Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system32\cmd.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 Chaoshunter

Chaoshunter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 14 April 2018 - 09:59 PM

every time i start up my computer i get system32\cmd.exe trying to download something. i have no way how to get rid of it,ive used avast, ive used cc cleaner and anti-malware but still unable to figure it out.the picture shows what it says when i disconnected my internet.

any help at all to fix this woudl be really great

Attached Files

  • Attached File  bug.png   84.95KB   0 downloads

Edited by Chaoshunter, 14 April 2018 - 10:01 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 16 April 2018 - 02:23 PM

Greetings Chaoshunter and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 April 2018 - 08:18 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by pureh (administrator) on DESKTOP-CLM88VF (16-04-2018 18:17:19)
Running from C:\Users\pureh\Desktop
Loaded Profiles: pureh (Available Profiles: defaultuser0 & pureh)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_none_16ec1d963212a637\TiWorker.exe
(Microsoft Corporation) C:\Program Files\internet explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-14] (AVAST Software)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5362760 2018-01-12] (GOG.com)
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{4fb0e4d3-1529-4e2f-a650-11d3ba4bf0a2}: [DhcpNameServer] 192.168.86.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2085146054-2015294118-3744163606-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2085146054-2015294118-3744163606-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-27] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 13bob5xv.default
FF ProfilePath: C:\Users\pureh\AppData\Roaming\Mozilla\Firefox\Profiles\13bob5xv.default [2018-04-14]
FF Homepage: Mozilla\Firefox\Profiles\13bob5xv.default -> hxxps://www.google.com/?bcutc=sp-006
FF NewTab: Mozilla\Firefox\Profiles\13bob5xv.default -> about:newtab
FF Extension: (Avast SafePrice) - C:\Users\pureh\AppData\Roaming\Mozilla\Firefox\Profiles\13bob5xv.default\Extensions\sp@avast.com.xpi [2018-01-05]
FF Extension: (Avast Online Security) - C:\Users\pureh\AppData\Roaming\Mozilla\Firefox\Profiles\13bob5xv.default\Extensions\wrc@avast.com.xpi [2018-01-05]
FF SearchPlugin: C:\Users\pureh\AppData\Roaming\Mozilla\Firefox\Profiles\13bob5xv.default\searchplugins\google-avast.xml [2018-01-05]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-27] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-2085146054-2015294118-3744163606-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pureh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://thepiratebay.org/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default [2018-04-16]
CHR Extension: (Slides) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-06]
CHR Extension: (YouTube) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-06]
CHR Extension: (Adblock Plus) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2018-01-12]
CHR Extension: (Avast SafePrice) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-04-14]
CHR Extension: (Pandora) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2017-05-06]
CHR Extension: (Sheets) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-06]
CHR Extension: (AdBlock) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-14]
CHR Extension: (Planner 5D) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2017-05-06]
CHR Extension: (Avast Online Security) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-11]
CHR Extension: (Crackle) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2017-05-06]
CHR Extension: (Google Play Music) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-08-12]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-27]
CHR Extension: (Local SWF Player) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2017-05-06]
CHR Extension: (Morpheon Dark) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Adblock Pro) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-11-17]
CHR Extension: (Weather Underground) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2017-05-06]
CHR Extension: (Gmail) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\pureh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-14]
CHR Profile: C:\Users\pureh\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-14] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-14] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-05-06] ()
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [147936 2017-04-03] (Byte Technologies LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-05-06] (EasyAntiCheat Ltd)
S4 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [532552 2018-01-12] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-16] (GOG.com)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-27] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149672 2017-07-27] (Electronic Arts)
S4 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-06-15] (Razer Inc)
S4 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-13] (Razer Inc.)
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-07-27] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S4 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-14] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-04-14] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-04-14] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-04-14] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-04-14] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-14] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-14] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-12] (Malwarebytes)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 nvme; C:\WINDOWS\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-05-01] (NVIDIA Corporation)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-16 18:17 - 2018-04-16 18:18 - 000019086 _____ C:\Users\pureh\Desktop\FRST.txt
2018-04-16 18:16 - 2018-04-16 18:17 - 000000000 ____D C:\FRST
2018-04-16 18:16 - 2018-04-16 18:16 - 002403328 _____ (Farbar) C:\Users\pureh\Desktop\FRST64.exe
2018-04-14 19:32 - 2018-04-14 19:54 - 000000000 ____D C:\Program Files\ByteFence
2018-04-14 19:32 - 2018-04-14 19:32 - 000003554 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan
2018-04-14 19:32 - 2018-04-14 19:32 - 000003454 _____ C:\WINDOWS\System32\Tasks\ByteFence
2018-04-14 19:32 - 2018-04-14 19:32 - 000001096 _____ C:\Users\pureh\Desktop\ByteFence Anti-Malware.lnk
2018-04-14 19:32 - 2018-04-14 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2018-04-14 14:04 - 2018-04-14 19:25 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-14 12:57 - 2018-04-14 12:25 - 000000000 ____D C:\Windows.old
2018-04-14 12:54 - 2018-04-14 12:57 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-04-14 12:53 - 2018-04-14 12:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-04-14 12:53 - 2018-04-14 12:53 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-04-14 12:49 - 2018-04-14 12:49 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-04-14 12:49 - 2018-04-14 12:49 - 000000000 ____D C:\Program Files\MSBuild
2018-04-14 12:49 - 2018-04-14 12:49 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-04-14 12:49 - 2018-04-14 12:49 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-04-14 12:48 - 2017-09-28 16:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-04-14 12:48 - 2017-09-28 16:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-04-14 12:48 - 2017-09-28 16:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-04-14 12:48 - 2017-09-22 19:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-04-14 12:48 - 2017-09-22 19:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-04-14 12:48 - 2017-09-22 19:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-04-14 12:47 - 2018-04-14 12:47 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-14 12:47 - 2018-04-14 12:47 - 000000000 ____D C:\Users\pureh\AppData\LocalLow\Tap2bleep
2018-04-14 12:28 - 2018-04-14 12:28 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-04-14 12:28 - 2018-04-14 12:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-04-14 12:25 - 2018-04-14 12:25 - 000000020 ___SH C:\Users\pureh\ntuser.ini
2018-04-14 12:25 - 2018-04-14 12:25 - 000000000 ___RD C:\Users\pureh\3D Objects
2018-04-14 12:23 - 2018-04-16 18:17 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A8D0C14B-9EB3-419E-AAF6-ADBB9140F627}
2018-04-14 12:23 - 2018-04-16 18:16 - 000003558 _____ C:\WINDOWS\System32\Tasks\SirlEpEKtWDeA
2018-04-14 12:23 - 2018-04-16 18:13 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-04-14 12:23 - 2018-04-14 19:04 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-14 12:23 - 2018-04-14 14:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-14 12:23 - 2018-04-14 13:03 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2085146054-2015294118-3744163606-1002
2018-04-14 12:23 - 2018-04-14 12:23 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-14 12:23 - 2018-04-14 12:23 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-14 12:23 - 2018-04-14 12:23 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 12:23 - 2018-04-14 12:23 - 000002738 _____ C:\WINDOWS\System32\Tasks\xxtkEO
2018-04-14 12:23 - 2018-04-14 12:23 - 000002566 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
2018-04-14 12:23 - 2018-04-14 12:23 - 000002468 _____ C:\WINDOWS\System32\Tasks\YzjlowNSYYeVY
2018-04-14 12:23 - 2018-04-14 12:23 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-14 12:23 - 2018-04-14 12:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-04-14 12:23 - 2018-04-14 12:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-14 12:21 - 2018-04-14 19:05 - 000903780 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-14 12:21 - 2018-04-14 12:22 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-04-14 12:21 - 2018-04-14 12:22 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-04-14 12:11 - 2018-04-14 12:11 - 000000000 ____D C:\ProgramData\USOShared
2018-04-14 12:07 - 2018-04-14 12:07 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-14 12:06 - 2018-04-14 12:06 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-04-14 12:05 - 2018-04-14 19:31 - 000000000 ____D C:\Users\pureh\AppData\Local\Packages
