-6913961970B8} => D:\LoL\League of Legends\lol.launcher.exe
Task: {E27C746E-E16A-48BD-A50C-0C7DE31307A7} - System32\Tasks\{E865F843-85AF-4E4B-BA29-18A1B9B3A9D8} => C:\Users\Andrew\Desktop\online.exe
Task: {E59446CD-99A0-4FE5-A2B6-B0064FBE5032} - System32\Tasks\{1CDFB08A-C240-48B3-A956-AC9682012807} => D:\Kotor2\SWKotOR2\SWKotOR2\launcher.exe [2005-01-18] (Obsidian Entertainment, Inc.)
Task: {E5D1C35F-18FF-4F21-AFFE-70C71B1A746B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {EF7E491E-BCDF-4533-AA1D-F4E8E6D1C15D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {F251A8D2-3AA2-408A-8693-7AB1FDF9B01A} - System32\Tasks\{137955A4-4048-4AE0-BAB8-5FB26EF48A06} => D:\guild wars 2\Gw2.exe [2017-04-29] (ArenaNet)
Task: {F635E717-4111-48C0-9C3F-7F99ECD5D895} - System32\Tasks\{E2EB3ECE-9DC2-415A-B8CA-4AAAB895FB15} => D:\LoL\League of Legends\lol.launcher.exe
Task: {F6628077-CE76-4D13-9459-632B285808A4} - System32\Tasks\{36C54B94-2189-4485-BC68-DB10545802FD} => C:\Riot Games\League of Legends\lol.launcher.exe [2016-04-01] ()
Task: {F6ECD962-6EB0-4810-B405-8A4A23086324} - System32\Tasks\{D072C72B-283D-4E1D-B04B-FFE07E9F0ABF} => C:\Users\Andrew\Desktop\online.exe
Task: {F8867CFE-76FE-4525-9185-6DD1CCEBD9D9} - System32\Tasks\{71E63DF1-FC19-4D3A-879E-7A35B8ED5098} => D:\Dekaron\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.5.3-SafeMode.lnk -> D:\FrostWire 6\frostwire.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-02-03 20:46 - 2015-02-03 20:46 - 000573736 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2017-07-11 20:25 - 2017-07-26 12:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2010-07-14 18:11 - 2010-07-14 18:11 - 000031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-07-07 01:12 - 2011-01-26 19:11 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-01-08 22:30 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 22:30 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 001044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-03 20:40 - 2015-02-03 20:40 - 000960808 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2011-08-31 15:33 - 2011-08-31 15:33 - 000208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2017-07-11 20:14 - 2017-07-26 12:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-01-19 23:45 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-798027839-3803069096-2788913540-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AFBAgent => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Amsp => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TiMiniService => 3
MSCONFIG\Services: TurboBoost => 2
MSCONFIG\Services: ZeroConfigService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Andrew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: Chromium => c:\users\andrew\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Discord => C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "D:\itunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Steam => "D:\steam2\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869
FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900
FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{791077C2-119B-483E-ACC9-A0ED846C0768}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353
FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182
FirewallRules: [{ADA7F8CD-5D3D-445F-88EA-86463AECFE5E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{3924F725-11B5-4E9B-800E-C96010C6BA0A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6BED8D52-9DAF-4505-8AB5-F858BC0A7022}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C68A75E-517A-4DBE-96F3-E406481978CD}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{75A61087-CA23-494A-AD5A-92D785E9B110}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{AF15BF0F-9178-4CE7-ADE0-873A743E55E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6F47EB9-FC7C-462C-B3AC-0673A155BC81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFAA03E9-F48A-4F8E-9C67-431A8235325A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4C7FD4C9-5F04-4BC5-87EA-6F6B282AAEB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38A82B99-1870-4034-9C4B-679A9EE9AB21}] => (Allow) D:\FrostWire 5\FrostWire.exe
