Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Citypage.today Extension, Bing Redirect


  • This topic is locked This topic is locked
10 replies to this topic

#1 h0lloway

h0lloway

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 04 March 2018 - 08:39 PM

Same as a few other users have reported and been helped with, originated from zip file in a torrent. Many components have been removed already and a few malware removal tools do work and scan (Malwarebytes, adwcleaner, hitman), but the Bing redirect persists. Any help would be greatly appreciated as even windows restore will not function properly.

_______________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by H0llow (administrator) on H0LLOW-PC (04-03-2018 19:18:14)
Running from C:\Users\H0llow\Downloads
Loaded Profiles: H0llow & DefaultAppPool &  (Available Profiles: H0llow & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\cgcndrvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
() C:\Users\H0llow\AppData\Local\atsgxdw\atsgxdw.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Users\H0llow\AppData\Local\pcdubxm\wmeigac.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Sysinternals - www.sysinternals.com) C:\Users\H0llow\Desktop\procexp64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\H0llow\AppData\Local\atsgxdw\vdekizu.exe
() C:\Users\H0llow\AppData\Local\atsgxdw\vdekizu.exe
() C:\Users\H0llow\AppData\Local\atsgxdw\vdekizu.exe
() C:\Users\H0llow\AppData\Local\atsgxdw\vdekizu.exe
() C:\Users\H0llow\AppData\Local\atsgxdw\vdekizu.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart\ogmmon.exe [3386880 2014-05-19] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5715728 2017-11-21] (Performix LLC)
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
HKU\S-1-5-21-443170362-3614580758-3214794497-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441274\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5715728 2017-11-21] (Performix LLC)
HKU\S-1-5-21-443170362-3614580758-3214794497-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441274\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182442368\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-10-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{18d498cf-e3bc-4eba-8967-979684594dea}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3c099171-df5a-11e7-94e8-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{563fe56b-d678-42ee-8514-19be2637074c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{563fe56b-d678-42ee-8514-19be2637074c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{64fac57c-b17b-43bd-bab7-dd3d903ec122}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7f472b95-437f-40b7-89bc-aff5a6a8c751}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{80ca9923-0df6-4c8f-9059-fa9a91303a58}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{80ca9923-0df6-4c8f-9059-fa9a91303a58}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{b75936de-8feb-4c79-a965-cb88a8725ec7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b75936de-8feb-4c79-a965-cb88a8725ec7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-443170362-3614580758-3214794497-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441274\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default [2018-03-04]
CHR Extension: (Google Drive) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09]
CHR Extension: (Audio Cutter) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2017-03-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\hkismwda <==== ATTENTION (Rootkit!)
 
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [129296 2017-11-21] (Performix LLC)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-31] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2018-01-30] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2156864 2018-02-14] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3026760 2018-02-14] (Electronic Arts)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-22] (CyberLink)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [81000 2017-03-27] ()
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-03-04] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-03-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-03-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-03-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-03-04] (Malwarebytes)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [8213328 2018-01-31] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 RzSynapse; C:\WINDOWS\System32\drivers\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-28] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 oruxbe; system32\drivers\uxbehk.sys [X]
S3 svvvyy; system32\drivers\loooss.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-04 19:18 - 2018-03-04 19:18 - 000013426 _____ C:\Users\H0llow\Downloads\FRST.txt
2018-03-04 19:13 - 2018-03-04 19:18 - 000000000 ____D C:\FRST
2018-03-04 19:11 - 2018-03-04 19:11 - 002403328 _____ (Farbar) C:\Users\H0llow\Downloads\FRST64.exe
2018-03-04 18:44 - 2018-03-04 18:45 - 000014156 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_18.44.19_log.txt
2018-03-04 18:30 - 2018-03-04 18:53 - 000001962 _____ C:\Users\H0llow\Desktop\HitmanPro.lnk
2018-03-04 18:22 - 2018-03-04 18:22 - 000143184 ____N C:\WINDOWS\system32\Drivers\dwsoruyb.sys
2018-03-04 18:17 - 2018-03-04 18:28 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-04 18:17 - 2018-03-04 18:23 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-04 18:16 - 2018-03-04 18:16 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-04 18:16 - 2018-03-04 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-04 18:16 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-04 18:09 - 2018-03-04 18:09 - 000000998 _____ C:\Users\Public\Desktop\Adguard.lnk
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ C:\ProgramData\fontcacheev1.dat
2018-03-04 18:09 - 2018-03-04 18:09 - 000000000 ____D C:\Users\H0llow\AppData\Local\Performix_LLC
2018-03-04 18:09 - 2017-03-27 08:01 - 000081000 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2018-03-04 18:08 - 2018-03-04 19:18 - 000000000 ____D C:\ProgramData\Adguard
2018-03-04 18:08 - 2018-03-04 18:24 - 000000000 ____D C:\Program Files (x86)\Adguard
2018-03-04 18:08 - 2018-03-04 18:08 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\Performix LLC
2018-03-04 18:08 - 2018-03-04 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2018-03-04 18:03 - 2018-03-04 18:29 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-04 17:37 - 2018-03-04 17:57 - 000013544 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_17.37.42_log.txt
2018-03-04 00:07 - 2018-03-04 00:07 - 000000562 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_00.07.02_log.txt
2018-03-03 21:34 - 2018-03-04 17:36 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-02-28 22:28 - 2018-03-04 19:18 - 000081549 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-02-28 22:28 - 2018-03-04 18:29 - 000061879 _____ C:\WINDOWS\ZAM.krnl.trace
2018-02-28 22:27 - 2018-02-28 22:32 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-02-28 22:27 - 2018-02-28 22:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-02-28 22:27 - 2018-02-28 22:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\Zemana
2018-02-28 22:27 - 2018-02-28 22:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-02-28 20:43 - 2018-03-04 18:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-28 20:43 - 2018-03-04 17:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-28 20:43 - 2018-02-28 20:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-02-28 20:36 - 2018-02-28 20:38 - 000020100 _____ C:\TDSSKiller.3.1.0.16_28.02.2018_20.36.57_log.txt
2018-02-28 19:16 - 2018-03-04 18:23 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-28 19:16 - 2018-03-04 18:17 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-28 19:16 - 2018-03-04 18:16 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-28 19:16 - 2018-02-28 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-27 22:23 - 2018-03-04 18:27 - 000908656 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-27 21:31 - 2018-02-27 21:31 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-H0LLOW-PC-Windows-10-Home-(64-bit).dat
2018-02-27 21:31 - 2018-02-27 21:31 - 000000000 ____D C:\RegBackup
2018-02-27 20:55 - 2018-02-27 20:55 - 004944584 _____ (AO Kaspersky Lab) C:\Users\H0llow\Desktop\tdsskiller.exe
2018-02-27 20:52 - 2018-02-27 20:52 - 000194338 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-02-27 20:52 - 2018-02-27 20:52 - 000000574 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-02-27 20:52 - 2018-02-27 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-27 20:52 - 2018-02-27 20:52 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-27 20:19 - 2018-03-01 20:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-24 21:36 - 2018-02-24 21:36 - 000000000 ____D C:\Users\H0llow\AppData\Local\Apps\2.0
2018-02-24 21:24 - 2018-02-24 21:24 - 000001844 _____ C:\WINDOWS\system32\.crusader
2018-02-24 21:08 - 2018-02-24 21:26 - 000003646 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-24 21:07 - 2018-03-04 18:22 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-02-24 20:39 - 2018-03-04 18:53 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-02-24 20:39 - 2018-03-04 18:49 - 000000000 ____D C:\AdwCleaner
2018-02-24 20:39 - 2018-02-24 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-02-24 20:39 - 2018-02-24 20:39 - 000000000 ____D C:\Program Files\HitmanPro
2018-02-24 20:38 - 2018-02-24 21:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-24 20:38 - 2018-02-24 20:38 - 008222496 _____ (Malwarebytes) C:\Users\H0llow\Desktop\AdwCleaner.exe
2018-02-24 19:41 - 2018-02-24 19:41 - 000000000 ____D C:\WINDOWS\pss
2018-02-24 19:28 - 2018-02-28 17:59 - 000000000 ____D C:\Users\H0llow\AppData\Local\raotzgp
2018-02-24 19:25 - 2018-03-04 19:18 - 000000000 ____D C:\Users\H0llow\AppData\Local\atsgxdw
2018-02-24 19:25 - 2018-03-04 18:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\pcdubxm
2018-02-24 19:05 - 2018-03-04 18:23 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\cgcndrvsvc.exe
2018-02-24 19:05 - 2018-02-24 21:01 - 000000000 ____D C:\Users\H0llow\AppData\Local\crukh
2018-02-24 19:05 - 2018-02-24 19:05 - 002095707 _____ C:\ProgramData\zun.exe
2018-02-24 19:05 - 2018-02-24 19:05 - 000000362 _____ C:\ProgramData\settings.uvd
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\WINDOWS\SysWOW64\avrtuxs
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\WINDOWS\system32\avrtuxs
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\et
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\1337
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\ProgramData\save
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\ProgramData\1.8.3.3
2018-02-24 19:05 - 2018-02-19 20:26 - 002225152 _____ C:\ProgramData\opengl.exe
2018-02-23 20:19 - 2018-02-23 20:19 - 000047239 _____ C:\WINDOWS\uninstaller.dat
2018-02-20 22:00 - 2018-02-20 22:00 - 001254495 _____ C:\ProgramData\unins000.exe
2018-02-20 22:00 - 2018-02-20 22:00 - 000084831 _____ C:\ProgramData\unins000.dat
2018-02-13 21:44 - 2018-02-13 21:44 - 003832589 _____ C:\Users\H0llow\Documents\2017TurboTaxReturn.pdf
2018-02-09 20:17 - 2018-02-10 20:25 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\dvdcss
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-04 18:43 - 2016-02-02 19:00 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-04 18:23 - 2017-12-12 11:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-04 18:22 - 2017-09-29 02:45 - 028049408 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-04 18:22 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-04 18:22 - 2015-01-05 20:37 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-04 18:16 - 2014-11-11 07:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-04 18:08 - 2017-04-26 18:09 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-04 17:56 - 2017-12-12 10:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-03 20:55 - 2017-12-31 12:43 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-01 20:27 - 2017-12-12 10:34 - 000309976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-28 18:42 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-28 18:23 - 2017-04-26 18:10 - 000889858 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-02-27 22:54 - 2009-07-13 20:34 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_543
2018-02-27 22:03 - 2009-07-13 20:34 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_528
2018-02-27 20:49 - 2014-10-12 11:05 - 000000000 ____D C:\Users\H0llow\AppData\Local\ElevatedDiagnostics
2018-02-26 20:57 - 2017-12-12 11:01 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 22:02 - 2017-12-12 10:45 - 000000000 ____D C:\Users\H0llow
2018-02-24 19:05 - 2018-01-10 12:13 - 012160728 _____ C:\ProgramData\UmmyVideoDownloader.exe
2018-02-24 19:05 - 2017-08-19 18:43 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\qBittorrent
2018-02-23 17:59 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-23 17:58 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-23 17:58 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-21 18:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-17 23:10 - 2016-11-19 16:18 - 000000000 ____D C:\Users\H0llow\AppData\Local\Ubisoft Game Launcher
2018-02-17 20:09 - 2014-10-12 10:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-17 20:07 - 2017-10-10 20:01 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-17 20:07 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-17 20:07 - 2014-10-12 10:54 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-10 22:13 - 2015-05-30 10:45 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\vlc
2018-02-08 18:45 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-06 21:03 - 2014-10-12 11:45 - 000000000 ____D C:\Users\H0llow\AppData\Local\Battle.net
2018-02-06 20:12 - 2014-10-12 11:50 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-02-06 20:10 - 2014-10-12 11:45 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-02-03 10:56 - 2016-11-01 20:43 - 000858864 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
 