2018-04-14 12:04 - 2018-04-14 19:21 - 000000000 ____D C:\Users\pureh
2018-04-14 12:04 - 2018-04-14 12:20 - 000000000 ____D C:\Users\defaultuser0
2018-04-14 12:03 - 2017-09-29 06:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-04-14 12:02 - 2017-11-09 05:43 - 000540784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-04-14 12:02 - 2017-11-09 05:43 - 000446392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-04-14 12:02 - 2017-10-27 09:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-04-14 12:02 - 2017-09-13 16:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-14 12:02 - 2017-09-13 16:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-14 12:02 - 2017-09-13 16:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-14 12:02 - 2017-09-13 16:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-14 12:00 - 2018-04-14 19:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-14 11:28 - 2018-04-14 11:28 - 000000000 ____D C:\Users\pureh\AppData\LocalLow\MerloTeam
2018-04-14 11:25 - 2018-04-14 11:25 - 000000000 ____D C:\Users\pureh\AppData\LocalLow\Nattmara
2018-04-14 09:48 - 2018-04-14 12:43 - 000000000 ____D C:\Users\pureh\Downloads\ACADEMY34-v0.4.4-pc
2018-04-14 09:48 - 2017-10-25 13:48 - 022285760 _____ C:\Users\pureh\Downloads\UnityPlayer.dll
2018-04-14 09:47 - 2018-01-21 02:29 - 000000000 ____D C:\Users\pureh\Downloads\Overgrown - Genesis
2018-04-14 09:46 - 2018-04-01 00:27 - 055811508 _____ (Adobe Systems, Inc.) C:\Users\pureh\Downloads\simbro.exe
2018-04-14 09:12 - 2018-04-14 09:12 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-04-14 09:02 - 2018-04-14 19:11 - 000153088 _____ C:\WINDOWS\SysWOW64\conhost64.exe
2018-04-14 09:02 - 2018-04-14 09:02 - 000000000 ___HD C:\Users\pureh\AppData\Local\TeamViewer
2018-04-14 09:01 - 2018-03-03 05:07 - 000008192 _____ C:\WINDOWS\SysWOW64\pmain.dll
2018-04-14 09:00 - 2018-04-14 19:25 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-14 08:55 - 2018-04-14 09:00 - 000000036 _____ C:\WINDOWS\progress.ini
2018-04-14 08:07 - 2018-04-14 08:07 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-04-14 08:07 - 2018-04-14 08:07 - 000001927 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-14 08:05 - 2018-04-14 08:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-14 08:03 - 2018-04-14 08:02 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-14 08:03 - 2018-04-14 08:02 - 000227784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-16 18:16 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-04-16 18:16 - 2017-07-21 21:46 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-16 18:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-14 19:25 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-14 19:17 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-14 19:14 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-14 19:04 - 2017-05-06 08:02 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-14 13:03 - 2017-05-06 07:52 - 000002367 _____ C:\Users\pureh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-14 13:03 - 2017-05-06 07:52 - 000000000 ___RD C:\Users\pureh\OneDrive
2018-04-14 12:59 - 2017-09-29 06:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-04-14 12:57 - 2018-01-27 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-14 12:57 - 2018-01-12 17:18 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2018-04-14 12:57 - 2018-01-06 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-04-14 12:57 - 2017-12-23 08:44 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-04-14 12:57 - 2017-12-06 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom - New Lands [GOG.com]
2018-04-14 12:57 - 2017-12-06 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom [GOG.com]
2018-04-14 12:57 - 2017-12-03 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-04-14 12:57 - 2017-11-28 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-04-14 12:57 - 2017-10-28 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2018-04-14 12:57 - 2017-10-28 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2018-04-14 12:57 - 2017-10-28 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-04-14 12:57 - 2017-10-22 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-04-14 12:57 - 2017-10-18 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2018-04-14 12:57 - 2017-09-29 06:49 - 000000000 ____D C:\WINDOWS\Setup
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Help
2018-04-14 12:57 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-14 12:57 - 2017-09-10 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Tactics [GOG.com]
2018-04-14 12:57 - 2017-09-10 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 2 [GOG.com]
2018-04-14 12:57 - 2017-09-10 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout [GOG.com]
2018-04-14 12:57 - 2017-09-10 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Suffering - Ties That Bind [GOG.com]
2018-04-14 12:57 - 2017-09-10 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Suffering [GOG.com]
2018-04-14 12:57 - 2017-08-06 15:45 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-04-14 12:57 - 2017-07-30 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kanes Wrath
2018-04-14 12:57 - 2017-07-30 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiberium Wars
2018-04-14 12:57 - 2017-07-24 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-14 12:57 - 2017-07-21 21:46 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-14 12:57 - 2017-07-04 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-04-14 12:57 - 2017-06-17 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWAT 4 Gold Edition [GOG.com]
2018-04-14 12:57 - 2017-06-17 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swat 3 - Last Resort
2018-04-14 12:57 - 2017-05-20 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2018-04-14 12:57 - 2017-05-16 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3
2018-04-14 12:57 - 2017-05-16 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-04-14 12:57 - 2017-05-15 21:14 - 000000000 ____D C:\Program Files\UNP
2018-04-14 12:57 - 2017-05-06 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2018-04-14 12:57 - 2017-05-06 08:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Tyranid Mod for Soulstorm
2018-04-14 12:57 - 2017-05-06 08:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyranid Mod for Soulstorm
2018-04-14 12:57 - 2017-05-06 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-14 12:57 - 2017-05-06 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-14 12:57 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-04-14 12:57 - 2016-08-31 11:56 - 000000000 ___HD C:\WINDOWS\OEM
2018-04-14 12:57 - 2016-07-16 04:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-14 12:54 - 2017-06-17 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Police Quest series
2018-04-14 12:54 - 2017-06-16 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-04-14 12:54 - 2017-05-06 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-04-14 12:49 - 2017-12-13 18:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-04-14 12:49 - 2017-09-29 06:41 - 000464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2018-04-14 12:49 - 2017-09-29 06:41 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2018-04-14 12:49 - 2017-09-29 06:41 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2018-04-14 12:49 - 2017-09-29 06:41 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2018-04-14 12:49 - 2017-09-29 06:41 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2018-04-14 12:43 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-14 12:43 - 2017-08-06 15:25 - 000000000 ____D C:\Users\pureh\AppData\Roaming\RenPy
2018-04-14 12:26 - 2017-05-06 07:53 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-14 12:26 - 2017-05-06 00:28 - 000000000 ____D C:\Users\pureh\AppData\Local\TileDataLayer
2018-04-14 12:25 - 2016-08-31 11:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-14 12:23 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-14 12:21 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2018-04-14 12:20 - 2017-07-21 21:56 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-04-14 12:20 - 2017-05-06 08:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-14 12:13 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-14 12:12 - 2017-06-17 11:08 - 000000000 ____D C:\Users\pureh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\11-99 Enhancement Mod v1.3
2018-04-14 12:12 - 2017-06-17 10:57 - 000000000 ____D C:\Users\pureh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SSF Realism Mod v2.1
2018-04-14 12:12 - 2017-05-06 08:36 - 000000000 ____D C:\Users\pureh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-14 12:12 - 2017-05-06 08:09 - 000000000 ____D C:\Users\pureh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-14 12:11 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-04-14 12:07 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-04-14 12:03 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-14 12:02 - 2017-07-21 21:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-14 12:02 - 2017-05-06 08:17 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-14 12:01 - 2017-07-21 21:46 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-14 11:17 - 2017-10-10 22:15 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-14 11:17 - 2017-05-07 14:16 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-14 11:17 - 2017-05-07 14:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-14 09:13 - 2018-01-11 19:41 - 000000000 ____D C:\Program Files\rempl
2018-04-14 09:00 - 2018-03-11 19:24 - 000000000 ____D C:\Windows10Upgrade
2018-04-14 08:55 - 2018-03-11 19:25 - 000000000 ___HD C:\$GetCurrent
2018-04-14 08:48 - 2017-10-22 16:30 - 000000000 ____D C:\Users\pureh\AppData\Roaming\vlc
2018-04-14 08:39 - 2018-03-11 19:24 - 000000807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-04-14 08:39 - 2018-03-11 19:24 - 000000795 _____ C:\Users\pureh\Desktop\Windows 10 Update Assistant.lnk
2018-04-14 08:05 - 2018-01-05 14:36 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-14 08:02 - 2018-01-05 14:42 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000111352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-04-14 08:02 - 2018-01-05 14:36 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
 