FirewallRules: [{F6A6588C-5EA5-4AAC-B7C0-19B04E35479B}] => (Allow) D:\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{8308ECB4-5FF0-445F-95BE-BB9F7806DB72}D:\frostwire 5\frostwire.exe] => (Block) D:\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{4063D924-3B4E-4BB4-8070-A2E339EC0909}D:\frostwire 5\frostwire.exe] => (Block) D:\frostwire 5\frostwire.exe
FirewallRules: [{058A3A3C-FD82-46AC-9C09-1B4507D3F885}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{3CFCD97B-C8E8-4C56-A9F7-23BC6289396D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E47A45EB-DF5E-4372-A455-4D3A0483520C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27A1456B-4F32-4473-8AF8-E716CB6E953F}] => (Allow) C:\Program Files (x86)\Nakido\nakido.exe
FirewallRules: [{7591452B-9661-4E37-B1CF-8A006DA31B99}] => (Allow) C:\Program Files (x86)\Nakido\nakido.exe
FirewallRules: [{4386FBCC-A63E-40C7-A062-E344A4ED7339}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{066738FE-A69A-4412-A717-3F97D08A790A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{F130F22E-9BDB-4B92-8D40-663F9DB80335}C:\users\andrew\downloads\gw2.exe] => (Allow) C:\users\andrew\downloads\gw2.exe
FirewallRules: [UDP Query User{CA9684EB-DFDB-4A2A-A28F-980494289B6F}C:\users\andrew\downloads\gw2.exe] => (Allow) C:\users\andrew\downloads\gw2.exe
FirewallRules: [TCP Query User{79FA4BDB-0EF8-4B10-8B56-24D212838D2A}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{817A9D7B-AED3-4088-9B21-03BC992D1322}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{DA9D4A03-CFEB-4ED4-890C-844C9AB60EF0}D:\mount&blade warband2\mb_warband_old.exe] => (Allow) D:\mount&blade warband2\mb_warband_old.exe
FirewallRules: [UDP Query User{105F6724-1D75-4424-8EBA-0D544A23270F}D:\mount&blade warband2\mb_warband_old.exe] => (Allow) D:\mount&blade warband2\mb_warband_old.exe
FirewallRules: [{C612A288-EB1B-45E9-A6B5-1125E0B0E27D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{EA20E2DB-6961-44E3-9224-8CABD2DB1975}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{16B15D14-7542-44B7-AE07-1A5EA1DD1A37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{255FABB5-5FB8-4142-AE48-BF1894CC47B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{2679E045-28B9-43EB-BCE5-F1ADA97ED30F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{F05AAB61-B277-40AA-A7D0-DFE8E1B4EB56}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{50BF4398-EF54-4988-B73C-920705071850}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{51A4C651-D5B6-48E8-AEC3-ABB34B48757B}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{FA7C92CF-950B-40E0-ADC8-DAA5E87CC9BB}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{31CC055A-0BDE-484C-B978-2E8E8F3A2E63}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{59B43C24-70A9-41CB-8E4B-076FC63C081D}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [UDP Query User{126D20AF-1513-4F5E-9B4D-5D9AD763B677}C:\programdata\battle.net\agent\agent.976\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.976\agent.exe
FirewallRules: [TCP Query User{7A0F822B-7FA9-464C-B1F0-BC1084D450E8}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [UDP Query User{74EAB33A-F9E9-41EB-B826-AFA4E0E1149A}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [TCP Query User{60C4520B-D740-4F1A-8674-1F8E9D90CD19}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{616BDC0E-26B0-4DD7-9A22-3D88503FDC81}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{AAA2F6AE-8CE8-46EE-8D19-EC5B8BDFD0C7}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B9BE21FC-EC05-41E9-8B54-91C2EE64DFDF}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{26834335-ACCD-4B2F-AA6E-39EDFDA2EF3D}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [UDP Query User{22833369-3EA6-4828-A5C4-CF226E2FC142}C:\programdata\battle.net\agent\agent.998\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.998\agent.exe