==================== Files in the root of some directories =======
 
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ () C:\ProgramData\fontcacheev1.dat
2018-02-24 19:05 - 2018-02-19 20:26 - 002225152 _____ () C:\ProgramData\opengl.exe
2018-01-10 12:13 - 2018-02-24 19:05 - 012160728 _____ () C:\ProgramData\UmmyVideoDownloader.exe
2018-02-20 22:00 - 2018-02-20 22:00 - 000084831 _____ () C:\ProgramData\unins000.dat
2018-02-20 22:00 - 2018-02-20 22:00 - 001254495 _____ () C:\ProgramData\unins000.exe
2018-02-24 19:05 - 2018-02-24 19:05 - 002095707 _____ () C:\ProgramData\zun.exe
2014-10-12 12:18 - 2014-10-12 12:21 - 000000624 _____ () C:\Users\H0llow\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-12 11:25 - 2014-10-12 11:26 - 000000000 _____ () C:\Users\H0llow\AppData\Local\Driver_LOM_8161Present.flag
2015-12-26 22:09 - 2017-05-29 18:54 - 000007597 _____ () C:\Users\H0llow\AppData\Local\Resmon.ResmonCfg
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\H0llow\AppData\Local\Tempdivx19b1
2015-05-30 10:41 - 2015-05-30 10:41 - 000043682 _____ () C:\Users\H0llow\AppData\Local\Tempdivx266d
2015-05-30 10:16 - 2015-05-30 10:16 - 000043682 _____ () C:\Users\H0llow\AppData\Local\Tempdivx38bd
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\H0llow\AppData\Local\Tempdivx3ce2
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\H0llow\AppData\Local\Tempdivx470d
2015-05-30 10:16 - 2015-05-30 10:16 - 001328472 _____ (DivX, LLC) C:\Users\H0llow\AppData\Local\Tempdivx5ee9.exe
2015-05-30 10:16 - 2015-05-30 10:16 - 000043682 _____ () C:\Users\H0llow\AppData\Local\Tempdivxe93e
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\dwsoruyb.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-02-24 21:44
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by H0llow (04-03-2018 19:19:06)
Running from C:\Users\H0llow\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-12 17:02:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-443170362-3614580758-3214794497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-443170362-3614580758-3214794497-503 - Limited - Disabled)
Guest (S-1-5-21-443170362-3614580758-3214794497-501 - Limited - Disabled)
H0llow (S-1-5-21-443170362-3614580758-3214794497-1000 - Administrator - Enabled) => C:\Users\H0llow
HomeGroupUser$ (S-1-5-21-443170362-3614580758-3214794497-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-443170362-3614580758-3214794497-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adguard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.2.437.2171 - Performix LLC) Hidden
Adguard (HKLM-x32\...\{f9c170d1-2b4b-4a3e-bb82-54428328aeef}) (Version: 6.2.437.2171 - Performix LLC)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AURA(GRAPHICS CARD) (HKLM-x32\...\{3FEA20CC-0045-424A-B047-EC0A0C69307C}) (Version: 0.0.4.1 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{B194D9CE-9890-3B82-BAAB-C9CE17297792}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{036CD246-06B8-EABE-1A0C-16F53E3F980A}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{9143B772-A0AC-F801-D3AD-DC25A0C8496E}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F002E7B-FC0F-EC77-D716-4CA99D933C78}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{65B1F03B-EC90-4852-4530-F70B673DDDD4}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8289069C-E14E-0E3A-4167-AAFA52BB6F84}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{CBAA3D5F-558C-3274-35E5-C43D55BD695C}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A937E802-0548-0833-D9C0-8B9C9102B620}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{30159AAA-5B26-78A7-C68C-BCFB8CED9A27}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{9C1A7DA3-C9EA-EA92-CBDA-668A1A749762}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{591CBA0C-8BF1-8A57-AD2B-A6AB91C34EBE}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{5499CF3F-326F-61E5-E429-EF7CE2E119C1}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{866F4B0F-8BE7-8E60-AC08-886BA2056340}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{BA8CFCE3-6807-5792-FA4A-75EB2CACF34B}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{248CF3DE-9D73-ED1F-26E6-B2668AD3B727}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DEF153DB-82F4-003C-A384-904CF3938280}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2ECB610-5F1C-DD99-A479-D14D42859668}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A17A3D4D-9B1B-9AAD-E439-AD0F2BA43780}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{C1ECC4EC-DC50-C56F-0005-551DD1E964C7}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{69BAA459-0950-B299-3F67-2DEB41748A42}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2026.0 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Essential (HKLM-x32\...\{F2D0453E-3783-490D-9D48-7CC648C4ADFB}) (Version: 1.0 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Premium 1 (HKLM-x32\...\{1B3E7144-6051-455B-809F-50E3CF913869}) (Version: 1 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Premium 2 (HKLM-x32\...\{CF520E54-7DB7-4402-B581-FC0D6734D0C6}) (Version: 2 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
Discord (HKU\S-1-5-21-443170362-3614580758-3214794497-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441274\...\Discord) (Version: 0.0.300 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
MakeMKV v1.9.8 (HKLM-x32\...\MakeMKV) (Version: v1.9.8 - GuinpinSoft inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-443170362-3614580758-3214794497-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441274\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.12.32066 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
qBittorrent 3.3.15 (HKLM-x32\...\qBittorrent) (Version: 3.3.15 - The qBittorrent project)
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.39.1040 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}) (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
STEEP (HKLM-x32\...\Uplay Install 3445) (Version:  - Ubisoft)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.7 - Electronic Arts, Inc.)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.14 - Tweaking.com)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.24.0 (HKLM\...\VulkanRT1.0.24.0) (Version: 1.0.24.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.24.0 (HKLM\...\VulkanRT1.0.24.0-2) (Version: 1.0.24.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-443170362-3614580758-3214794497-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers4-x32: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E151D8A-6D9F-438B-8103-61A54AFECE47} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14B2E39D-B1FF-46D2-B163-43CD154D11C5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17C2C3B5-0658-4533-B076-3E6D116FAB94} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1BBBB4B0-36F3-4E23-A587-62E6BF2643F8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {21836A47-C8CD-4C5B-B32E-4921349A6B95} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {232C7842-0409-43CD-B238-C5B957297AA7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29090F5D-69AE-4E95-A68E-09D10E5AC4EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {303552F8-D408-4194-89ED-F21BF47C6632} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30E18CC5-189E-405F-866B-59C46D55AB24} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3474CC22-8464-4617-AB55-94DF8491092F} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2016-07-12] (TODO: <Company name>)
Task: {363F83ED-7526-46AD-A71E-D2A9B6F37881} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {366D42F9-B99B-46D3-8156-A362B5AB2A08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {36FA596C-4BA0-4F92-91B6-6CCCC6290327} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A0B0ECF-BB24-4D5E-89B8-667BE28CA017} - System32\Tasks\ASUS Live Update Task Schedule => C:\Program Files (x86)\ASUS\GPU Tweak\ASUSLiveUpdate.exe
Task: {45688411-E060-4544-BA85-68A8F9611AD1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B03096A-1859-4F4A-9F42-F586AF9AE716} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4FD3C273-ACB2-4EF0-8FB1-E0CE84660DDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {54E94A22-951C-4183-A8CF-6F56D70513DB} - \fXOIgYexCyn2 -> No File <==== ATTENTION
Task: {5653E439-668F-4C04-89C7-073F3F890A35} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {56F780EF-583F-4EAF-BA52-714AAFDF861A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {57FF701D-A787-47B2-B668-F3AFCC9DF019} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {668C9CE6-9485-4807-8EAB-EE99DC5DD362} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A68AA8A-8960-4DAC-8AB6-D326EF9EB490} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {76069755-7791-4CDE-AB50-57EFC2C3A2D5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8EDCF8B8-1745-4851-9628-9040EC642674} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {95E335F6-80CA-4EEC-9670-9A883FBA4CB8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AD56306-7D03-4452-96A2-473643BA6A06} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9C9B8587-97C1-4FC6-AF5B-962D7BB29172} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {AB6FC0F2-1AED-4835-8B03-1DC24AD84F7B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B44AD80F-58F8-4F88-8E1D-EBD4E2D83E41} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-17] (Microsoft Corporation)
Task: {B815BD7F-7D84-4535-B62C-7CB519FBDC3B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3A1ED77-C042-482F-9396-815A00055C2F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C534FA13-935D-45F1-BFAD-23DDBAA47BC9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6F2E9BC-B7D4-47D1-B8C7-7AD1D26B5365} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CF0E20F5-BDA4-4A8D-B61C-76DE6A832E7A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E89125F0-3848-4BC8-9A71-4EDB9D7B2775} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB477469-8170-4D95-9DE6-6FBAB3C67AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC35DE5F-8E58-44DA-A754-AA75AF9C2158} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F61D9D0D-E387-4C76-9E4D-8EA74692896B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6C960D5-3AF8-4654-974D-E7F0F8D1066B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F7BBF2D6-DE3E-48A1-B888-80058005E639} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7C50DE6-7E7B-4CA9-A9BA-949CEF871ABA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F83A5055-5DA4-4AD3-9DAD-1B5745667C46} - System32\Tasks\Open Hardware Monitor\Startup => C:\Users\H0llow\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
Task: {FADA54B3-87A2-4B9E-AC84-CA1538303658} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FB09044B-5C0A-459B-83A4-C6D536F2E050} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-30 10:47 - 2015-09-01 07:41 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2018-03-04 18:16 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-04 18:16 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-12 12:21 - 2017-12-12 12:21 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 12:21 - 2017-12-12 12:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-09 14:54 - 2018-01-03 03:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 14:54 - 2018-01-03 03:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-11-21 17:26 - 2017-11-21 17:26 - 001420048 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2017-11-21 17:26 - 2017-11-21 17:26 - 000142096 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2016-12-26 16:29 - 2016-07-05 21:18 - 001744384 _____ () C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\Vender.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\UmmyVideoDownloader.exe:altmb [10]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2018-02-28 18:28 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441102\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441180\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\H0llow\Pictures\Wallpapers\dark.jpg