==================== Files in the root of some directories =======
 
2017-03-18 13:59 - 2017-03-18 13:59 - 000000078 _____ () C:\Users\pureh\oiqIiv.bat
2018-01-02 20:10 - 2017-03-18 13:58 - 000174592 _____ (Microsoft Corporation) C:\Users\pureh\WWOZSvU.exe
2018-01-02 20:10 - 2017-03-18 13:59 - 000000985 _____ () C:\Program Files (x86)\Common Files\LOUUVyGkkaAM
2017-03-18 13:59 - 2017-03-18 13:59 - 000000985 _____ () C:\Program Files (x86)\Common Files\LOUUVyGkkaAM.bat
2018-01-02 20:10 - 2017-03-18 13:58 - 000059392 _____ (Microsoft Corporation) C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe
2018-01-02 20:11 - 2018-01-02 20:11 - 000000001 _____ () C:\Users\pureh\AppData\Local\WMI.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-14 12:00
 
==================== End of FRST.txt ============================


#4 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 April 2018 - 08:21 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by pureh (16-04-2018 18:18:38)
Running from C:\Users\pureh\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2018-04-14 19:25:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2085146054-2015294118-3744163606-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2085146054-2015294118-3744163606-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2085146054-2015294118-3744163606-1001 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2085146054-2015294118-3744163606-501 - Limited - Disabled)
pureh (S-1-5-21-2085146054-2015294118-3744163606-1002 - Administrator - Enabled) => C:\Users\pureh
WDAGUtilityAccount (S-1-5-21-2085146054-2015294118-3744163606-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
11-99 Enhancement Mod v1.3 (HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\11-99 Enhancement Mod v1.3) (Version:  - )
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.8.0.5 - Byte Technologies LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Command & Conquer™ Red Alert™ 3 Uprising (HKLM-x32\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
Creeper World 3 Arc Eternal (HKLM-x32\...\Q3JlZXBlcldvcmxkM0FyY0V0ZXJuYWw=_is1) (Version: 1 - )
Evil Genius V1.01 (HKLM-x32\...\Evil Genius_is1) (Version:  - Elixir Studios Ltd)
Fallout (HKLM-x32\...\1_is1) (Version: 2.1.0.18 - GOG.com)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
Fallout Tactics (HKLM-x32\...\3_is1) (Version: 2.1.0.12 - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kane's Wrath 1.2 (HKLM-x32\...\Command & Conquer 3: Kane's Wrath_is1) (Version:  - HWMasters.com)
Kingdom - New Lands (HKLM-x32\...\1473737130_is1) (Version: 2.0.0.2 - GOG.com)
Kingdom (HKLM-x32\...\1444654650_is1) (Version: 2.6.0.7 - GOG.com)
Kodi (HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\Kodi) (Version:  - XBMC-Foundation)
Microsoft OneDrive (HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.4 (x86 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.16.25850 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.2.14.487 - Razer Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SSF Realism Mod v2.1 (HKLM-x32\...\SSF Realism Mod v2.1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 3 - Tactical Game of The Year Edition (HKLM-x32\...\1207658946_is1) (Version: 2.1.0.34 - GOG.com)
SWAT 4 Gold Edition (HKLM-x32\...\1409964317_is1) (Version: 2.0.0.4 - GOG.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 Ambitions (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Ambitions) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Generations (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Generations) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Into the Future (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Into the Future) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Island Paradise (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Island Paradise) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Pets (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Pets) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Seasons (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Seasons) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Showtime (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Showtime) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 University Life (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 University Life) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 World Adventures (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 World Adventures) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Suffering (HKLM-x32\...\1268478205_is1) (Version: 1.0.1 - GOG.com)
The Suffering: Ties That Bind (HKLM-x32\...\1578481504_is1) (Version: 1.0 - GOG.com)
Tiberium Wars 1.09 (HKLM-x32\...\Command & Conquer 3: Tiberium Wars_is1) (Version:  - HWMasters.com)
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F3874F6F-EA00-487D-BEAD-5FAA010E78F2}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-14] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-14] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-05-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-14] (AVAST Software)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-14] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-05-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B85B9AF-38A9-4DE7-8D76-7E9A22121D94} - System32\Tasks\SirlEpEKtWDeA => C:\WINDOWS\SysWOW64\DOVU.bat [2017-03-18] () <==== ATTENTION
Task: {20E89204-D7B5-4B1C-8096-675137614742} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {220D7284-736F-41A1-A344-AF8E17DA8BEE} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {25D82234-799A-4868-9135-EEDBA0503369} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {2E6C9D7F-74AB-4636-92CE-8E29C3E07628} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-14] (AVAST Software)
Task: {2FA296B5-3025-407A-A689-63DEBFE5E88F} - System32\Tasks\YzjlowNSYYeVY => C:\Users\pureh\oiqIiv.bat [2017-03-18] () <==== ATTENTION
Task: {37C59E52-E2E8-42AB-87A0-90CAAFD90DAE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {42411265-4D23-4C34-B335-354CE585D485} - System32\Tasks\xxtkEO => C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe [2017-03-18] (Microsoft Corporation)
Task: {4939ACD9-06AD-403D-8E13-DBE2051881CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {5C1AABC4-B0E5-4BD9-B5F5-A576B3A9664D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {816F37E2-944B-4FAF-94D1-AF68C8BEB735} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {8F33E6DC-39BB-4855-918B-9267C784F19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-06] (Google Inc.)
Task: {912B92D8-C113-4E9C-B233-A539FE9DE2CB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {9839EEE6-4115-432D-8E55-128C66C66352} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {C2123404-2B78-4B03-92DA-4DD55B329147} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {C323D27C-495C-4036-8345-3D3789073951} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {C367F97D-F66C-472F-B076-245ED8B5F2A8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-04-03] (Byte Technologies LLC) <==== ATTENTION
Task: {CCE8AFA8-1F1B-4141-8D48-7B83E2890181} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {D088AE7C-FE77-4236-90B2-4867B7598A68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-06] (Google Inc.)
Task: {D0DE3A16-068E-4E8B-B58E-7D5132A328E1} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-04-03] (Byte Technologies LLC) <==== ATTENTION
Task: {E0859EB5-5703-4B26-BDD1-83A052B18DA1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\pureh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\11-99 Enhancement Mod v1.3\11-99 Enhancement Mod v1.3.lnk -> C:\Program Files (x86)\GOG Galaxy\Games\SWAT 4\Launch 11-99 Enhancement Mod.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-25 05:38 - 2016-05-25 05:38 - 000129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-13 18:33 - 2017-12-13 18:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 18:33 - 2017-12-13 18:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-14 11:17 - 2018-04-14 11:17 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-14 11:17 - 2018-04-14 11:17 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-14 10:41 - 2018-04-14 10:42 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-04-14 10:41 - 2018-04-14 10:42 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-04-14 08:04 - 2018-03-19 23:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-14 08:04 - 2018-03-19 23:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-14 08:02 - 2018-04-14 08:02 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-14 08:02 - 2018-04-14 08:02 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-14 08:02 - 2018-04-14 08:02 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-14 08:02 - 2018-04-14 08:02 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-14 08:02 - 2018-04-14 08:02 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 04:47 - 2018-02-23 11:02 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: Razer Game Manager Service => 2