FirewallRules: [TCP Query User{2EE0D7DA-154F-4AE3-9C43-F77FCC70A8E7}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{26D45F14-458D-4C1F-BA7F-3DE681ED2B36}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [TCP Query User{345F8DA5-D03B-448C-9C4F-4796EA66DA94}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{6E7E5C5F-B713-4E27-B68B-456E77AF1EE7}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{9B9822E0-643D-4601-91DB-ACBE04B24D51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{6B810B1C-F1AE-45EE-87E1-2F4B1DFA5613}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{C9057340-37E0-4B27-9DEA-1E21FB3B67CE}] => (Allow) D:\Steam\steamapps\common\dead island\DeadIslandGame.exe
FirewallRules: [{EB3C5476-D1E5-4DDA-A33D-BE214555DA52}] => (Allow) D:\Steam\steamapps\common\dead island\DeadIslandGame.exe
FirewallRules: [TCP Query User{70F6E703-8936-44D3-90EA-CEEBECCAE0EB}C:\users\andrew\downloads\pathload2-client.exe] => (Allow) C:\users\andrew\downloads\pathload2-client.exe
FirewallRules: [UDP Query User{00A21B45-89D6-44AC-8822-AC1A45517AE3}C:\users\andrew\downloads\pathload2-client.exe] => (Allow) C:\users\andrew\downloads\pathload2-client.exe
FirewallRules: [{8B169297-61C5-4714-8282-42A9B7F5A4C4}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{7CD74ACC-3E12-4FFD-9E9A-C4FBD1BAA539}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3176CA9A-1C0A-4AFF-9823-BAB1B61670DB}] => (Allow) D:\steam2\Steam.exe
FirewallRules: [{8913157D-77BD-4B7F-8C5F-B1063944A5BF}] => (Allow) D:\steam2\Steam.exe
FirewallRules: [{D6F662DA-5B6C-4B28-81A8-10ADCCB47242}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{9198AA4C-DFA5-4613-A8BF-7302FE67AD74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{EF835C1E-E76A-42AD-A34A-F43E39E1CAB0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{560B13CC-3E19-4A6F-8F9C-ECDC9927998D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{E3A7B269-22C7-4548-B41E-95A104E61405}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{E00C7BF7-D922-45DF-A277-9D09CE9DAF33}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{073A06E7-AB64-486F-9259-D699B1FE2D31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{D5F26566-DE8E-4D9B-BF39-1BC13D3E257E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{FF1A4BCE-EA2D-4818-800B-42F115472A72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{CFFC783D-8B14-4E33-A0F6-D8D247D36EDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [TCP Query User{C095E0AD-506F-424F-AFB5-59961903DD4C}D:\mount&blade warband2\mb_warband.exe] => (Allow) D:\mount&blade warband2\mb_warband.exe
FirewallRules: [UDP Query User{AB8468C3-7DB1-4D37-90A9-240D33001A54}D:\mount&blade warband2\mb_warband.exe] => (Allow) D:\mount&blade warband2\mb_warband.exe
FirewallRules: [{17864AA6-9C2C-4316-B40D-3A6BE42AC658}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{1A440C98-FB2E-46F6-8CFE-7171D4CD5559}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{9BEAF18E-7724-4A04-B5A7-BC992FECCDC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{D592D7B8-CEC7-4EC0-8815-3AB8CE0B3F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{80F5A373-7477-4AE9-A2CD-47D0FCF7EAA8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4E774C03-3828-49DB-902E-1F6980155EC2}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{578A070C-0792-4B25-9580-C0240C7C8EBC}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F2CC4A7C-41C3-4262-9369-7D04D64008FC}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{ED05DCB1-806B-4019-AA5F-EE061DE55D13}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{A07AA9CE-CB2C-463F-902A-B864BC8CFD4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{83E8E778-DC71-4CC9-971B-418300B7434A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{992E7C4D-3CAA-4667-B7D4-1FA7F77264E9}] => (Allow) D:\steam2\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2EF5D99C-D4CC-4670-939B-2AAE1EA39AA6}] => (Allow) D:\steam2\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{586770A1-5F1D-45A2-A4E2-97D75D67D93A}D:\age of empires\age2_x1.exe] => (Allow) D:\age of empires\age2_x1.exe
FirewallRules: [UDP Query User{46BFCBC0-2FBC-4E48-A21F-B4FEE227D81B}D:\age of empires\age2_x1.exe] => (Allow) D:\age of empires\age2_x1.exe