HKU\S-1-5-21-443170362-3614580758-3214794497-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182441274\Control Panel\Desktop\\Wallpaper -> C:\Users\H0llow\Pictures\Wallpapers\dark.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03042018182442368\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "VIAxHCUtl"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "OGMgmmouseRun"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4204EB94-F4C6-4358-BFFE-8247A10DBF82}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{76DFEB8B-9D3A-4E87-8398-278E12CC6899}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{65005575-27AC-4A7A-BAF7-3A5B99759CD7}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{4923988F-21A4-4434-AC63-2E63ECB1F8A1}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{46FCC205-0FC3-4EF4-AADE-3F8E9D3DFDCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{030CF015-D06E-4046-A4C7-41F520EE463A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{49F02506-A514-4439-8257-7146DDCE72E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{7E96AF23-B62B-4DC3-9477-A39AC3F086C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{87F1A5EE-9AA7-4CB6-BAE8-F86E2C6E5D87}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{63474624-9DAB-4252-A461-005F23AD9794}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{9E9F6075-2085-4194-8C8C-38E237DCA83A}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe
FirewallRules: [{685B9C1C-4CA9-40CC-A78F-D2E39ED59ECA}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe
FirewallRules: [UDP Query User{868E5B5D-6FF4-4293-956F-2493C2807D90}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{E723F124-9CFE-4D20-8BEB-BA6F11A11B59}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{3C0CC5D5-B1E9-4B22-926B-25F77E59AB00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OlliOlli2\olliolli2.exe
FirewallRules: [{95828B9E-9547-46B7-9356-662ABEEE9672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OlliOlli2\olliolli2.exe
FirewallRules: [{BB31CD75-341D-438C-B95E-843EEAAD36F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kopanito All-Stars Soccer\nw.exe
FirewallRules: [{FF077704-801E-4891-B32B-953F1F94C558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kopanito All-Stars Soccer\nw.exe
FirewallRules: [UDP Query User{B18153FC-E3B4-4D90-922C-81344255907E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7865F504-6EDF-4FB3-8106-B63229E90C7E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E7EC7A6A-5E7F-4C11-8637-4AAA53724CC2}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{228B13DE-A0B5-4371-84DB-3A9D64D9F011}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{4391416A-C738-4242-9484-91B9A107661A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{301129F3-1193-4AE8-B855-968E233989B0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{766319D3-381F-410C-B258-29B01FC6FD09}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7ED8088A-E9AF-4C1D-B5A1-E725926C71BF}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{EEB8EC8E-A882-4B42-ACB1-4D94F83C69E1}] => (Allow) C:\Users\H0llow\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6BA2D0D0-63D9-4712-A3A0-F55CBBA2AC3F}] => (Allow) C:\Users\H0llow\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45A6B8B8-C104-401E-97AE-A339ADA38A1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E500DCB5-22EE-48E5-9A24-238AEB28A048}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E93EB5D2-9C07-4A21-82E0-C5EEB9B3049D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{86762971-5A61-4539-99DA-BAF2EAB3C9CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BA676C0-1FB6-4EF7-8FE6-2CC53463A5CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{855F76F4-BFAA-40CE-89C3-F03F7D3AED75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{FD793548-4818-4A3A-8DED-D8316E94E9BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{21C674A2-886C-4B48-8D86-C2680103F1C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{156A0A18-6D40-48FD-8B48-DBA1784481F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{0B59F649-0ECC-4902-AF58-3F903842FE31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{EC9067E1-7EBB-440A-AA15-3C9B998F771A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{B6C5BD40-11ED-4691-B7E2-EF902AD5CC4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A258FFC9-83F7-4F84-91F6-60CB501A7EB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{C21D7F02-784D-4DFB-8ACA-E7D846664710}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{D3877D31-5067-490F-A161-10C1B3D71838}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A3BE3C3B-62AD-4036-B280-83C944EA023F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{33AD7273-A156-418C-9E6C-E9B2C4B6250E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4C86F045-4B35-4573-AA6F-F5BFBABE928C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B018C0A-75A1-4D91-9854-A4217B5FBF0F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\STEEP\steep.exe
FirewallRules: [{FE570C10-88BE-4AC2-9938-60EC815023D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{03A47F4F-A43E-47A4-A01E-A307D3A7A743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{95402241-9394-46E8-9A44-0520A0FB002E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steep\steep.exe
FirewallRules: [{B2405EE3-3314-46DE-A44A-80F4800DBF88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steep\steep.exe
FirewallRules: [{6C8CB537-63AD-4F1E-85B2-6C6D5F21CBB9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{951B78F4-1A81-4696-9B29-E9D3F3DDAB00}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{347274E5-F7C8-4938-BB02-D23C4BD1E712}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{CE8D1749-5CE5-4237-B470-350C4D6B1524}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{DC7E43CD-667E-4F07-A57D-901F5EC94B55}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{2E0BEB5E-705A-4B5A-BC3F-35652E68AE79}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{D4394682-4126-4961-A743-9CAFA25587E9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{6835D7AE-A64C-458F-B1EF-7466D52C9A30}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{422AD105-CBFE-409F-97A1-CCE166ECAD90}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE
FirewallRules: [{8FEF5BD1-48C2-4C2E-BCFD-4E51C329FAB4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4E3CB5C1-433A-4D09-95D8-EA1153DFF86C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{DEA688AC-7DE8-42A0-8FA9-71E8FADBFD58}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C45DC68C-6C40-471E-9ADA-D96113F5AD33}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A2D23C8A-7805-4DDC-931E-CDB92B9EF08E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F9B5CF67-6F1B-4B67-B12C-B73467E1DD75}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{3EAA699B-EA4C-4C31-B2D9-0580A875B24F}C:\users\h0llow\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h0llow\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7F1CC46F-BD88-4E71-82DF-63BA58C668E7}C:\users\h0llow\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h0llow\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B808F27B-A2A1-484D-90CC-05FD27F69B4A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8109D14E-B9A6-4784-BBC0-F807FD910AA0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{BEE83B8B-4273-4675-851D-C4AB62E9BC75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{1C161F17-0204-47DD-975B-7916F275492B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{668AA4A1-0124-4273-94CE-37BD2DCC7579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{055ED0C9-F0BC-47A5-A7F9-DDBA26AA39E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{AA38B6EA-CD74-4556-9EE9-1D673AA87F88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6FB8546E-8F13-4BFF-B9ED-6A04A622BAD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Song of the Deep\SOTD.exe
FirewallRules: [{1654D3AD-17BC-473B-B14C-A20CA97B657E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Song of the Deep\SOTD.exe
FirewallRules: [{707B5BBE-1746-44C8-9517-6775BCC73F61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron EX.exe
FirewallRules: [{8D1A72D5-AA9E-4F58-A0FB-DCADB16676EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron EX.exe
FirewallRules: [{BFD2B9A0-DB7D-4F6A-ABCC-AE5B6E212598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron.exe
FirewallRules: [{523A48DB-A45A-4428-B63D-03E59C773EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron.exe
FirewallRules: [{4A858713-9F98-4629-99E4-045930D73807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{A621C109-5C68-4182-BBFE-09A36858E02A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{2B259317-6F7A-42D9-92CC-71EB2D6B2A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{4CD545B6-CABE-45BF-A63C-F1220382AD43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{B9A25881-4FFA-4F3F-87EC-EDA8FA7F4225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{FB14197D-69B7-4D58-9882-28D4D849903C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{8F8499D4-BA84-4A59-AFA9-01C1C8BCC650}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{CBC20471-1186-4DA6-A492-36736D5AC075}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{B197EEA8-CC91-440F-8235-023F65F540F8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B6B2A3B0-0041-4074-9732-1B60848CEB18}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{114C2FAF-3C8F-4877-A293-221C7B3FB204}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{1008782E-C1EC-4283-98CB-B5A049F771B1}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{D3F47FE0-4721-4E46-9D86-0D945DF4861C}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{178801B2-1722-45F8-BDB0-704EF80BB116}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{E94CF13C-0597-4258-B7CB-0806511B1B34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{87E771B5-7416-4425-9ECD-90550C9E80B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C8D86FA4-48FF-41D8-90AF-DB2C9A77E24C}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2018 06:08:41 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_64_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL ASP.NET_64_2.0.50727 in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/03/2018 08:54:26 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
 
System errors:
=============
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/04/2018 07:13:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
 
Date: 2018-03-04 18:54:14.547
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:54:14.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:54:07.156
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:54:07.012
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:29:32.360
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:29:32.160
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:29:28.448
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:29:24.585
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 16%
Total physical RAM: 16332.28 MB
Available physical RAM: 13568.97 MB
Total Virtual: 17356.28 MB
Available Virtual: 13877.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.85 GB) (Free:411.6 GB) NTFS
 
\\?\Volume{79a0e2e2-45c7-42eb-91fd-1e4ac7a29a8a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{a7296dd7-3ad4-4ced-9907-4b30b8ca98bd}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 80EBCC0B)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:58 PM

Posted 04 March 2018 - 08:55 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

The computer is infected with a variant of the SmarService Rootkit. Very difficult to remove, but with the right protocol we may be able to do so.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file [attachment=202702:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:
  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.
Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 h0lloway

h0lloway
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 04 March 2018 - 09:09 PM

Sincerest apologies for duplicates, had cloudflare issues. 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:58 PM

Posted 05 March 2018 - 03:27 PM

Sincerest apologies for duplicates, had cloudflare issues. 