MSCONFIG\Services: RzActionSvc => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{14133EB2-F3D3-451E-879D-56ABBB694763}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{161624C1-3238-4B14-B427-4C8536A28BEC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{8D4CFD50-45F6-4419-AAD3-74F2BA1BB12D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{105A446F-3E92-4AA6-9C52-85806A37565D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{2CC840DD-D98F-4710-A327-9187CA395E05}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{1E286DBC-B8D3-4BA7-AF28-B41A63E1982C}] => (Allow) C:\Users\pureh\AppData\Local\TeamViewer\msiexec64.exe
FirewallRules: [{8F7C76DA-D88A-449B-8844-ABCB6C524CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{49CFA33F-147F-4704-AB58-435F1EF7BC9D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{CB5A598F-CE2A-46FD-BB73-4EF8CA27B0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{63620825-0D57-48B4-8B54-41A631A7E65B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
FirewallRules: [{DB065DC1-AE21-490D-ABC4-5682B601EB0D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{DF3CEA83-1E75-4776-A767-FEC99609538C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{DE85CC52-92E6-402E-BA40-73C3A277ACD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{7480772E-948F-4E8F-BA2A-BA5F914446BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{4DCF58EE-7B42-429F-BC31-504740A7DB97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{B505D871-6C8C-43C1-9FDB-5A278EA49890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{8F9BDB80-0D37-4597-9546-EBA441B2B4E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{35452327-3E07-4B59-BF74-10D960E6F284}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{2E6A7DC0-885B-4F9D-9354-78691EF973F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{812D1497-C6F7-4DA2-8EDC-FBA116B59C9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{AEA05289-C80F-4CFA-8B15-691AEF7DA53D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{BD629776-4B22-44B1-8D4D-A6D1F21DD9D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{98459171-4ECE-4AC4-B3E1-7BB8EB040ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{F9E6C771-D1D3-441F-A172-050D4133B672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{844A0D56-852A-4C02-9F11-BEC243D7D80E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{0CAAA3A8-3B55-43DC-A252-57D3B2AA9AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Istrolid\istrolid.exe
FirewallRules: [{9E209366-BA04-4148-9B9D-3BC7CB53CBE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Istrolid\istrolid.exe
FirewallRules: [{E904C574-C32E-42CD-A494-FACCD45FF52A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{A4FACFFD-AA50-40C3-9BAC-8E7E2F04C82C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{7CEA825C-054E-4EB1-B65C-EA7664D0F282}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{73BB15F3-8A7B-4DBB-ADF1-CBADBBDD5A15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{4CF4259D-C4EF-4BE8-B127-9B527FCD992D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{95E6FB28-B6CE-44F5-97CC-19EDA43FA2A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{2872B871-93B3-417F-A801-9F72EF984207}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{DECF2EE3-0FBE-46A9-9B1E-E05430553581}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{367A3606-F484-4FFF-9424-4A02D2F2568C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{909E17F3-31A4-4834-90CE-F758613F2846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{951E1BCC-9FA3-42F3-9E3B-53FF965F3587}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{2F27640F-31C5-4EA8-8806-16EB12810E0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{08808F0A-96AC-4C45-9A4B-F85A2E6DB390}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{1407397C-5B46-44E3-8CB5-CCED4D37C1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{A9F72999-112F-424A-8885-4FCA4C666F9C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{E007B196-7A66-4EEA-A661-FA495E6F0CF9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{039222F7-37B2-450B-A5E5-4EAD0E382487}C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FBAC74D8-E91D-4A03-9C21-EBB367497C72}C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7F7F661B-6518-4FC4-B3DA-F74C76EB3154}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{3BB5CA4F-2469-4307-AECC-8979C6EFD458}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{0F371C8E-B39C-4A64-9AE6-8AE7F23D121C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SAS Zombie Assault 4\SAS4-Win.exe
FirewallRules: [{EE22E316-E518-4E58-92F3-D015374CE007}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SAS Zombie Assault 4\SAS4-Win.exe
FirewallRules: [{2D124A91-A9CC-4300-A757-49C715BB1E50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LobotomyCorp\LobotomyCorp.exe
FirewallRules: [{1D2A3E71-F982-447B-9F10-2F013BAF055A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LobotomyCorp\LobotomyCorp.exe
FirewallRules: [{C9F9E341-426D-4832-9E1C-5352594D3C21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\911 Operator\CallEditor.exe
FirewallRules: [{19C1D381-0E34-4737-88CF-6F7BF3CA2E93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\911 Operator\CallEditor.exe
FirewallRules: [{606DD687-ADF5-47B0-BBF4-57C6973631DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkwood\Darkwood.exe
FirewallRules: [{E3DBA325-4A84-42ED-9872-84A4159D247A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkwood\Darkwood.exe
FirewallRules: [{637AF5C6-249C-404C-AE76-73D7DAECEBD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Lightspeed Edition\H6.exe
FirewallRules: [{8C990881-E60A-4092-BE20-7A167C85AE3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Lightspeed Edition\H6.exe
FirewallRules: [{68D43DAD-6B9E-4B10-AD4B-B521FC74E0DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Starbase Commander\H6.exe
FirewallRules: [{E7EDD4D3-DE5C-4ABE-8BF0-DF8CAC0A66E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Starbase Commander\H6.exe
FirewallRules: [{E4F131CE-9E2F-487F-B051-C2104D0716C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{E866696B-B777-4973-A2A7-E8AD96739C6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{16EE98FA-BB09-4F16-BE7F-BF14F028159D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{48F6F171-71A1-44C7-BEA4-0621299BA7AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [UDP Query User{594A3CF4-A529-4DD0-B02B-3736D0E84E2A}C:\program files (x86)\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [TCP Query User{42577572-5292-4820-B051-46C1C7937F40}C:\program files (x86)\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [{DAA39FA9-2BF1-4946-A7B0-B7E72233264B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [{3EAB812D-0243-4235-BE2C-3466AA5E8975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [{749A93FB-5A68-41FE-B2BD-13B80A218FC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{A4D4C9B7-71A9-4DB1-B61C-3EE9D984007A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{1F286653-CF1E-455D-80FC-3D8C7E853408}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC7BF46A-861F-4755-AB3F-EF14BDD4F449}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD6683EA-F42E-42F1-8F86-4080D28779AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4FC71D49-9DCF-4175-83DD-E8F634826141}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A5A37113-B35F-4E0A-8FB7-2449BF689391}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{943D0E0F-1298-4C3A-AF28-E9F4ED29D37F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F32D6EE-CE41-46A3-AD97-E0D0F0BDB220}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{40636388-5899-4248-837E-BF0CF238C648}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{464652FC-C7C9-404A-9239-B7EFE574FE58}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5E0F0D7D-7A29-461D-BB1A-5D83B4A4C57B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{8329EB5B-5C62-4181-8543-07B3971DC867}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{01FB482F-36A9-4B99-938E-4114F5F7171F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{E387CE1C-4E0F-4FB1-9CA0-00851D07965E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{C94FBBFD-AFBE-4062-AA48-D565AC3A6BC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Revenge of the Titans\RevengeOfTheTitans.exe
FirewallRules: [{39B71744-A388-4452-B4E8-B011DBAC8ABD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Revenge of the Titans\RevengeOfTheTitans.exe