FirewallRules: [TCP Query User{0D7F2EE3-3343-4A0C-8AFC-63D9E97E6396}D:\age of empires\empires2.exe] => (Allow) D:\age of empires\empires2.exe
FirewallRules: [UDP Query User{FC2D7828-1C1E-4AB2-8C17-B9197C8F1E05}D:\age of empires\empires2.exe] => (Allow) D:\age of empires\empires2.exe
FirewallRules: [{E53008AB-8583-4AB6-A54D-7110DE0B3AED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{F774AD84-25E7-4D13-B0B7-366324893B40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{713EEAC6-103A-4B0D-BB9B-BB8F612B97F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{79813922-56F1-4FF3-9779-0DB972FAFEEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [TCP Query User{6D115192-C87E-4EBF-B5E2-16D86E6587DE}D:\ageofempires2conquerors\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1.exe
FirewallRules: [UDP Query User{8A4018E0-E849-4E34-85E2-CCE43DBBE06F}D:\ageofempires2conquerors\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1.exe
FirewallRules: [TCP Query User{54E72E93-C4A2-448A-8865-C9EE792B171E}D:\ageofempires2conquerors\age2_x1\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{00C1D67E-31D0-494C-8AB4-71DF371AD0D8}D:\ageofempires2conquerors\age2_x1\age2_x1.exe] => (Block) D:\ageofempires2conquerors\age2_x1\age2_x1.exe
FirewallRules: [{B1D383D3-185F-488D-9836-454B626DBC81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{A036E94B-5DA9-4DC7-A3C9-46ACD0CBC859}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{1611757A-5B61-4B9F-A7A8-9948EAA26655}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{81DAE7C4-3268-4FD0-A2E6-8B0C9CCECAB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{A962AC39-F7E7-4307-90AA-ED8DFB22E10F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{985C9A90-55E1-4744-AFBA-47B9EAB665A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{854C57B5-484F-4EEE-83D6-FC069BC93560}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{82173ED5-EA1D-4784-8C3B-1BDE1F485748}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{1590E581-9545-40F1-BA71-1F71C82C3C36}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{670D7F02-FE15-472E-BA93-628BB3077B3C}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{B1D977FB-A942-45F4-8774-AC4402287A0A}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{C6D673C4-0BA9-44F5-B9E3-0B80763539C0}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{D73DFEC5-B3DE-41AE-8E25-F647C5F122E8}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{9002B41F-5D64-4FF7-AABC-5836807CE535}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{C0D5166B-7CAB-4325-A4B6-6E85723B9396}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{B0F77B8F-6FB3-4CEF-B4A9-C32F1F84B974}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{D5C416BC-0883-4FA9-BDED-D70D502C05FD}C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [UDP Query User{96CD8A34-B8E8-48AC-B593-8BC263DA8C6F}C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\andrew\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [TCP Query User{278D24D8-5993-42C5-892A-D8A5ED275896}D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{C822BE2E-FA89-4A9E-A8E7-2C03877D3497}D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{2EB01ED8-224B-43B1-8CAF-86EA96B0288E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{99E4DA69-A75B-4553-88A3-EAB1F3EF6000}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{4B3B3481-3733-4FDB-9ED1-7D17D4DDEA91}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{974D2D94-E211-4E48-BB30-64440EA6863E}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{19447939-C48E-4C70-B1CC-FAAB5FD1BF31}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{DAA00769-147F-4004-BFD1-F24A6CF6CD00}] => (Allow) D:\League of Legends\lol.launcher.exe