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 h0lloway

h0lloway
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 06 March 2018 - 08:55 PM

Sorry for the delayed response, needed a windows disk to get to recovery mode.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by SYSTEM on MININT-48433K9 (06-03-2018 19:45:08)
Running from e:\
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart\ogmmon.exe [3386880 2014-05-19] ()
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\H0llow\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
HKU\H0llow\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
HKU\H0llow\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\hkismwda" => removed successfully
C:\Windows\System32\drivers\dwsuxbeh.sys => moved successfully
"HKLM\System\ControlSet001\Services\svvvyy" => removed successfully
C:\Users\H0llow\AppData\Local\atsgxdw\atsgxdw.exe => moved successfully
C:\Users\H0llow\AppData\Local\atsgxdw\vdekizu.exe => moved successfully
C:\Users\H0llow\AppData\Local\pcdubxm\wmeigac.exe => moved successfully
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-31] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2018-01-30] (EasyAntiCheat Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2156864 2018-02-14] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3026760 2018-02-14] (Electronic Arts)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-22] (CyberLink)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 Adguard Service; "C:\Program Files (x86)\Adguard\AdguardSvc.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110088 2017-04-25] (Advanced Micro Devices)
S1 BfLwf; C:\Windows\system32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-03-04] (Malwarebytes)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8213328 2018-01-31] (Realtek Semiconductor Corporation )
S2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-07] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\drivers\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SteamStreamingMicrophone; C:\Windows\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
S3 SteamStreamingSpeakers; C:\Windows\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-20] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-28] (Zemana Ltd.)
S1 adgnetworkwfpdrv; system32\drivers\adgnetworkwfpdrv.sys [X]
S3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 19:35 - 2018-03-06 19:35 - 000000000 _____ C:\Recovery.txt
2018-03-05 20:20 - 2018-03-05 20:20 - 000000000 ____D C:\Users\Public\Documents\Cocosenor Product Key Tuner
2018-03-04 17:45 - 2018-03-04 17:57 - 000095793 _____ C:\Users\H0llow\Downloads\words.txt
2018-03-04 17:19 - 2018-03-04 17:19 - 000068124 _____ C:\Users\H0llow\Downloads\Addition.txt
2018-03-04 17:18 - 2018-03-04 17:19 - 000027165 _____ C:\Users\H0llow\Downloads\FRST.txt
2018-03-04 17:13 - 2018-03-04 17:19 - 000000000 ____D C:\FRST
2018-03-04 17:11 - 2018-03-04 17:11 - 002403328 _____ (Farbar) C:\Users\H0llow\Downloads\FRST64.exe
2018-03-04 16:44 - 2018-03-04 16:45 - 000014156 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_18.44.19_log.txt
2018-03-04 16:30 - 2018-03-04 16:53 - 000001962 _____ C:\Users\H0llow\Desktop\HitmanPro.lnk
2018-03-04 16:17 - 2018-03-04 16:28 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-03-04 16:16 - 2018-03-04 16:16 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-04 16:16 - 2017-11-29 07:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-03-04 16:09 - 2018-03-04 16:09 - 000000259 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2018-03-04 16:09 - 2018-03-04 16:09 - 000000259 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2018-03-04 16:09 - 2018-03-04 16:09 - 000000259 _____ C:\ProgramData\fontcacheev1.dat
2018-03-04 16:03 - 2018-03-04 16:29 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-04 15:37 - 2018-03-04 15:57 - 000013544 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_17.37.42_log.txt
2018-03-03 22:07 - 2018-03-03 22:07 - 000000562 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_00.07.02_log.txt
2018-03-03 19:34 - 2018-03-04 15:36 - 000000085 _____ C:\Windows\wininit.ini
2018-02-28 20:28 - 2018-03-06 17:31 - 000032231 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-28 20:28 - 2018-03-04 16:29 - 000061879 _____ C:\Windows\ZAM.krnl.trace
2018-02-28 20:27 - 2018-02-28 20:32 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-02-28 20:27 - 2018-02-28 20:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2018-02-28 20:27 - 2018-02-28 20:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\Zemana
2018-02-28 20:27 - 2018-02-28 20:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-02-28 18:43 - 2018-03-04 16:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-28 18:43 - 2018-03-04 15:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-28 18:43 - 2018-02-28 18:43 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-02-28 18:36 - 2018-02-28 18:38 - 000020100 _____ C:\TDSSKiller.3.1.0.16_28.02.2018_20.36.57_log.txt
2018-02-28 17:16 - 2018-02-28 17:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-27 20:23 - 2018-03-06 17:26 - 000919306 _____ C:\Windows\System32\PerfStringBackup.INI
2018-02-27 19:31 - 2018-02-27 19:31 - 000000207 _____ C:\Windows\tweaking.com-regbackup-H0LLOW-PC-Windows-10-Home-(64-bit).dat
2018-02-27 19:31 - 2018-02-27 19:31 - 000000000 ____D C:\RegBackup
2018-02-27 18:55 - 2018-02-27 18:55 - 004944584 _____ (AO Kaspersky Lab) C:\Users\H0llow\Desktop\tdsskiller.exe
2018-02-27 18:52 - 2018-02-27 18:52 - 000194338 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-02-27 18:52 - 2018-02-27 18:52 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-02-27 18:52 - 2018-02-27 18:52 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-27 18:19 - 2018-03-01 18:29 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-24 19:36 - 2018-02-24 19:36 - 000000000 ____D C:\Users\H0llow\AppData\Local\Apps\2.0
2018-02-24 19:24 - 2018-02-24 19:24 - 000001844 _____ C:\Windows\System32\.crusader
2018-02-24 19:08 - 2018-02-24 19:26 - 000003646 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-24 19:07 - 2018-03-06 17:32 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-02-24 18:39 - 2018-03-04 16:53 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-02-24 18:39 - 2018-03-04 16:49 - 000000000 ____D C:\AdwCleaner
2018-02-24 18:39 - 2018-02-24 18:39 - 000000000 ____D C:\Program Files\HitmanPro
2018-02-24 18:38 - 2018-02-24 19:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-24 18:38 - 2018-02-24 18:38 - 008222496 _____ (Malwarebytes) C:\Users\H0llow\Desktop\AdwCleaner.exe
2018-02-24 17:41 - 2018-02-24 17:41 - 000000000 ____D C:\Windows\pss
2018-02-24 17:28 - 2018-02-28 15:59 - 000000000 ____D C:\Users\H0llow\AppData\Local\raotzgp
2018-02-24 17:25 - 2018-03-06 19:45 - 000000000 ____D C:\Users\H0llow\AppData\Local\pcdubxm
2018-02-24 17:25 - 2018-03-06 19:45 - 000000000 ____D C:\Users\H0llow\AppData\Local\atsgxdw
2018-02-24 17:05 - 2018-03-06 17:21 - 002888704 _____ C:\Windows\System32\cgcndrvsvc.exe
2018-02-24 17:05 - 2018-02-24 19:01 - 000000000 ____D C:\Users\H0llow\AppData\Local\crukh
2018-02-24 17:05 - 2018-02-24 17:05 - 002095707 _____ C:\ProgramData\zun.exe
2018-02-24 17:05 - 2018-02-24 17:05 - 000000362 _____ C:\ProgramData\settings.uvd
2018-02-24 17:05 - 2018-02-24 17:05 - 000000000 ____D C:\Windows\SysWOW64\avrtuxs
2018-02-24 17:05 - 2018-02-24 17:05 - 000000000 ____D C:\Windows\System32\avrtuxs
2018-02-24 17:05 - 2018-02-24 17:05 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\et
2018-02-24 17:05 - 2018-02-24 17:05 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\1337
2018-02-24 17:05 - 2018-02-24 17:05 - 000000000 ____D C:\ProgramData\save
2018-02-24 17:05 - 2018-02-24 17:05 - 000000000 ____D C:\ProgramData\1.8.3.3
2018-02-24 17:05 - 2018-02-19 18:26 - 002225152 _____ C:\ProgramData\opengl.exe
2018-02-23 18:19 - 2018-02-23 18:19 - 000047239 _____ C:\Windows\uninstaller.dat
2018-02-20 20:00 - 2018-02-20 20:00 - 001254495 _____ C:\ProgramData\unins000.exe
2018-02-20 20:00 - 2018-02-20 20:00 - 000084831 _____ C:\ProgramData\unins000.dat
2018-02-09 18:17 - 2018-02-10 18:25 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\dvdcss
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 17:32 - 2017-12-12 09:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-06 17:32 - 2017-09-29 00:45 - 028311552 _____ C:\Windows\System32\config\HARDWARE
2018-03-06 17:32 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-03-06 17:31 - 2015-05-30 08:45 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\vlc
2018-03-06 17:21 - 2017-12-12 08:34 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-03-05 20:45 - 2015-01-05 18:37 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-05 20:23 - 2017-04-26 16:09 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-05 18:13 - 2017-12-12 10:17 - 000000000 ____D C:\Windows\System32\msmq
2018-03-05 17:22 - 2017-12-31 10:43 - 000000000 ____D C:\Windows\Minidump
2018-03-04 18:51 - 2017-12-12 08:45 - 000000000 ____D C:\users\H0llow
2018-03-04 18:51 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-03-04 16:43 - 2016-02-02 17:00 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-04 16:16 - 2014-11-11 05:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 18:27 - 2017-12-12 08:34 - 000309976 _____ C:\Windows\System32\FNTCACHE.DAT
2018-02-28 16:42 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-02-28 16:23 - 2017-04-26 16:10 - 000889858 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-27 20:54 - 2009-07-13 18:34 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_543
2018-02-27 20:03 - 2009-07-13 18:34 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_528
2018-02-27 18:49 - 2014-10-12 09:05 - 000000000 ____D C:\Users\H0llow\AppData\Local\ElevatedDiagnostics
2018-02-26 18:57 - 2017-12-12 09:01 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-24 17:05 - 2018-01-10 10:13 - 012160728 _____ C:\ProgramData\UmmyVideoDownloader.exe
2018-02-24 17:05 - 2017-08-19 16:43 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\qBittorrent
2018-02-23 15:59 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-02-23 15:58 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-23 15:58 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-02-21 16:23 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-02-17 21:10 - 2016-11-19 14:18 - 000000000 ____D C:\Users\H0llow\AppData\Local\Ubisoft Game Launcher
2018-02-17 18:09 - 2014-10-12 08:54 - 000000000 ____D C:\Windows\System32\MRT
2018-02-17 18:07 - 2017-10-10 18:01 - 130067560 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-02-17 18:07 - 2014-10-12 08:54 - 130067560 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-02-08 16:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-02-06 19:03 - 2014-10-12 09:45 - 000000000 ____D C:\Users\H0llow\AppData\Local\Battle.net
2018-02-06 18:12 - 2014-10-12 09:50 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-02-06 18:10 - 2014-10-12 09:45 - 000000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 5%
Total physical RAM: 16332.26 MB
Available physical RAM: 15418.09 MB
Total Virtual: 16332.26 MB
Available Virtual: 15460.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.85 GB) (Free:410.65 GB) NTFS
Drive d: (ESD-ISO) (CDROM) (Total:3.39 GB) (Free:0 GB) UDF
Drive e: (KH) (Removable) (Total:14.52 GB) (Free:14.52 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
\\?\Volume{a7296dd7-3ad4-4ced-9907-4b30b8ca98bd}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 80EBCC0B)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: B767BC57)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)
 