FirewallRules: [{084A1964-BA2A-4296-BB43-32F0F0F788A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{8485A7E5-B239-4CD3-93BA-6EBCD54A4638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [TCP Query User{2F5508AC-9A9B-4184-A399-D4C2EBCD1415}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{DFE971D5-F448-45F6-B254-BC8840E6CCB4}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [{4614CC6C-D630-4532-9F6E-ECCD66D573F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{A6BF84DA-3235-4599-BD7E-D31F148DE4DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [TCP Query User{F741F4CC-8B21-4CEC-8E94-14CD3AB66373}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{3AB0639F-A848-4B1B-9DD1-66B14E85438D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B686E48A-7A07-4BCC-9205-491FE845F325}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War III\RelicDoW3.exe
FirewallRules: [{12774912-A559-4D79-BF4E-3089DD21E096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War III\RelicDoW3.exe
FirewallRules: [{A4529E0E-70E5-46CC-85B4-3D706F7B82C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{56102364-9A0D-4B09-B3FE-46F40A377E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{89861428-4164-40E2-ACDF-98312E055A4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{17C4C813-6E22-4F17-8A0B-85BDC64289FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{F1A88A0B-0A54-4E0D-89E7-968D65BAD0AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Horde\EndlessHorde.exe
FirewallRules: [{A5E3AF84-E15C-4D0B-BAC3-7106F93BF0FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Horde\EndlessHorde.exe
FirewallRules: [{A8ECD01E-470D-48D5-8AFA-A91463E90861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{EC1744D1-D95C-449E-989B-987672FE536A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{909B1638-52E0-41FD-B48A-A1C92FE4D134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\911 Operator\911.exe
FirewallRules: [{A8767CB5-9BC0-4DB7-8213-0FB6F8121EBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\911 Operator\911.exe
FirewallRules: [{0288A1FF-A145-4ED8-A8B5-5B88EF834B00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Invisible War\System\dx2.exe
FirewallRules: [{3FCE04A8-32A3-41E0-9369-97930B68EE28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Invisible War\System\dx2.exe
FirewallRules: [{D8AAF6AD-D9FE-4AA8-A6D2-D3AEB96C97CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{036A7DBF-BA6F-4B77-A10B-A88DE0081500}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{C3F1C7C3-A5C8-4C4A-8870-B0B7EBF24176}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{455BB87D-E37D-441F-AEC1-FEAA4691B9C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{BA53C762-8F99-4FC1-A10B-9178F3AC50D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{19CE3B74-E0C0-43DE-908F-AC3F735401BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{A372DAC7-C1F7-4F9E-955E-2523C9F3B554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpacebaseDF9\Space.exe
FirewallRules: [{28FB5C35-CD5B-4C1F-A69C-155D29F36930}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpacebaseDF9\Space.exe
FirewallRules: [{AB3668E6-46C2-4A37-B709-5C22DCFAE0DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{58FBA63F-F3D4-42AA-A261-074DDE502FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{34D0F6CA-A512-4E91-A534-9B2D3F4D2D04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{3C68887B-4F7F-4D5F-98A1-C544C6806720}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{CEF28E1B-84B3-4FA5-9CD5-7E344FF7E454}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Command Galaxies\StarCommandGalaxies.exe
FirewallRules: [{72D5B36C-45D2-4CD0-8DCD-D215D60F95B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Command Galaxies\StarCommandGalaxies.exe
FirewallRules: [{48F56515-5925-446F-9BA4-A60DC96C7EEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{17F54BBB-1F6D-40AD-B1AF-33922400612B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{67102851-D992-4A65-81B1-0CF2CFA6FB1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{530E6D66-E5D1-453B-B440-16189FDF065F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{15C8FE92-6073-45F0-9484-48C8D8D5F43E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{3850105F-6AEE-4CAC-B7D0-D5342595E6A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{93DA7692-2C14-41CD-B5CD-ED310A95DB24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{45DFF991-8AD1-4B43-B466-CE413D9ACC85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{DC3AFE73-8A4B-4A56-B410-A7F8271225A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction Guerrilla\RFG.exe
FirewallRules: [{2A911165-682C-4BDC-90B8-EF7CB828EFB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction Guerrilla\RFG.exe
FirewallRules: [{DC3DE1EE-647B-48C4-9D10-4BDED4199478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{29B38D30-96EC-413D-9C02-FBCE7228432C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2D4EDCA0-1DBE-4F29-A51B-9AEDDBC4BA3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebuild Gangs of Deadsville\game\Rebuild3.exe
FirewallRules: [{98EC9E77-664B-42AB-BC63-818B134D8B18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebuild Gangs of Deadsville\game\Rebuild3.exe
FirewallRules: [{F6BA8C75-C225-4C25-A25E-3D6509D0FA2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction\RedFaction.exe
FirewallRules: [{8EA94684-716F-4F1B-AAA8-212F9169E084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction\RedFaction.exe
FirewallRules: [{6A9EF922-0068-4FF0-A1A5-8D635388FE39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C13559D3-6035-4551-9226-5DA48FF103E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7FE3BB5B-98B7-4E4C-9022-E6A03B6B853B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction II\Red Faction II.exe
FirewallRules: [{D8236D4F-F1AD-46E7-AE6D-00A6B2DF277A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Faction II\Red Faction II.exe
FirewallRules: [{BC1BAD55-1CC3-4244-BD3E-F9BD66D8B6A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CFB9924C-3CA7-4575-8CF3-3E2DD30AFF5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0A3A68CE-1D6D-46DA-BF27-5492B5D5E67C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0C9625E6-6EB8-43F3-B7CC-50F278D9CFB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{E9A2AF60-D2AB-4A4E-BC2D-DEFB8E19CB98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{DB4F15B3-8236-4B40-BDFA-6DDB7772D09B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{0B3A1B64-C6A2-47D4-905E-38CA17D23AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{611B244B-8066-4CD5-B46D-8348015EC834}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{CCE01C79-1FF0-424E-8658-D0E28DF62B80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{7973E317-386C-4462-8327-0E29904B7B76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5E302973-BC96-4C3B-8E60-2BD808764AE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DE366A6D-B8CD-4114-9555-B4DC5FD62F53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8AB679AF-A04A-46ED-B913-50C45CCEEBD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shelter2\Shelter2.exe
FirewallRules: [{20F114CC-F0F4-4905-9D36-C39E8D4335B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shelter2\Shelter2.exe
FirewallRules: [{DA3B676F-4839-47FC-9DB0-E115A78A38E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shelter\Shelter.exe
FirewallRules: [{7A00E7B3-73B1-4BA0-89A6-5BFA6725FE5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shelter\Shelter.exe
FirewallRules: [{25509DFE-4AA5-4EA7-8FC3-45029149C2EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starship Theory\StarshipTheory.exe
FirewallRules: [{20994EA9-EAEE-491E-8271-72032B5F15F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starship Theory\StarshipTheory.exe
FirewallRules: [{81504EE6-B127-4A67-8682-939A4C825571}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empires\hl2.exe
FirewallRules: [{27449485-74D6-4A3C-B6EE-3A5E40F753B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empires\hl2.exe
FirewallRules: [{B1CFD3C7-52AC-4C90-8D19-4A9663E7CF09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{254FB147-E7A5-43C8-9060-AFFB572DE40E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{2767CB7A-A5F2-4604-BA92-289FDB6D4766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{4BAFE13A-2877-43B2-9E85-E5E375D5E46E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{1773C758-C7BD-47DE-843E-BB82536679BE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{025F9638-F8E7-43E7-9AE9-7F9F768DCEBB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{616D5B67-E872-4493-B6A8-5D7E38DCDF82}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{F128D00B-5F7C-4843-827A-9E5BDF30C05E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{49EEB51F-B9A0-45D6-92CD-A82B1A4A1A09}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/16/2018 06:19:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/14/2018 07:21:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AvastUI.exe version 18.3.3860.315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1cc0
 