FirewallRules: [{E45E19E1-3B07-4E13-A92B-9C665C70636A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{62159AE7-3A9A-4F63-B871-B0CB21026CFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{4EE7F841-9DDA-45B4-9F49-475C20130BB6}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{86FD4AE0-D85F-4AC5-9ECD-A83922A54339}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{DE7A84FA-F204-482A-95D9-0D2EB9A46F33}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{D5BDE7DB-0CF8-474F-8C98-29817141B7CD}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{2F7AEA7D-172E-42CF-A75C-7B78D2D8FEEA}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{97131126-1276-4537-9F04-7A19A18A46F7}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{CF8D90FE-D81B-4200-88A4-3F3C910C38D8}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{742DB499-6EF1-4E20-9438-4D8E3E604A64}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{F40695AF-4DA9-4C3B-BD9A-DFC16317CB24}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{462A636B-88FC-4FCD-8493-E79C742762F6}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4F81F97A-CCB6-4D5B-A226-76FCDFB7CB04}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{9303D7F7-5A71-4FE8-B8F3-0553D21B2982}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{4A79CBFF-E22A-4CF3-9907-28FFF85E2890}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{266C6CE0-418A-4B58-B6BC-9857521FA250}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1E39A6CB-E719-446D-8CA4-9E31D4F6F55F}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{46831A19-28DF-4678-814D-9F7017D76328}] => (Allow) D:\steam2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C86BF37B-6BD2-4B95-920C-6E3642E1513E}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{A7D0FEA4-2F9E-43C8-AC31-4A26362679EF}] => (Allow) D:\steam2\steamapps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{352AE908-4FC6-4F41-B39E-422B76706C07}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{90AF1764-EE59-4308-8C1E-323AD0289DFC}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B1B4E729-9F7E-4EC7-8BC8-0688D7994C29}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8CD423EE-1942-40B6-A675-9FC9EF87C1E1}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3A120C0F-72DD-46C2-82AF-1959E16040C4}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{EE7A9F34-4C96-40CE-98AE-40E139ADC0B0}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{ED369A52-6958-4413-AEDF-34BAB28A70C8}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DB5FA594-3A93-4FDB-80C9-4C2CDB67C1B6}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{13060051-CA59-4D8D-A606-3C9DB3720AB1}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A9AD0C80-4E1B-457C-87D4-F142CD6CF112}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9A80016F-E623-4619-9393-F910608A5B20}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DC7F1BC6-63B4-4931-A96C-AA80C6668187}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{328F4DCE-5FF7-421E-BCDF-AEAE53DEB3C5}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A5D5ACB0-30F0-498E-9147-17A58DA3524B}] => (Allow) D:\steam2\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{6AB5E8B0-0D48-4818-A13D-0ECE6F614CF2}] => (Allow) D:\FrostWire2 5\FrostWire.exe
FirewallRules: [{58AA3300-DC2A-47CA-8AF8-6F27E1FAEFEC}] => (Allow) D:\FrostWire2 5\FrostWire.exe
FirewallRules: [{7F66D1BA-F4F4-4187-9969-47616B29CA4A}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2984B10F-76EB-48E0-8A84-DD38C06257CD}] => (Allow) D:\steam2\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A54ED20F-9B96-43BB-83CA-CFF02DEE446D}] => (Allow) D:\steam2\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{0875220E-C475-40FA-A693-08D330B7343D}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{2C23774F-7D5A-4237-B110-B6E07361AAFA}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{5478E87F-57BB-4111-AA1C-C0EA3E9581FD}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{611E8A58-1DB0-40AC-B2CD-FFD97B539E12}] => (Allow) C:\Users\Andrew\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{B3B11C4D-92AC-4571-B9F1-B7E7050CB6ED}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{4B4C1706-46C3-462A-9689-D98C8E438F47}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{6D18E872-B44C-4BD7-B182-4FDCE474107A}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{D4F8A343-19C4-47A1-A646-63700F1F0975}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{5E733605-E4DB-4A62-AB17-56C7C1BAF34A}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3847C149-B529-43CF-89D3-DF78BF665775}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{3BBD4E35-D9E8-435D-A84F-AEF125CB1654}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{FAC933DE-FD91-408B-B356-DE0A5BB1CF09}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