LastRegBack: 2018-02-24 19:44
 
==================== End of FRST.txt ============================
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by SYSTEM (06-03-2018 19:46:53) Run:1
Running from e:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Reg: Reg delete HKLM\SYSTEM\CurrentControlSet\Services\hkismwda /f
C:\WINDOWS\system32\drivers\dwsoruyb.sys
C:\Windows\System32\cgcndrvsvc.exe
C:\Users\H0llow\AppData\Local\atsgxdw
C:\Users\H0llow\AppData\Local\pcdubxm
R3 oruxbe; system32\drivers\uxbehk.sys [X]
S3 svvvyy; system32\drivers\loooss.sys [X]
C:\Users\H0llow\AppData\Local\raotzgp
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
 
========= Reg delete HKLM\SYSTEM\CurrentControlSet\Services\hkismwda /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
"C:\WINDOWS\system32\drivers\dwsoruyb.sys" => not found
C:\Windows\System32\cgcndrvsvc.exe => moved successfully
C:\Users\H0llow\AppData\Local\atsgxdw => moved successfully
C:\Users\H0llow\AppData\Local\pcdubxm => moved successfully
oruxbe => service not found.
svvvyy => service not found.
C:\Users\H0llow\AppData\Local\raotzgp => moved successfully
 
==== End of Fixlog 19:47:24 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by H0llow (administrator) on H0LLOW-PC (06-03-2018 19:51:15)
Running from C:\Users\H0llow\Desktop
Loaded Profiles: H0llow (Available Profiles: H0llow & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart\ogmmon.exe [3386880 2014-05-19] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-10-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{18d498cf-e3bc-4eba-8967-979684594dea}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3c099171-df5a-11e7-94e8-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{563fe56b-d678-42ee-8514-19be2637074c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{563fe56b-d678-42ee-8514-19be2637074c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{64fac57c-b17b-43bd-bab7-dd3d903ec122}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7f472b95-437f-40b7-89bc-aff5a6a8c751}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{80ca9923-0df6-4c8f-9059-fa9a91303a58}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{b75936de-8feb-4c79-a965-cb88a8725ec7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b75936de-8feb-4c79-a965-cb88a8725ec7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default [2018-03-05]
CHR Extension: (Google Drive) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09]
CHR Extension: (Audio Cutter) - C:\Users\H0llow\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2017-03-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-31] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2018-01-30] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2156864 2018-02-14] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3026760 2018-02-14] (Electronic Arts)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-22] (CyberLink)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 Adguard Service; "C:\Program Files (x86)\Adguard\AdguardSvc.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-03-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-03-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-03-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-03-04] (Malwarebytes)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [8213328 2018-01-31] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 RzSynapse; C:\WINDOWS\System32\drivers\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-28] (Zemana Ltd.)
S1 adgnetworkwfpdrv; system32\drivers\adgnetworkwfpdrv.sys [X]
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 21:35 - 2018-03-06 21:47 - 000000000 _____ C:\Recovery.txt
2018-03-06 19:51 - 2018-03-06 19:52 - 000010916 _____ C:\Users\H0llow\Desktop\FRST.txt
2018-03-06 19:50 - 2018-03-06 19:39 - 002403328 _____ (Farbar) C:\Users\H0llow\Desktop\FRST64.exe
2018-03-06 19:49 - 2018-03-06 19:49 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-06 19:49 - 2018-03-06 19:49 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-06 19:49 - 2018-03-06 19:49 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-06 19:49 - 2018-03-06 19:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-05 22:20 - 2018-03-05 22:20 - 000000000 ____D C:\Users\Public\Documents\Cocosenor Product Key Tuner
2018-03-04 19:45 - 2018-03-04 19:57 - 000095793 _____ C:\Users\H0llow\Downloads\words.txt
2018-03-04 19:19 - 2018-03-04 19:19 - 000068124 _____ C:\Users\H0llow\Downloads\Addition.txt
2018-03-04 19:18 - 2018-03-04 19:19 - 000027165 _____ C:\Users\H0llow\Downloads\FRST.txt
2018-03-04 19:13 - 2018-03-06 19:51 - 000000000 ____D C:\FRST
2018-03-04 19:11 - 2018-03-04 19:11 - 002403328 _____ (Farbar) C:\Users\H0llow\Downloads\FRST64.exe
2018-03-04 18:44 - 2018-03-04 18:45 - 000014156 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_18.44.19_log.txt
2018-03-04 18:30 - 2018-03-04 18:53 - 000001962 _____ C:\Users\H0llow\Desktop\HitmanPro.lnk
2018-03-04 18:17 - 2018-03-04 18:28 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-04 18:16 - 2018-03-04 18:16 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-04 18:16 - 2018-03-04 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-04 18:16 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ C:\ProgramData\fontcacheev1.dat
2018-03-04 18:03 - 2018-03-04 18:29 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-04 17:37 - 2018-03-04 17:57 - 000013544 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_17.37.42_log.txt
2018-03-04 00:07 - 2018-03-04 00:07 - 000000562 _____ C:\TDSSKiller.3.1.0.16_04.03.2018_00.07.02_log.txt
2018-03-03 21:34 - 2018-03-04 17:36 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-02-28 22:28 - 2018-03-06 19:51 - 000020442 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-02-28 22:28 - 2018-03-04 18:29 - 000061879 _____ C:\WINDOWS\ZAM.krnl.trace
2018-02-28 22:27 - 2018-02-28 22:32 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-02-28 22:27 - 2018-02-28 22:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-02-28 22:27 - 2018-02-28 22:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\Zemana
2018-02-28 22:27 - 2018-02-28 22:27 - 000000000 ____D C:\Users\H0llow\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-02-28 20:43 - 2018-03-04 18:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-28 20:43 - 2018-03-04 17:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-02-28 20:43 - 2018-02-28 20:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-02-28 20:36 - 2018-02-28 20:38 - 000020100 _____ C:\TDSSKiller.3.1.0.16_28.02.2018_20.36.57_log.txt
2018-02-28 19:16 - 2018-02-28 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-27 22:23 - 2018-03-06 19:26 - 000919306 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-27 21:31 - 2018-02-27 21:31 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-H0LLOW-PC-Windows-10-Home-(64-bit).dat
2018-02-27 21:31 - 2018-02-27 21:31 - 000000000 ____D C:\RegBackup
2018-02-27 20:55 - 2018-02-27 20:55 - 004944584 _____ (AO Kaspersky Lab) C:\Users\H0llow\Desktop\tdsskiller.exe
2018-02-27 20:52 - 2018-02-27 20:52 - 000194338 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-02-27 20:52 - 2018-02-27 20:52 - 000000574 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-02-27 20:52 - 2018-02-27 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-27 20:52 - 2018-02-27 20:52 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-27 20:19 - 2018-03-01 20:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-24 21:36 - 2018-02-24 21:36 - 000000000 ____D C:\Users\H0llow\AppData\Local\Apps\2.0
2018-02-24 21:24 - 2018-02-24 21:24 - 000001844 _____ C:\WINDOWS\system32\.crusader
2018-02-24 21:08 - 2018-02-24 21:26 - 000003646 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-24 21:07 - 2018-03-06 19:32 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-02-24 20:39 - 2018-03-04 18:53 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-02-24 20:39 - 2018-03-04 18:49 - 000000000 ____D C:\AdwCleaner
2018-02-24 20:39 - 2018-02-24 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-02-24 20:39 - 2018-02-24 20:39 - 000000000 ____D C:\Program Files\HitmanPro
2018-02-24 20:38 - 2018-02-24 21:24 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-24 20:38 - 2018-02-24 20:38 - 008222496 _____ (Malwarebytes) C:\Users\H0llow\Desktop\AdwCleaner.exe
2018-02-24 19:41 - 2018-02-24 19:41 - 000000000 ____D C:\WINDOWS\pss
2018-02-24 19:05 - 2018-02-24 21:01 - 000000000 ____D C:\Users\H0llow\AppData\Local\crukh
2018-02-24 19:05 - 2018-02-24 19:05 - 002095707 _____ C:\ProgramData\zun.exe
2018-02-24 19:05 - 2018-02-24 19:05 - 000000362 _____ C:\ProgramData\settings.uvd
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\WINDOWS\SysWOW64\avrtuxs
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\WINDOWS\system32\avrtuxs
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\et
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\1337
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\ProgramData\save
2018-02-24 19:05 - 2018-02-24 19:05 - 000000000 ____D C:\ProgramData\1.8.3.3
2018-02-24 19:05 - 2018-02-19 20:26 - 002225152 _____ C:\ProgramData\opengl.exe
2018-02-23 20:19 - 2018-02-23 20:19 - 000047239 _____ C:\WINDOWS\uninstaller.dat
2018-02-20 22:00 - 2018-02-20 22:00 - 001254495 _____ C:\ProgramData\unins000.exe
2018-02-20 22:00 - 2018-02-20 22:00 - 000084831 _____ C:\ProgramData\unins000.dat
2018-02-09 20:17 - 2018-02-10 20:25 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\dvdcss
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 19:49 - 2017-12-12 11:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-06 19:32 - 2017-09-29 02:45 - 028311552 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-06 19:32 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-06 19:31 - 2015-05-30 10:45 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\vlc
2018-03-06 19:21 - 2017-12-12 10:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-05 22:45 - 2015-01-05 20:37 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-05 22:23 - 2017-04-26 18:09 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-05 20:13 - 2017-12-12 12:17 - 000000000 ____D C:\WINDOWS\system32\msmq
2018-03-05 19:22 - 2017-12-31 12:43 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-04 20:51 - 2017-12-12 10:45 - 000000000 ____D C:\Users\H0llow
2018-03-04 20:51 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-04 18:43 - 2016-02-02 19:00 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-04 18:16 - 2014-11-11 07:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 20:27 - 2017-12-12 10:34 - 000309976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-28 18:42 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-28 18:23 - 2017-04-26 18:10 - 000889858 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-02-27 22:54 - 2009-07-13 20:34 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_543
2018-02-27 22:03 - 2009-07-13 20:34 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_528
2018-02-27 20:49 - 2014-10-12 11:05 - 000000000 ____D C:\Users\H0llow\AppData\Local\ElevatedDiagnostics