Start Time: 01d3d45e3a8f89af
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
Report Id: 2d9f8818-0e80-484e-bc17-013587ee7b00
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/14/2018 12:20:47 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (04/14/2018 12:17:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (3956,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (04/14/2018 12:17:14 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (04/14/2018 12:17:14 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (04/14/2018 12:17:13 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
 
System errors:
=============
Error: (04/16/2018 06:15:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CLM88VF)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-CLM88VF\pureh SID (S-1-5-21-2085146054-2015294118-3744163606-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/14/2018 07:54:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CLM88VF)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-CLM88VF\pureh SID (S-1-5-21-2085146054-2015294118-3744163606-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/14/2018 07:44:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CLM88VF)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-CLM88VF\pureh SID (S-1-5-21-2085146054-2015294118-3744163606-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/14/2018 07:12:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/14/2018 07:07:13 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CLM88VF)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-CLM88VF\pureh SID (S-1-5-21-2085146054-2015294118-3744163606-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/14/2018 02:05:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (04/14/2018 02:04:36 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Component: AMD Northbridge
Error Source: 3
Error Type: 11
Processor APIC ID: 0
 
The details view of this entry contains further information.
 
Error: (04/14/2018 02:04:08 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xffff9802372fe8f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\Minidump\041418-22671-01.dmp. Report Id: 97fa746e-5a1f-4876-abe9-51b2a42bc67f.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4300 Quad-Core Processor 
Percentage of memory in use: 42%
Total physical RAM: 8189.53 MB
Available physical RAM: 4749.38 MB
Total Virtual: 10109.53 MB
Available Virtual: 6639.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.58 GB) (Free:483.01 GB) NTFS
Drive d: (CP_Win10_R4x64) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
 
\\?\Volume{dd0c1a34-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{dd0c1a34-0000-0000-0000-80c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DD0C1A34)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 16 April 2018 - 09:22 PM

Thank you for the information. Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press Windows Key + R on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

