Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysWOW64 svchost.exe eating up all cpu


  • This topic is locked This topic is locked
28 replies to this topic

#1 shadowplorith

shadowplorith

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 25 April 2018 - 03:05 PM

Hello

 

So for the last couple of weeks, a nameless program on task manager has been eating up all my cpu,making my computer run extremely hot and random popups that open google chrome when not used.When I open file location it takes me to svchost.exe in SysWOW64 and if i attempt to end task, it shuts off my computer.After hours of scans and driver updates, junk removal, etc... no solution was found. I did a quick search and found out that I might have a virus that my anti-virus scans could not find. 

I tried to download FRST but everytime i search it on my browser. my browser automatically shuts off. 

 

Would love to get some help for this issue

 

Thank you!


Edited by shadowplorith, 25 April 2018 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 25 April 2018 - 03:15 PM

Update: FRST links can be opened in safe mode but the program is automatically deleted when downloaded.


Edited by shadowplorith, 25 April 2018 - 04:49 PM.


#3 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 25 April 2018 - 05:54 PM

Update: Malawarebytes managed to delete a bunch of malware and adware which has allowed me to download and run FRST. 

Logs attatched

Attached Files



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:16 PM

Posted 26 April 2018 - 06:56 AM

shadowplorith:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:16 PM

Posted 26 April 2018 - 11:20 AM

shadowplorith:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Your high temperatures might be related to this running process:
 

HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [408576 2017-12-04] ()


See this link for more information.

.

:step2: Why is your computer still running Windows 10 Home, Build 1607? Please see this link for information on the Windows 10 Build cycle. Your version Build of Windows 10 Home is no longer being supported by Microsoft.

.

:step3: I would STRONGLY recommend that you uninstall these programs:

Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.3.3 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 58.0.171.84 - AVAST Software)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.3.0 - IObit)

Bleeping Computer does not recommend the use of driver updates, registry cleaners, or system optimizers. Please see this link. Moreover, this topic on the Avast Support Forum identifies this program as problematic. In fact, quietman7, one of the foremost computer security experts here at Bleeping Computer no longer recommends Avast products: see this link for more information.

You can see in the "FRST.txt" log that the Avast program has "messed" with the the Image File Execution Options (IFEO) in your registry. I am going to repair that damage. You can check this link and this link (and others) for more information.

Personally, I would never install Avast products on my computers.

It is your computer, so it is YOUR decision. Please let me know what you decide.

.

:step4: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

I would also recommend that you should also consider uninstalling the program: Ace Stream Media. See this link for more information. Please let me know what you decide.

.

:step5: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Handler: osf - No CLSID Value
CHR HKU\S-1-5-21-379715055-2264656514-1796656529-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
File: C:\Windows\system32\DRIVERS\DimensionSerialPort.sys
S3 WinRing0_1_2_0; \??\C:\Windows\Temp\sd119\SmartDashboard.sys [X]
File: C:\Windows\system32\asmtxhcicoinstaller.dll
File: C:\Users\Azizs\Desktop\LazyMan.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000177152 ____N (Microsoft Corporation) C:\Users\Azizs\EAISExLeUOyYi.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000058368 ____N (Microsoft Corporation) C:\Users\Azizs\AppData\Local\sjYIUa.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{0A0E2B96-2F30-4B4A-B061-EAF1AF319812}] => (Allow) C:\Windows\SysWOW64\HSiMOuT.exe
FirewallRules: [{D563130C-228C-491E-9E17-B25ABFF54421}] => (Allow) C:\Users\Azizs\AppData\Local\sjYIUa.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 26 April 2018 - 01:12 PM

Hello and thank you so much for your reply, I really do appreciate this. 

 

I have deleted league displays, Avast, the driver updaters, Ace stream and Utorrent. 

 

I have attached the Fixlog

 

Thanks Again!

Attached Files


Edited by shadowplorith, 26 April 2018 - 01:12 PM.


#7 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 26 April 2018 - 01:26 PM

Update: Since I did the fix, games are not able to load. Guessing that they're not getting any internet connection yet youtube can load HD videos without buffeting. Emptyproject11.exe is not using up any CPU as well but is still open. 



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:16 PM

Posted 26 April 2018 - 01:27 PM

shadowplorith:
 
Thank you for your post.  I am really happy to learn that you have decided to remove those programs that I suggested because they are either malware; or, they are responsible for malware infections. :thumbup2:
 
Please COPY and PASTE all future requested logs into your replies, UNLESS I otherwise request.  It makes it so much easier for me to analyze and for others to see what was done.  That is why I am copying and pasting it into my response to you, though I would ask that you do not use "quote" or "code" boxes.  I am only using the "quote" box so that it avoids confusion for people reading this thread, since I did not run this FRST "fixlist" script.


Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Azizs (26-04-2018 14:08:23) Run:2
Running from C:\Users\Azizs\Desktop
Loaded Profiles: Azizs (Available Profiles: defaultuser0 & Azizs)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Handler: osf - No CLSID Value
CHR HKU\S-1-5-21-379715055-2264656514-1796656529-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
File: C:\Windows\system32\DRIVERS\DimensionSerialPort.sys
S3 WinRing0_1_2_0; \??\C:\Windows\Temp\sd119\SmartDashboard.sys [X]
File: C:\Windows\system32\asmtxhcicoinstaller.dll
File: C:\Users\Azizs\Desktop\LazyMan.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000177152 ____N (Microsoft Corporation) C:\Users\Azizs\EAISExLeUOyYi.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000058368 ____N (Microsoft Corporation) C:\Users\Azizs\AppData\Local\sjYIUa.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{0A0E2B96-2F30-4B4A-B061-EAF1AF319812}] => (Allow) C:\Windows\SysWOW64\HSiMOuT.exe
FirewallRules: [{D563130C-228C-491E-9E17-B25ABFF54421}] => (Allow) C:\Users\Azizs\AppData\Local\sjYIUa.exe
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AcroRd32.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\appvlp.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\groove.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lync.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msaccess.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoev.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msotd.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msouc.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoxmled.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mspub.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ocpubmgr.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onenote.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\outlook.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setlang.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\WINDOWS\system32\GroupPolicy\User" => not found
HKLM\Software\Classes\PROTOCOLS\Handler\osf => not found
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => not found
 
========================= File: C:\Windows\system32\DRIVERS\DimensionSerialPort.sys ========================
 
C:\Windows\system32\DRIVERS\DimensionSerialPort.sys
File is digitally signed
MD5: C45083FCD9AC301530C0D7206F3F15E6
Creation and modification date: 2016-07-26 22:04 - 2016-07-26 22:04
Size: 000024576
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: https://www.virustotal.com/file/ce72ee9cc9716dc7ccee48a7b1bf9896b610eb2770fad35f4e4f995505e5daf7/analysis/1521360482/
 
====== End of File: ======
 
WinRing0_1_2_0 => service not found.
 
========================= File: C:\Windows\system32\asmtxhcicoinstaller.dll ========================
 
C:\Windows\system32\asmtxhcicoinstaller.dll
File is digitally signed
MD5: 0C049F598938991546A58C58AE07D92D
Creation and modification date: 2018-04-25 15:14 - 2018-04-25 15:14
Size: 000028016
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: https://www.virustotal.com/file/017a5282306014fbfd86352995f0da2568798b0b0fa9311878ae9bd4e90688a0/analysis/1516806242/
 
====== End of File: ======
 
 
========================= File: C:\Users\Azizs\Desktop\LazyMan.exe ========================
 
C:\Users\Azizs\Desktop\LazyMan.exe
File not signed
MD5: 5C50C2D29E83CB863ED301B431D0E01C
Creation and modification date: 2017-11-11 20:23 - 2018-04-11 19:45
Size: 011359809
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
"C:\Users\Azizs\EAISExLeUOyYi.exe" => not found
"C:\Users\Azizs\AppData\Local\sjYIUa.exe" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A0E2B96-2F30-4B4A-B061-EAF1AF319812}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D563130C-228C-491E-9E17-B25ABFF54421}" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 14:08:47 ====

 
.
 
:step1: Are you familiar with the program lazyman.exe on your Desktop?
 
.
 
:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:16 PM

Posted 26 April 2018 - 01:34 PM

shadowplorith:

 

Thank you for your post.  I am not sure why your games are not loading. :scratchhead:

 

If you check the FRST "fixlog.txt" file that I copied and pasted in my previous reply, you can see that, as a result of you uninstalling Avast and the other programs, virtually the entire script could not find the files or registry subkeys that I had targeted with the script?

 

Let's proceed, as planned, and scan your computer for malware, first with ESET and then later with some more standard anti-malware scanners before dealing with outstanding computer issues.  Often removing malware solves a lot of issues. :)

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 26 April 2018 - 10:14 PM

Thank you for your quick reply, sorry the scan took a while. 

 

Here is the log:

C:\Users\Azizs\Desktop\Jackbox.Party.Pack.2\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Users\Azizs\Downloads\COD4-MW_patch.exe Win32/Keygen.DK potentially unsafe application cleaned by deleting
C:\Users\Azizs\Downloads\CODMW2_patch_iw4x-054.exe a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
C:\Users\Azizs\Downloads\monero-gui-win-x64-v0.11.0.0.zip a variant of Win64/CoinMiner.JI potentially unwanted application deleted
C:\Users\Azizs\Downloads\monero-gui-win-x64-v0.11.1.0.zip a variant of Win64/CoinMiner.JI potentially unwanted application deleted
C:\Users\Azizs\Downloads\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application cleaned by deleting
C:\Users\Public\Documents\Downloaded Installers\{D606EFF9-3813-4875-B455-AECD2E7B0676}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted
C:\Windows\System32\SppExtComObjHook.dll a variant of Win64/HackKMS.I potentially unsafe application cleaned by deleting
D:\Jackbox.Party.Pack.2.zip a variant of Win32/HackTool.Crack.DW potentially unsafe application deleted
D:\Call of Duty Modern Warfare\key-generator.exe Win32/Keygen.DK potentially unsafe application cleaned by deleting
D:\Call of Duty Modern Warfare 2 IW4PLAY MP+SP ^^nosTEAM^^\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
D:\Call of Duty Modern Warfare 2 IW4PLAY MP+SP ^^nosTEAM^^\Call of Duty Modern Warfare 2\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
D:\Grand Theft Auto V\steam_api64.dll Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
D:\Medieval II - Total War\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
D:\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application deleted
D:\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET] - Copy\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe a variant of MSIL/HackKMS.I potentially unsafe application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-blockchain-export.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-blockchain-import.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-wallet-cli.exe a variant of Win64/CoinMiner.GH potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-wallet-rpc.exe a variant of Win64/CoinMiner.GH potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monerod.exe a variant of Win64/CoinMiner.GG potentially unwanted application cleaned by deleting
D:\SEGA\Eastside Hockey Manager\steam_api.dll a variant of Win32/HackTool.Crack.EE potentially unsafe application cleaned by deleting
 