2018-02-26 20:57 - 2017-12-12 11:01 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-24 19:05 - 2018-01-10 12:13 - 012160728 _____ C:\ProgramData\UmmyVideoDownloader.exe
2018-02-24 19:05 - 2017-08-19 18:43 - 000000000 ____D C:\Users\H0llow\AppData\Roaming\qBittorrent
2018-02-23 17:59 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-23 17:58 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-23 17:58 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-21 18:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-17 23:10 - 2016-11-19 16:18 - 000000000 ____D C:\Users\H0llow\AppData\Local\Ubisoft Game Launcher
2018-02-17 20:09 - 2014-10-12 10:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-17 20:07 - 2017-10-10 20:01 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-17 20:07 - 2014-10-12 10:54 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-08 18:45 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-06 21:03 - 2014-10-12 11:45 - 000000000 ____D C:\Users\H0llow\AppData\Local\Battle.net
2018-02-06 20:12 - 2014-10-12 11:50 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-02-06 20:10 - 2014-10-12 11:45 - 000000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2018-03-04 18:09 - 2018-03-04 18:09 - 000000259 _____ () C:\ProgramData\fontcacheev1.dat
2018-02-24 19:05 - 2018-02-19 20:26 - 002225152 _____ () C:\ProgramData\opengl.exe
2018-01-10 12:13 - 2018-02-24 19:05 - 012160728 _____ () C:\ProgramData\UmmyVideoDownloader.exe
2018-02-20 22:00 - 2018-02-20 22:00 - 000084831 _____ () C:\ProgramData\unins000.dat
2018-02-20 22:00 - 2018-02-20 22:00 - 001254495 _____ () C:\ProgramData\unins000.exe
2018-02-24 19:05 - 2018-02-24 19:05 - 002095707 _____ () C:\ProgramData\zun.exe
2014-10-12 12:18 - 2014-10-12 12:21 - 000000624 _____ () C:\Users\H0llow\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-12 11:25 - 2014-10-12 11:26 - 000000000 _____ () C:\Users\H0llow\AppData\Local\Driver_LOM_8161Present.flag
2015-12-26 22:09 - 2017-05-29 18:54 - 000007597 _____ () C:\Users\H0llow\AppData\Local\Resmon.ResmonCfg
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\H0llow\AppData\Local\Tempdivx19b1
2015-05-30 10:41 - 2015-05-30 10:41 - 000043682 _____ () C:\Users\H0llow\AppData\Local\Tempdivx266d
2015-05-30 10:16 - 2015-05-30 10:16 - 000043682 _____ () C:\Users\H0llow\AppData\Local\Tempdivx38bd
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\H0llow\AppData\Local\Tempdivx3ce2
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\H0llow\AppData\Local\Tempdivx470d
2015-05-30 10:16 - 2015-05-30 10:16 - 001328472 _____ (DivX, LLC) C:\Users\H0llow\AppData\Local\Tempdivx5ee9.exe
2015-05-30 10:16 - 2015-05-30 10:16 - 000043682 _____ () C:\Users\H0llow\AppData\Local\Tempdivxe93e
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-24 21:44
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by H0llow (06-03-2018 19:52:39)
Running from C:\Users\H0llow\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-12 17:02:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-443170362-3614580758-3214794497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-443170362-3614580758-3214794497-503 - Limited - Disabled)
Guest (S-1-5-21-443170362-3614580758-3214794497-501 - Limited - Disabled)
H0llow (S-1-5-21-443170362-3614580758-3214794497-1000 - Administrator - Enabled) => C:\Users\H0llow
HomeGroupUser$ (S-1-5-21-443170362-3614580758-3214794497-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-443170362-3614580758-3214794497-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AURA(GRAPHICS CARD) (HKLM-x32\...\{3FEA20CC-0045-424A-B047-EC0A0C69307C}) (Version: 0.0.4.1 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{B194D9CE-9890-3B82-BAAB-C9CE17297792}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{036CD246-06B8-EABE-1A0C-16F53E3F980A}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{9143B772-A0AC-F801-D3AD-DC25A0C8496E}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F002E7B-FC0F-EC77-D716-4CA99D933C78}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{65B1F03B-EC90-4852-4530-F70B673DDDD4}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8289069C-E14E-0E3A-4167-AAFA52BB6F84}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{CBAA3D5F-558C-3274-35E5-C43D55BD695C}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A937E802-0548-0833-D9C0-8B9C9102B620}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{30159AAA-5B26-78A7-C68C-BCFB8CED9A27}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{9C1A7DA3-C9EA-EA92-CBDA-668A1A749762}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{591CBA0C-8BF1-8A57-AD2B-A6AB91C34EBE}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{5499CF3F-326F-61E5-E429-EF7CE2E119C1}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{866F4B0F-8BE7-8E60-AC08-886BA2056340}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{BA8CFCE3-6807-5792-FA4A-75EB2CACF34B}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{248CF3DE-9D73-ED1F-26E6-B2668AD3B727}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DEF153DB-82F4-003C-A384-904CF3938280}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2ECB610-5F1C-DD99-A479-D14D42859668}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A17A3D4D-9B1B-9AAD-E439-AD0F2BA43780}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{C1ECC4EC-DC50-C56F-0005-551DD1E964C7}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{69BAA459-0950-B299-3F67-2DEB41748A42}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2026.0 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Essential (HKLM-x32\...\{F2D0453E-3783-490D-9D48-7CC648C4ADFB}) (Version: 1.0 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Premium 1 (HKLM-x32\...\{1B3E7144-6051-455B-809F-50E3CF913869}) (Version: 1 - CyberLink Corp.)
CyberLink PowerDirector Content Pack Premium 2 (HKLM-x32\...\{CF520E54-7DB7-4402-B581-FC0D6734D0C6}) (Version: 2 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
MakeMKV v1.9.8 (HKLM-x32\...\MakeMKV) (Version: v1.9.8 - GuinpinSoft inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-443170362-3614580758-3214794497-1000\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.12.32066 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
qBittorrent 3.3.15 (HKLM-x32\...\qBittorrent) (Version: 3.3.15 - The qBittorrent project)
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.39.1040 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}) (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
STEEP (HKLM-x32\...\Uplay Install 3445) (Version:  - Ubisoft)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.7 - Electronic Arts, Inc.)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.14 - Tweaking.com)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.24.0 (HKLM\...\VulkanRT1.0.24.0) (Version: 1.0.24.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.24.0 (HKLM\...\VulkanRT1.0.24.0-2) (Version: 1.0.24.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-443170362-3614580758-3214794497-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers4-x32: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E151D8A-6D9F-438B-8103-61A54AFECE47} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14B2E39D-B1FF-46D2-B163-43CD154D11C5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17C2C3B5-0658-4533-B076-3E6D116FAB94} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1BBBB4B0-36F3-4E23-A587-62E6BF2643F8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {21836A47-C8CD-4C5B-B32E-4921349A6B95} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {232C7842-0409-43CD-B238-C5B957297AA7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29090F5D-69AE-4E95-A68E-09D10E5AC4EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {303552F8-D408-4194-89ED-F21BF47C6632} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30E18CC5-189E-405F-866B-59C46D55AB24} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3474CC22-8464-4617-AB55-94DF8491092F} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2016-07-12] (TODO: <Company name>)
Task: {363F83ED-7526-46AD-A71E-D2A9B6F37881} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {366D42F9-B99B-46D3-8156-A362B5AB2A08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {36FA596C-4BA0-4F92-91B6-6CCCC6290327} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A0B0ECF-BB24-4D5E-89B8-667BE28CA017} - System32\Tasks\ASUS Live Update Task Schedule => C:\Program Files (x86)\ASUS\GPU Tweak\ASUSLiveUpdate.exe
Task: {45688411-E060-4544-BA85-68A8F9611AD1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B03096A-1859-4F4A-9F42-F586AF9AE716} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4FD3C273-ACB2-4EF0-8FB1-E0CE84660DDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {54E94A22-951C-4183-A8CF-6F56D70513DB} - \fXOIgYexCyn2 -> No File <==== ATTENTION
Task: {5653E439-668F-4C04-89C7-073F3F890A35} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {56F780EF-583F-4EAF-BA52-714AAFDF861A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {57FF701D-A787-47B2-B668-F3AFCC9DF019} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {668C9CE6-9485-4807-8EAB-EE99DC5DD362} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A68AA8A-8960-4DAC-8AB6-D326EF9EB490} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {76069755-7791-4CDE-AB50-57EFC2C3A2D5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8EDCF8B8-1745-4851-9628-9040EC642674} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {95E335F6-80CA-4EEC-9670-9A883FBA4CB8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AD56306-7D03-4452-96A2-473643BA6A06} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9C9B8587-97C1-4FC6-AF5B-962D7BB29172} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {AB6FC0F2-1AED-4835-8B03-1DC24AD84F7B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B44AD80F-58F8-4F88-8E1D-EBD4E2D83E41} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-17] (Microsoft Corporation)
Task: {B815BD7F-7D84-4535-B62C-7CB519FBDC3B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3A1ED77-C042-482F-9396-815A00055C2F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C534FA13-935D-45F1-BFAD-23DDBAA47BC9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6F2E9BC-B7D4-47D1-B8C7-7AD1D26B5365} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CF0E20F5-BDA4-4A8D-B61C-76DE6A832E7A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E89125F0-3848-4BC8-9A71-4EDB9D7B2775} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB477469-8170-4D95-9DE6-6FBAB3C67AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC35DE5F-8E58-44DA-A754-AA75AF9C2158} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F61D9D0D-E387-4C76-9E4D-8EA74692896B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6C960D5-3AF8-4654-974D-E7F0F8D1066B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F7BBF2D6-DE3E-48A1-B888-80058005E639} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7C50DE6-7E7B-4CA9-A9BA-949CEF871ABA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F83A5055-5DA4-4AD3-9DAD-1B5745667C46} - System32\Tasks\Open Hardware Monitor\Startup => C:\Users\H0llow\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