ByteFence Anti-Malware

  • Reboot your computer
===================================================

Enabling System Restore Point in Windows 8/10

--------------------
  • Hit the Windows key + S at the same time
  • Type Restore Point then click on Create a restore point
  • Click Configure
  • Select Turn on system protection
  • Click OK twice
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
2018-04-14 12:23 - 2018-04-16 18:17 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A8D0C14B-9EB3-419E-AAF6-ADBB9140F627}
2018-04-14 12:23 - 2018-04-16 18:16 - 000003558 _____ C:\WINDOWS\System32\Tasks\SirlEpEKtWDeA
2018-04-14 12:23 - 2018-04-14 12:23 - 000002738 _____ C:\WINDOWS\System32\Tasks\xxtkEO
2018-04-14 12:23 - 2018-04-14 12:23 - 000002468 _____ C:\WINDOWS\System32\Tasks\YzjlowNSYYeVY
2018-04-14 09:01 - 2018-03-03 05:07 - 000008192 _____ C:\WINDOWS\SysWOW64\pmain.dll
2018-04-14 09:02 - 2018-04-14 19:11 - 000153088 _____ C:\WINDOWS\SysWOW64\conhost64.exe
2018-04-14 12:57 - 2016-08-31 11:56 - 000000000 ___HD C:\WINDOWS\OEM
2017-03-18 13:59 - 2017-03-18 13:59 - 000000078 _____ () C:\Users\pureh\oiqIiv.bat
2018-01-02 20:10 - 2017-03-18 13:58 - 000174592 _____ (Microsoft Corporation) C:\Users\pureh\WWOZSvU.exe
2018-01-02 20:10 - 2017-03-18 13:59 - 000000985 _____ () C:\Program Files (x86)\Common Files\LOUUVyGkkaAM
2017-03-18 13:59 - 2017-03-18 13:59 - 000000985 _____ () C:\Program Files (x86)\Common Files\LOUUVyGkkaAM.bat
2018-01-02 20:10 - 2017-03-18 13:58 - 000059392 _____ (Microsoft Corporation) C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe
2018-01-02 20:11 - 2018-01-02 20:11 - 000000001 _____ () C:\Users\pureh\AppData\Local\WMI.ini
Task: {1B85B9AF-38A9-4DE7-8D76-7E9A22121D94} - System32\Tasks\SirlEpEKtWDeA => C:\WINDOWS\SysWOW64\DOVU.bat [2017-03-18] () <==== ATTENTION
Task: {20E89204-D7B5-4B1C-8096-675137614742} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\WINDOWS\SysWOW64\DOVU.bat
Task: {2FA296B5-3025-407A-A689-63DEBFE5E88F} - System32\Tasks\YzjlowNSYYeVY => C:\Users\pureh\oiqIiv.bat [2017-03-18] () <==== ATTENTION
Task: {42411265-4D23-4C34-B335-354CE585D485} - System32\Tasks\xxtkEO => C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe [2017-03-18] (Microsoft Corporation)
Zip: C:\Users\pureh\AppData\LocalLow;C:\WINDOWS\Minidump\041418-22671-01.dmp
Folder: C:\Users\pureh\3D Objects
cmd: type "C:\WINDOWS\progress.ini"
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uninstall program?
  • Fixlog
  • Attached zip file
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 April 2018 - 09:58 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by pureh (16-04-2018 19:51:54) Run:1
Running from C:\Users\pureh\Desktop
Loaded Profiles: pureh (Available Profiles: defaultuser0 & pureh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
2018-04-14 12:23 - 2018-04-16 18:17 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A8D0C14B-9EB3-419E-AAF6-ADBB9140F627}
2018-04-14 12:23 - 2018-04-16 18:16 - 000003558 _____ C:\WINDOWS\System32\Tasks\SirlEpEKtWDeA
2018-04-14 12:23 - 2018-04-14 12:23 - 000002738 _____
C:\WINDOWS\System32\Tasks\xxtkEO
2018-04-14 12:23 - 2018-04-14 12:23 - 000002468 _____ C:\WINDOWS\System32\Tasks\YzjlowNSYYeVY
2018-04-14 09:01 - 2018-03-03 05:07 - 000008192 _____ C:\WINDOWS\SysWOW64\pmain.dll
2018-04-14 09:02 - 2018-04-14 19:11 - 000153088 _____ C:\WINDOWS\SysWOW64\conhost64.exe
2018-04-14 12:57 - 2016-08-31 11:56 - 000000000 ___HD C:\WINDOWS\OEM
2017-03-18 13:59 - 2017-03-18 13:59 - 000000078 _____ () C:\Users\pureh\oiqIiv.bat
2018-01-02 20:10 - 2017-03-18 13:58 - 000174592 _____ (Microsoft Corporation) C:\Users\pureh\WWOZSvU.exe
2018-01-02 20:10 - 2017-03-18 13:59 - 000000985 _____ () C:\Program Files (x86)\Common Files\LOUUVyGkkaAM
2017-03-18 13:59 - 2017-03-18 13:59 - 000000985 _____ () C:\Program Files (x86)\Common Files\LOUUVyGkkaAM.bat
2018-01-02 20:10 - 2017-03-18 13:58 - 000059392 _____ (Microsoft Corporation) C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe
2018-01-02 20:11 - 2018-01-02 20:11 - 000000001 _____ ()
C:\Users\pureh\AppData\Local\WMI.ini
Task: {1B85B9AF-38A9-4DE7-8D76-7E9A22121D94} - System32\Tasks\SirlEpEKtWDeA => C:\WINDOWS\SysWOW64\DOVU.bat [2017-03-18] () <==== ATTENTION
Task: {20E89204-D7B5-4B1C-8096-675137614742} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\WINDOWS\SysWOW64\DOVU.bat
Task: {2FA296B5-3025-407A-A689-63DEBFE5E88F} - System32\Tasks\YzjlowNSYYeVY => C:\Users\pureh\oiqIiv.bat [2017-03-18] () <==== ATTENTION
Task: {42411265-4D23-4C34-B335-354CE585D485} - System32\Tasks\xxtkEO => C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe [2017-03-18] (Microsoft Corporation)
Zip: C:\Users\pureh\AppData\LocalLow;C:\WINDOWS\Minidump\041418-22671-01.dmp
Folder: C:\Users\pureh\3D Objects
cmd: type "C:\WINDOWS\progress.ini"
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig
/flushdns
Removeproxy:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A8D0C14B-9EB3-419E-AAF6-ADBB9140F627} => moved successfully
C:\WINDOWS\System32\Tasks\SirlEpEKtWDeA => moved successfully
"2018-04-14 12:23 - 2018-04-14 12:23 - 000002738 _____" => not found
C:\WINDOWS\System32\Tasks\xxtkEO => moved successfully
C:\WINDOWS\System32\Tasks\YzjlowNSYYeVY => moved successfully
C:\WINDOWS\SysWOW64\pmain.dll => moved successfully
C:\WINDOWS\SysWOW64\conhost64.exe => moved successfully
C:\WINDOWS\OEM => moved successfully
C:\Users\pureh\oiqIiv.bat => moved successfully
C:\Users\pureh\WWOZSvU.exe => moved successfully
C:\Program Files (x86)\Common Files\LOUUVyGkkaAM => moved successfully
C:\Program Files (x86)\Common Files\LOUUVyGkkaAM.bat => moved successfully
C:\Users\pureh\AppData\Local\WiGjouhIikIIS.exe => moved successfully
"2018-01-02 20:11 - 2018-01-02 20:11 - 000000001 _____ ()" => not found
C:\Users\pureh\AppData\Local\WMI.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B85B9AF-38A9-4DE7-8D76-7E9A22121D94}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B85B9AF-38A9-4DE7-8D76-7E9A22121D94}" => removed successfully
"C:\WINDOWS\System32\Tasks\SirlEpEKtWDeA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SirlEpEKtWDeA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20E89204-D7B5-4B1C-8096-675137614742}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E89204-D7B5-4B1C-8096-675137614742}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\WINDOWS\SysWOW64\DOVU.bat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FA296B5-3025-407A-A689-63DEBFE5E88F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA296B5-3025-407A-A689-63DEBFE5E88F}" => removed successfully
"C:\WINDOWS\System32\Tasks\YzjlowNSYYeVY" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YzjlowNSYYeVY" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42411265-4D23-4C34-B335-354CE585D485}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42411265-4D23-4C34-B335-354CE585D485}" => removed successfully
"C:\WINDOWS\System32\Tasks\xxtkEO" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\xxtkEO" => removed successfully
================== Zip: ===================
C:\Users\pureh\AppData\LocalLow -> copied successfully to C:\Users\pureh\Desktop\16.04.2018_19.52.43.zip
"C:\WINDOWS\Minidump\041418-22671-01.dmp" => not found
=========== Zip: End ===========
 