FirewallRules: [{503DC868-6993-47D0-BE90-A95B910DF76B}] => (Allow) D:\steam2\bin\steamwebhelper.exe
FirewallRules: [{33C447E1-7396-482C-833B-A60231CC7255}] => (Allow) D:\steam2\bin\steamwebhelper.exe
FirewallRules: [{8AEBF0BB-7AC0-4413-9CEA-5BA8F028DB4D}] => (Allow) D:\FrostWire 6\FrostWire.exe
FirewallRules: [{D46C62F1-DFC8-4597-98F0-BCBC0064B6E4}] => (Allow) D:\FrostWire 6\FrostWire.exe
FirewallRules: [{98FF5181-2EAD-4547-AC80-6979DD4A3D11}] => (Allow) D:\itunes\iTunes.exe
FirewallRules: [{49D5314F-5AEB-42EA-84C1-553C1C062BC6}] => (Allow) D:\steam2\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{72351D9D-06C8-458B-8478-2DFBB5A3899D}] => (Allow) D:\steam2\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{AC66C599-2C68-4BD0-BC73-0DEA649AAB32}] => (Allow) D:\steam2\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9780F93F-2136-4865-B0A1-039851D36810}] => (Allow) D:\steam2\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AC181317-19BD-4BDA-A96B-9A9F919E3D68}] => (Allow) C:\Users\Andrew\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{F17CE30A-4099-45D9-8187-14776520DF4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6AA6F4E7-B396-4BF0-A50F-E8766B2D40DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{50554F85-7FE1-4485-880F-4DC75FA33F5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9DDD786A-01F5-4EBA-9CA0-47BC9DE5BE7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8676214-B079-41FA-8C0E-222F134BBAB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D6CF513A-0307-4C1D-93AE-9DE9B7C469AF}] => (Allow) D:\steam2\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{D6CCE5A5-C874-4F51-A2A6-01DB7049DA52}] => (Allow) D:\steam2\steamapps\common\Jotun\Jotun.exe
FirewallRules: [{1F171E3E-D4E9-410F-834C-214AED745718}] => (Allow) C:\SteamLibrary\steamapps\common\Dark and Light\DNL\Binaries\Win64\DNL.exe
FirewallRules: [{573983DB-61FD-4604-B5D0-2F45DF331764}] => (Allow) C:\SteamLibrary\steamapps\common\Dark and Light\DNL\Binaries\Win64\DNL.exe
FirewallRules: [{D0201F65-26DE-4CEB-8971-83C1FEBB5832}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D2A6FB2B-C27E-46DE-B5CD-36519A8C2728}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{50F73A89-DB1D-43B5-B2E4-5B23669555C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{49CE8944-ABBF-4040-BA7D-FC7EA58F977D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A527E5B-B171-47E3-AA44-F828C949F88D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7ECB94BB-739A-408D-8189-B5265E509FE4}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{EA95BBDB-A529-422D-BC82-64F0F0AEDC0D}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{BA274825-4BC4-47B0-9268-BC4A8F5EBEE0}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{A5A34CA1-0B34-4001-BDB7-0FD6170CBCC1}] => (Allow) D:\steam2\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{A26D11CB-95F2-4498-973F-0EB0B609619F}] => (Allow) D:\steam2\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{23DF91F4-1066-4AC9-B11D-7A8C726A47B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{617D3757-1A07-4F13-BC36-1AF5072F2446}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91D91EAF-B24C-4AF6-9400-9DC1DE4CC1F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CDD2A322-B3FE-41F3-A864-FFAE190E2BF9}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{E69EA6F4-90B0-4645-A736-93F62E96C811}] => (Allow) D:\steam2\steamapps\common\Wolcen\win_x64\Wolcen.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2018 11:09:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/01/2018 11:09:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/01/2018 11:07:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {e89f0032-e19c-4415-b03d-1ddf79d39d02}