Task: {FADA54B3-87A2-4B9E-AC84-CA1538303658} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FB09044B-5C0A-459B-83A4-C6D536F2E050} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-04 18:16 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-12 12:21 - 2017-12-12 12:21 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 12:21 - 2017-12-12 12:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-26 16:29 - 2016-07-05 21:18 - 001744384 _____ () C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\Vender.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\UmmyVideoDownloader.exe:altmb [10]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2018-02-28 18:28 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-443170362-3614580758-3214794497-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\H0llow\Pictures\Wallpapers\dark.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "VIAxHCUtl"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "OGMgmmouseRun"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4204EB94-F4C6-4358-BFFE-8247A10DBF82}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{76DFEB8B-9D3A-4E87-8398-278E12CC6899}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{65005575-27AC-4A7A-BAF7-3A5B99759CD7}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{4923988F-21A4-4434-AC63-2E63ECB1F8A1}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{46FCC205-0FC3-4EF4-AADE-3F8E9D3DFDCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{030CF015-D06E-4046-A4C7-41F520EE463A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{49F02506-A514-4439-8257-7146DDCE72E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{7E96AF23-B62B-4DC3-9477-A39AC3F086C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{87F1A5EE-9AA7-4CB6-BAE8-F86E2C6E5D87}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{63474624-9DAB-4252-A461-005F23AD9794}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{9E9F6075-2085-4194-8C8C-38E237DCA83A}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe
FirewallRules: [{685B9C1C-4CA9-40CC-A78F-D2E39ED59ECA}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe
FirewallRules: [UDP Query User{868E5B5D-6FF4-4293-956F-2493C2807D90}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{E723F124-9CFE-4D20-8BEB-BA6F11A11B59}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{3C0CC5D5-B1E9-4B22-926B-25F77E59AB00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OlliOlli2\olliolli2.exe
FirewallRules: [{95828B9E-9547-46B7-9356-662ABEEE9672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OlliOlli2\olliolli2.exe
FirewallRules: [{BB31CD75-341D-438C-B95E-843EEAAD36F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kopanito All-Stars Soccer\nw.exe
FirewallRules: [{FF077704-801E-4891-B32B-953F1F94C558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kopanito All-Stars Soccer\nw.exe
FirewallRules: [UDP Query User{B18153FC-E3B4-4D90-922C-81344255907E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7865F504-6EDF-4FB3-8106-B63229E90C7E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E7EC7A6A-5E7F-4C11-8637-4AAA53724CC2}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{228B13DE-A0B5-4371-84DB-3A9D64D9F011}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{4391416A-C738-4242-9484-91B9A107661A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{301129F3-1193-4AE8-B855-968E233989B0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{766319D3-381F-410C-B258-29B01FC6FD09}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7ED8088A-E9AF-4C1D-B5A1-E725926C71BF}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{EEB8EC8E-A882-4B42-ACB1-4D94F83C69E1}] => (Allow) C:\Users\H0llow\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6BA2D0D0-63D9-4712-A3A0-F55CBBA2AC3F}] => (Allow) C:\Users\H0llow\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45A6B8B8-C104-401E-97AE-A339ADA38A1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E500DCB5-22EE-48E5-9A24-238AEB28A048}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E93EB5D2-9C07-4A21-82E0-C5EEB9B3049D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{86762971-5A61-4539-99DA-BAF2EAB3C9CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BA676C0-1FB6-4EF7-8FE6-2CC53463A5CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{855F76F4-BFAA-40CE-89C3-F03F7D3AED75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{FD793548-4818-4A3A-8DED-D8316E94E9BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{21C674A2-886C-4B48-8D86-C2680103F1C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{156A0A18-6D40-48FD-8B48-DBA1784481F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{0B59F649-0ECC-4902-AF58-3F903842FE31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{EC9067E1-7EBB-440A-AA15-3C9B998F771A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{B6C5BD40-11ED-4691-B7E2-EF902AD5CC4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A258FFC9-83F7-4F84-91F6-60CB501A7EB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{C21D7F02-784D-4DFB-8ACA-E7D846664710}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{D3877D31-5067-490F-A161-10C1B3D71838}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A3BE3C3B-62AD-4036-B280-83C944EA023F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{33AD7273-A156-418C-9E6C-E9B2C4B6250E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4C86F045-4B35-4573-AA6F-F5BFBABE928C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B018C0A-75A1-4D91-9854-A4217B5FBF0F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\STEEP\steep.exe
FirewallRules: [{FE570C10-88BE-4AC2-9938-60EC815023D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{03A47F4F-A43E-47A4-A01E-A307D3A7A743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{95402241-9394-46E8-9A44-0520A0FB002E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steep\steep.exe
FirewallRules: [{B2405EE3-3314-46DE-A44A-80F4800DBF88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Steep\steep.exe
FirewallRules: [{6C8CB537-63AD-4F1E-85B2-6C6D5F21CBB9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{951B78F4-1A81-4696-9B29-E9D3F3DDAB00}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{347274E5-F7C8-4938-BB02-D23C4BD1E712}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{CE8D1749-5CE5-4237-B470-350C4D6B1524}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{DC7E43CD-667E-4F07-A57D-901F5EC94B55}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{2E0BEB5E-705A-4B5A-BC3F-35652E68AE79}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{D4394682-4126-4961-A743-9CAFA25587E9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{6835D7AE-A64C-458F-B1EF-7466D52C9A30}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{422AD105-CBFE-409F-97A1-CCE166ECAD90}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE
FirewallRules: [{8FEF5BD1-48C2-4C2E-BCFD-4E51C329FAB4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4E3CB5C1-433A-4D09-95D8-EA1153DFF86C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{DEA688AC-7DE8-42A0-8FA9-71E8FADBFD58}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C45DC68C-6C40-471E-9ADA-D96113F5AD33}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A2D23C8A-7805-4DDC-931E-CDB92B9EF08E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F9B5CF67-6F1B-4B67-B12C-B73467E1DD75}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{3EAA699B-EA4C-4C31-B2D9-0580A875B24F}C:\users\h0llow\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h0llow\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7F1CC46F-BD88-4E71-82DF-63BA58C668E7}C:\users\h0llow\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h0llow\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B808F27B-A2A1-484D-90CC-05FD27F69B4A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8109D14E-B9A6-4784-BBC0-F807FD910AA0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{BEE83B8B-4273-4675-851D-C4AB62E9BC75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{1C161F17-0204-47DD-975B-7916F275492B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{668AA4A1-0124-4273-94CE-37BD2DCC7579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{055ED0C9-F0BC-47A5-A7F9-DDBA26AA39E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{AA38B6EA-CD74-4556-9EE9-1D673AA87F88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6FB8546E-8F13-4BFF-B9ED-6A04A622BAD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Song of the Deep\SOTD.exe
FirewallRules: [{1654D3AD-17BC-473B-B14C-A20CA97B657E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Song of the Deep\SOTD.exe
FirewallRules: [{707B5BBE-1746-44C8-9517-6775BCC73F61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron EX.exe
FirewallRules: [{8D1A72D5-AA9E-4F58-A0FB-DCADB16676EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron EX.exe
FirewallRules: [{BFD2B9A0-DB7D-4F6A-ABCC-AE5B6E212598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron.exe
FirewallRules: [{523A48DB-A45A-4428-B63D-03E59C773EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Galaxy Squadron\Super Galaxy Squadron.exe
FirewallRules: [{4A858713-9F98-4629-99E4-045930D73807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{A621C109-5C68-4182-BBFE-09A36858E02A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{2B259317-6F7A-42D9-92CC-71EB2D6B2A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{4CD545B6-CABE-45BF-A63C-F1220382AD43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{B9A25881-4FFA-4F3F-87EC-EDA8FA7F4225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{FB14197D-69B7-4D58-9882-28D4D849903C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{8F8499D4-BA84-4A59-AFA9-01C1C8BCC650}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{CBC20471-1186-4DA6-A492-36736D5AC075}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{B197EEA8-CC91-440F-8235-023F65F540F8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B6B2A3B0-0041-4074-9732-1B60848CEB18}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{114C2FAF-3C8F-4877-A293-221C7B3FB204}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{1008782E-C1EC-4283-98CB-B5A049F771B1}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{D3F47FE0-4721-4E46-9D86-0D945DF4861C}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{178801B2-1722-45F8-BDB0-704EF80BB116}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{E94CF13C-0597-4258-B7CB-0806511B1B34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{87E771B5-7416-4425-9ECD-90550C9E80B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C8D86FA4-48FF-41D8-90AF-DB2C9A77E24C}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2018 07:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x8ac
Faulting application start time: 0x01d3b5b3eb6a5925
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 84c1821a-3312-4d0b-9077-dd798250f257
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2018 06:08:41 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_64_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL ASP.NET_64_2.0.50727 in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/04/2018 06:08:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (03/06/2018 07:49:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error: 
The data is invalid.
 