========================= Folder: C:\Users\pureh\3D Objects ========================
 
2018-04-14 12:25 - 2018-04-14 12:25 - 000000298 __ASH [42DD3B4CD1411DACAE138DEF128485D4] () C:\Users\pureh\3D Objects\desktop.ini
 
====== End of Folder: ======
 
 
========= type "C:\WINDOWS\progress.ini" =========
 
[ESD]
Progress=[WimLayout] [100%]
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : lan
   Link-local IPv6 Address . . . . . : fe80::2da1:972c:892c:c05%6
   IPv4 Address. . . . . . . . . . . : 192.168.86.44
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.86.1
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:280f:2dd1:d06f:3051
   Link-local IPv6 Address . . . . . : fe80::280f:2dd1:d06f:3051%11
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
/flushdns => Error: No automatic fix found for this entry.
 
========= RemoveProxy: =========
 
"HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2085146054-2015294118-3744163606-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21037688 B
Java, Flash, Steam htmlcache => 319701999 B
Windows/system/drivers => 2248145 B
Edge => 2570 B
Chrome => 50224220 B
Firefox => 8262210 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
pureh => 56643168 B
 
RecycleBin => 131193718 B
EmptyTemp: => 567.8 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-04-2018 19:57:10)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
==== End of Fixlog 19:57:11 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 17 April 2018 - 08:41 AM

Greetings.
 

C:\Users\pureh\AppData\LocalLow -> copied successfully to C:\Users\pureh\Desktop\16.04.2018_19.52.43.zip

Is there a zipped file on your desktop you could attach?

-----

There was a formatting issue when you copied the Fixlist content. Please do this to redo one part of it.
  • Click Start
  • Type cmd
  • Right click on Command Prompt above and select Run as administrator
  • Type ipconfig /flushdns and hit Enter
  • Confirm it was successful
-----

Let me know how your computer is currently performing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 April 2018 - 07:22 PM

i completed the steps you said,computer is working well no pop ups form that problem but unable to post the zip,it seems it is larger than the upload allowed



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 17 April 2018 - 07:28 PM

Thank you, that is great news.

Please upload the file here.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 April 2018 - 07:36 PM

tried but get the 413 request entity to large



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 17 April 2018 - 07:47 PM

OK, thank you for trying. It appears the name of folder in red below has been modified by FRST to delete a potentially offensive word. Can you look at the contents of all 3 folders and tell me if you recognize them at all? If you are unable to see the AppData folder see here.

C:\Users\pureh\AppData\LocalLow\Tap2bleep
C:\Users\pureh\AppData\LocalLow\MerloTeam
C:\Users\pureh\AppData\LocalLow\Nattmara

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 April 2018 - 08:13 PM

no i dont recognize them



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 17 April 2018 - 09:36 PM

OK, thank you. Please delete those folders then do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Folders deleted?
  • AdwCleaner log
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Chaoshunter

Chaoshunter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 April 2018 - 12:47 AM

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-18.4
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-18-2018
# Duration: 00:00:04
# OS:       Windows 10 Home
# Cleaned:  7
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\ByteFence
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\Software\Classes\IESearchPlugin.MailRuBHO
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
Not Deleted   suggests.go.mail.ru
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

:\AdwCleaner\Quarantine\1xVPfvJcrg\ByteFence.exe a variant of MSIL/ByteFence.A potentially unwanted application
C:\AdwCleaner\Quarantine\1xVPfvJcrg\rsEngine.dll a variant of MSIL/ByteFence.A potentially unwanted application
C:\AdwCleaner\Quarantine\x3CF3EDNhm\MainService.exe a variant of Win32/ProxyGate.A potentially unwanted application
C:\AdwCleaner\Quarantine\x3CF3EDNhm\PGChk.exe a variant of Win32/ProxyGate.A potentially unwanted application
C:\AdwCleaner\Quarantine\x3CF3EDNhm\ProxyGate.exe a variant of Win32/ProxyGate.A potentially unwanted application
C:\AdwCleaner\Quarantine\x3CF3EDNhm\TrafficMonitor.exe a variant of Win32/ProxyGate.A potentially unwanted application
C:\FRST\Quarantine\C\WINDOWS\SysWOW64\conhost64.exe.xBAD a variant of Win64/HackTool.Agent.E trojan
C:\Users\pureh\AppData\Local\TabCntrl\000001N.zip a variant of Win64/CoinMiner.DX potentially unwanted application
C:\Users\pureh\Desktop\regular games\C & C 3 Trainer 1.09.exe a variant of Win32/GameHack.F potentially unsafe application
C:\Users\pureh\Desktop\regular games\Kingdom New Lands V1.0.2 Trainer +3 MrAntiFun.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\pureh\Desktop\regular games\Red Alert 3 Uprising V1.00 Trainer +3 MrAntiFun.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\pureh\Desktop\regular games\Red Faction Armageddon DX11 v1.01 Trainer +6 MrAntiFun.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\pureh\Desktop\steam games\911 Operator V12.14 Trainer +1 MrAntiFun.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\pureh\Desktop\steam games\Darkwood 64bit V1.0 Trainer +5 MrAntiFun.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\pureh\Downloads\ByteFence Anti-Malware Pro 3.8.0.0 Final + Serial\ByteFence Anti-Malware Pro 3.8.0.0 Final + Serial.zip a variant of MSIL/ByteFence.A potentially unwanted application
C:\Users\pureh\Downloads\ByteFence Anti-Malware Pro 3.8.0.0 Final + Serial\Setup\bytefence-installer_3.8.0.exe a variant of MSIL/ByteFence.A potentially unwanted application

Result of Security Analysis by Rocket Grannie (x86) Updated: 12th April, 2018
Running from:C:\Users\pureh\Desktop (22:44:40 - 04/18/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Enabled - up to Date)
Avast Antivirus Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
CCleaner (5.39) ==> is out of Date
Google Chrome (65.0.3325.181)
Java (8.0.1610.12)
Mozilla Firefox (59.0.2)
 
***----------------Analysis Complete-------------------------***

Folders deleted and computer running ok



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:08 PM

Posted 19 April 2018 - 09:30 AM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
zip: C:\Users\pureh\AppData\Roaming\Mozilla\Firefox\Profiles\13bob5xv.default\prefs.js
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Attached zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users