Error: (02/01/2018 11:07:26 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and Name CEventSystem is [0x80040154, Class not registered
].


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {e89f0032-e19c-4415-b03d-1ddf79d39d02}

Error: (02/01/2018 11:07:05 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (02/01/2018 11:03:59 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/01/2018 11:03:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {3564d6d5-7208-42c7-8cf3-9ea1018c0293}

Error: (02/01/2018 11:03:58 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and Name CEventSystem is [0x80040154, Class not registered
].


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {3564d6d5-7208-42c7-8cf3-9ea1018c0293}

Error: (02/01/2018 11:03:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
System Writer object failed to subscribe to VSS.

System Error:
0x80042302 (unresolvable).

Error: (02/01/2018 11:03:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3bb1a5bd-65cb-410d-a067-c072735faa4c}


System errors:
=============
Error: (02/01/2018 11:07:05 AM) (Source: WMPNetworkSvc) (EventID: 14333) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly due to error '0x80040154'. Restart your computer, and then try to restart the service.

Error: (02/01/2018 11:04:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {7B33B0B5-F719-4B0B-B48A-0B8F20CA08A5} did not register with DCOM within the required timeout.

Error: (02/01/2018 11:04:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (02/01/2018 11:04:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (02/01/2018 11:04:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.

Error: (02/01/2018 11:04:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80040154

Error: (02/01/2018 11:04:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/01/2018 11:04:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (02/01/2018 11:04:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (02/01/2018 11:03:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Service Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2018-01-19 23:44:04.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-19 23:44:04.759
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 22:13:29.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 22:13:29.788
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 17:25:28.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 16:34:20.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:17.187
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:17.109
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:15.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Netwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-09 15:59:15.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Netwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 26%
Total physical RAM: 8102.7 MB
Available physical RAM: 5949.77 MB
Total Virtual: 16203.57 MB
Available Virtual: 14007.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:94.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:57.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Can we address also wininstaller, winupdate, and other MSC services that dont seem to be working? 

 

Thanks!



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 01 February 2018 - 02:26 PM

We can address these after, yes.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 04 February 2018 - 04:35 PM

Hi atazk,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 atazk

atazk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 February 2018 - 11:46 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Andrew (03-02-2018 10:21:36) Run:1
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & Anita & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

ProxyServer: [S-1-5-21-798027839-3803069096-2788913540-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555

Task: {00468893-51B5-4D87-AA55-BEEE25F6FC6F} - System32\Tasks\{CC4EEECD-41EA-425F-9681-9414A3199AD2} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {23A61F6B-A5BF-4D85-B822-59DED91782E7} - System32\Tasks\{404CC907-6C90-42FB-A6F4-1AF77992E771} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {2A7814C7-AF6A-4DDD-BFC6-CA186AADE6B5} - System32\Tasks\{7BDE5A35-8A1D-4A43-B5CC-DF35173AE8C1} => msiexec.exe /package "C:\Users\Andrew\Downloads\PathOfExileInstaller (1).msi"
Task: {CD353431-BE24-46D5-BA28-AD7C2AC87A73} - System32\Tasks\{F4BDACEE-D6D7-438E-871D-082524D0688B} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\Win64_152815.exe -d C:\Users\Andrew\Downloads

MSCONFIG\startupreg: Chromium => c:\users\andrew\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session

C:\ProgramData\ntuser.pol
c:\users\andrew\appdata\local\chromium
C:\Users\Andrew\AppData\Local\3m8rdzl7qc
C:\Users\Andrew\AppData\Roaming\bodor
C:\Users\Andrew\AppData\Roaming\wincbee
C:\Users\Andrew\AppData\Roaming\Nanubugepa