Error: (03/06/2018 07:49:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error: 
The data is invalid.
 
Error: (03/06/2018 07:49:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error: 
The data is invalid.
 
Error: (03/06/2018 07:49:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error: 
The data is invalid.
 
Error: (03/06/2018 07:49:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WAS service terminated with the following error: 
The data is invalid.
 
Error: (03/06/2018 07:49:26 PM) (Source: WAS) (EventID: 5005) (User: )
Description: Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
 
Error: (03/06/2018 07:49:26 PM) (Source: WAS) (EventID: 5215) (User: )
Description: The Windows Process Activation Service (WAS) failed to execute initialization for offline setup. The data field contains the error number.
 
Error: (03/06/2018 07:49:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adguard Service service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
 
Date: 2018-03-04 21:08:20.324
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 21:08:19.794
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 21:08:17.739
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 21:08:12.512
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 21:08:12.063
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:54:14.547
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:54:14.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-04 18:54:07.156
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 10%
Total physical RAM: 16332.27 MB
Available physical RAM: 14624.48 MB
Total Virtual: 17356.27 MB
Available Virtual: 15367.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.85 GB) (Free:410.61 GB) NTFS
Drive d: (ESD-ISO) (CDROM) (Total:3.39 GB) (Free:0 GB) UDF
Drive e: (KH) (Removable) (Total:14.52 GB) (Free:14.52 GB) FAT32
 
\\?\Volume{79a0e2e2-45c7-42eb-91fd-1e4ac7a29a8a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{a7296dd7-3ad4-4ced-9907-4b30b8ca98bd}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 80EBCC0B)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: B767BC57)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:58 PM

Posted 06 March 2018 - 09:58 PM

Nice logs.

  • Highlight the entire content of the quote box below.

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {303552F8-D408-4194-89ED-F21BF47C6632} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30E18CC5-189E-405F-866B-59C46D55AB24} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {45688411-E060-4544-BA85-68A8F9611AD1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B03096A-1859-4F4A-9F42-F586AF9AE716} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4FD3C273-ACB2-4EF0-8FB1-E0CE84660DDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {54E94A22-951C-4183-A8CF-6F56D70513DB} - \fXOIgYexCyn2 -> No File <==== ATTENTION
Task: {5653E439-668F-4C04-89C7-073F3F890A35} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6A68AA8A-8960-4DAC-8AB6-D326EF9EB490} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C6F2E9BC-B7D4-47D1-B8C7-7AD1D26B5365} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB477469-8170-4D95-9DE6-6FBAB3C67AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC35DE5F-8E58-44DA-A754-AA75AF9C2158} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F6C960D5-3AF8-4654-974D-E7F0F8D1066B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F7C50DE6-7E7B-4CA9-A9BA-949CEF871ABA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
ContextMenuHandlers4-x32: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
C:\Users\H0llow\AppData\Local\atsgxdw
C:\Users\H0llow\AppData\Local\pcdubxm
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
 
Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 h0lloway

h0lloway
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 07 March 2018 - 07:35 PM

All 3:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by H0llow (06-03-2018 21:46:01) Run:2
Running from C:\Users\H0llow\Desktop
Loaded Profiles: H0llow (Available Profiles: H0llow & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {303552F8-D408-4194-89ED-F21BF47C6632} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30E18CC5-189E-405F-866B-59C46D55AB24} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {45688411-E060-4544-BA85-68A8F9611AD1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B03096A-1859-4F4A-9F42-F586AF9AE716} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4FD3C273-ACB2-4EF0-8FB1-E0CE84660DDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {54E94A22-951C-4183-A8CF-6F56D70513DB} - \fXOIgYexCyn2 -> No File <==== ATTENTION
Task: {5653E439-668F-4C04-89C7-073F3F890A35} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6A68AA8A-8960-4DAC-8AB6-D326EF9EB490} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C6F2E9BC-B7D4-47D1-B8C7-7AD1D26B5365} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB477469-8170-4D95-9DE6-6FBAB3C67AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC35DE5F-8E58-44DA-A754-AA75AF9C2158} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F6C960D5-3AF8-4654-974D-E7F0F8D1066B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F7C50DE6-7E7B-4CA9-A9BA-949CEF871ABA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
ContextMenuHandlers4-x32: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
C:\Users\H0llow\AppData\Local\atsgxdw
C:\Users\H0llow\AppData\Local\pcdubxm
EMPTYTEMP:
 
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{303552F8-D408-4194-89ED-F21BF47C6632}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{303552F8-D408-4194-89ED-F21BF47C6632}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30E18CC5-189E-405F-866B-59C46D55AB24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30E18CC5-189E-405F-866B-59C46D55AB24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45688411-E060-4544-BA85-68A8F9611AD1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45688411-E060-4544-BA85-68A8F9611AD1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B03096A-1859-4F4A-9F42-F586AF9AE716}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B03096A-1859-4F4A-9F42-F586AF9AE716}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FD3C273-ACB2-4EF0-8FB1-E0CE84660DDB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FD3C273-ACB2-4EF0-8FB1-E0CE84660DDB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54E94A22-951C-4183-A8CF-6F56D70513DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54E94A22-951C-4183-A8CF-6F56D70513DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fXOIgYexCyn2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5653E439-668F-4C04-89C7-073F3F890A35}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5653E439-668F-4C04-89C7-073F3F890A35}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A68AA8A-8960-4DAC-8AB6-D326EF9EB490}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A68AA8A-8960-4DAC-8AB6-D326EF9EB490}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F2E9BC-B7D4-47D1-B8C7-7AD1D26B5365}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F2E9BC-B7D4-47D1-B8C7-7AD1D26B5365}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB477469-8170-4D95-9DE6-6FBAB3C67AA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB477469-8170-4D95-9DE6-6FBAB3C67AA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC35DE5F-8E58-44DA-A754-AA75AF9C2158}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC35DE5F-8E58-44DA-A754-AA75AF9C2158}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6C960D5-3AF8-4654-974D-E7F0F8D1066B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6C960D5-3AF8-4654-974D-E7F0F8D1066B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7C50DE6-7E7B-4CA9-A9BA-949CEF871ABA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7C50DE6-7E7B-4CA9-A9BA-949CEF871ABA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EncryptionMenu" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"C:\Users\H0llow\AppData\Local\atsgxdw" => not found
"C:\Users\H0llow\AppData\Local\pcdubxm" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18548474 B
Java, Flash, Steam htmlcache => 15805474 B
Windows/system/drivers => 8326 B
Edge => 21504 B
Chrome => 19174829 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 13824 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4142 B
NetworkService => 4828 B
H0llow => 2060578 B
DefaultAppPool => 6656 B
 
RecycleBin => 0 B
EmptyTemp: => 61.6 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-03-2018 21:48:10)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
==== End of Fixlog 21:48:10 ====
_______________________________________________________
 
RogueKiller V12.12.7.0 (x64) [Mar  5 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : H0llow [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/06/2018 21:52:20 (Duration : 00:33:24)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6835D7AE-A64C-458F-B1EF-7466D52C9A30} : v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe|Name=DaVinciResolveQtdecoder| [x] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-443170362-3614580758-3214794497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-443170362-3614580758-3214794497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\save -> Deleted
[PUP.Gen1][File] C:\ProgramData\save\history -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\save -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 554c86a7543217c6ad39affed145cd1e
[BSP] 6712edc28c4562897293252702249211 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 953190 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1952602112 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 6de106e9efeb4834171578177006e957
[BSP] 6a34344c6e010faa59aab7506c12aef0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14795 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] c7c329a3834172963de5deb4645c9547
[BSP] afc5edc37e576098799b2273c7e788da : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14887 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
________________________________________________________
 
# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 00:31:25 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-07.2
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [5050 B] - [2018/2/25 2:44:1]
C:/AdwCleaner/AdwCleaner[C1].txt - [1449 B] - [2018/2/28 2:26:59]
C:/AdwCleaner/AdwCleaner[S0].txt - [5603 B] - [2018/2/25 2:43:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1194 B] - [2018/2/25 2:59:10]
C:/AdwCleaner/AdwCleaner[S2].txt - [1381 B] - [2018/2/28 2:26:25]
C:/AdwCleaner/AdwCleaner[S3].txt - [1279 B] - [2018/3/4 20:24:34]
C:/AdwCleaner/AdwCleaner[S4].txt - [1346 B] - [2018/3/5 0:49:15]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########
 


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:58 PM

Posted 07 March 2018 - 10:14 PM

How is the computer doing?

 

I am consulting FRST action on the RunCampaignManager entry and will advice upon.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 h0lloway

h0lloway
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 07 March 2018 - 10:39 PM

As far as I  can tell it's back to normal. Performance is back where it should be and all the random exe's are gone. Scans continue to come back clean. I really appreciate all the help so far. 



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:58 PM

Posted 08 March 2018 - 11:20 AM

Congratulations.

 

Use this application to remove the tools used as well as quarantined files and folders:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

Since there are no signs of infection anymore in your logs I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:58 PM

Posted 09 March 2018 - 11:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users