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKU\S-1-5-21-798027839-3803069096-2788913540-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00468893-51B5-4D87-AA55-BEEE25F6FC6F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00468893-51B5-4D87-AA55-BEEE25F6FC6F}" => removed successfully
C:\Windows\System32\Tasks\{CC4EEECD-41EA-425F-9681-9414A3199AD2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC4EEECD-41EA-425F-9681-9414A3199AD2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23A61F6B-A5BF-4D85-B822-59DED91782E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A61F6B-A5BF-4D85-B822-59DED91782E7}" => removed successfully
C:\Windows\System32\Tasks\{404CC907-6C90-42FB-A6F4-1AF77992E771} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{404CC907-6C90-42FB-A6F4-1AF77992E771}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A7814C7-AF6A-4DDD-BFC6-CA186AADE6B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A7814C7-AF6A-4DDD-BFC6-CA186AADE6B5}" => removed successfully
C:\Windows\System32\Tasks\{7BDE5A35-8A1D-4A43-B5CC-DF35173AE8C1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BDE5A35-8A1D-4A43-B5CC-DF35173AE8C1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD353431-BE24-46D5-BA28-AD7C2AC87A73}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD353431-BE24-46D5-BA28-AD7C2AC87A73}" => removed successfully
C:\Windows\System32\Tasks\{F4BDACEE-D6D7-438E-871D-082524D0688B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4BDACEE-D6D7-438E-871D-082524D0688B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chromium" => removed successfully
C:\ProgramData\ntuser.pol => moved successfully
c:\users\andrew\appdata\local\chromium => moved successfully
C:\Users\Andrew\AppData\Local\3m8rdzl7qc => moved successfully
C:\Users\Andrew\AppData\Roaming\bodor => moved successfully
C:\Users\Andrew\AppData\Roaming\wincbee => moved successfully
C:\Users\Andrew\AppData\Roaming\Nanubugepa => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24920582 B
Java, Flash, Steam htmlcache => 375238165 B
Windows/system/drivers => 523021 B
Edge => 0 B
Chrome => 858502019 B
Firefox => 495305980 B
Opera => 52880716 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42320504 B
systemprofile32 => 66520 B
LocalService => 49632 B
NetworkService => 570282 B
UpdatusUser => 0 B
Andrew => 167286820 B
Anita => 375952582 B
Administrator => 57540 B
Guest => 4370320 B

RecycleBin => 1970909024 B
EmptyTemp: => 4.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:33:27 ====

still here, had trouble with internet, here is the fix log



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 06 February 2018 - 08:40 AM

Alright, now follow the instructions below.

Q9GdiYj.pngFarbar Service Scanner (FSS)
Follow the instructions below to run Farbar Service Scanner and provide a log.
  • Download Farbar Service Scanner and move the executable to your Desktop
  • Right-click on FSS.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check every options:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
    KUTc3I2.png
  • Once done, click on the Scan button to launch a scan
  • On completion, a Notepad file called FSS.txt (saved where FSS.exe was ran) will open. Copy and paste the content of this file in your next reply and post it

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 atazk

atazk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 February 2018 - 10:28 AM

here we go:

Farbar Service Scanner Version: 27-01-2016
Ran by Andrew (administrator) on 06-02-2018 at 10:27:20
Running from "C:\Users\Andrew\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 06 February 2018 - 11:48 AM

Can we address also wininstaller, winupdate, and other MSC services that dont seem to be working?


The FSS log is quite clean. What tells you that these services aren't working?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 atazk

atazk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 February 2018 - 01:32 PM

Maybe services isnt the right term. For example, i cannot uninstall programs and had trouble installing programs as well. When uninstalling i get the message: an error occured uninstalling xxxxx. It may have already been uninstalled. would you like to remove xxxxx from the program and featuers list?

 

I cannt modify / delete user accounts.

 

Windows update was not working.



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 07 February 2018 - 08:50 AM

For example, i cannot uninstall programs and had trouble installing programs as well. When uninstalling i get the message: an error occured uninstalling xxxxx. It may have already been uninstalled. would you like to remove xxxxx from the program and featuers list?


This is probably because the program has already been uninstalled, but not the right way. Which program(s) do you want to uninstall right now?

I cannt modify / delete user accounts.


What happens when you try to do so?

Windows update was not working.


Was? So now it is?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users