 
 
I do know that Lazyman.exe is in my desktop, I use it to stream hockey games. 
 
Thanks again 


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:16 PM

Posted 27 April 2018 - 07:46 AM

shadowplorith:
 
Thank you for your post and for running the ESET scan.

 

Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.


If you review the ESET scan results, you will be able to see why some of your games are not working any longer.  Some games were "cracked" versions or were employing "keygens" which the ESET scan removed.

.

Bleeping Computer does not condone software piracy. Downloading and using such software, apart from being illegal by infringing on copyrights, is a MAJOR attack vector for malware. If you use such software, it is not a question of "IF" your computer will be infected, but only "WHEN", and by HOW MANY different variants of malware!

I am going to ask you to remove any and all software that you do not own, and to uninstall the software that is evading licensing requirements. If you are not aware of these software utility, or utilities, then you will have to accept, that as a part of my "fix" for your computer, the disinfection scripts and utilities will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements detected in the scan logs. Some of the anti-malware tools that I use will automatically quarantine software "cracks", without notice, such as the ESET scan did, so if you are not willing to take the chance of one or more "cracked" programs/games being disabled, please let me know right away.

 

Please understand that I am not accusing you of software piracy, personally.  Many people might have access to your computer; or, you might have been given/purchased a used computer that had "cracked" software on it; or, a friend offered to "help you out."  We see this all too frequently.

If is agreeable to you to uninstall any of the remaining "cracked" software on your computer, then after you have uninstalled any illicit software that you know about, please run the following scan for me.

 

If it is not agreeable to you, then please let me know and I will conclude your topic.

.

:step1: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 27 April 2018 - 09:41 AM

Hello, 

 

thank you for your reply. I am willing to part with the games and programs, Do i just have to uninstall the torrented games or have to find their files individually? 

 

Thank you



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:16 PM

Posted 27 April 2018 - 10:11 AM

shadowplorith:
 
Thank you for your post.

.

:step1:  Please uninstall any games and programs for which you do not have the legal right to possess them.  As a part of the disinfection and cleanup of your computer, I will remove any "cracked" program remnants (files, folders, registry subkeys, tasks, etc.), with a FRST "fixlist" script and other remnants will be removed by some of the additional anti-malware scans that we will run.

.

:step2: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step3: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply, or replies. Sometimes, when the FRST logs are large, you have to post each log individually.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 27 April 2018 - 12:12 PM

The FRST.txt file is too long to be in a reply apparently so I attached it, sorry. 

Here is the addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018

Ran by Azizs (27-04-2018 13:02:20)
Running from C:\Users\Azizs\Desktop
Windows 10 Home Version 1709 16299.402 (X64) (2018-04-26 17:57:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-379715055-2264656514-1796656529-500 - Administrator - Disabled)
Azizs (S-1-5-21-379715055-2264656514-1796656529-1002 - Administrator - Enabled) => C:\Users\Azizs
DefaultAccount (S-1-5-21-379715055-2264656514-1796656529-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-379715055-2264656514-1796656529-1001 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-379715055-2264656514-1796656529-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-379715055-2264656514-1796656529-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Airplane Driver Ver 1.0.0 (HKLM\...\Airplane Driver) (Version: Ver 1.0.0 - GIGABYTE)
AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.50.17863 - Electronic Arts)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6829.55 - CyberLink Corp.)
Daedalus (HKLM-x32\...\Daedalus) (Version: 1.1.4883.0 - IOHK)
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
Discord (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Eastside Hockey Manager (HKLM-x32\...\Eastside Hockey Manager_is1) (Version:  - )
ECigStats (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\ECigStats) (Version:  - ECigStats)
ELAN Touchpad 15.14.8.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.14.8.1 - ELAN Microelectronic Corp.)
Epic Games Launcher (HKLM-x32\...\{818FF838-5FCD-4FCB-AE39-4F725EBCE2A1}) (Version: 1.1.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EScribe Suite (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\EScribe) (Version:  - Evolv)
Franchise Hockey Manager 3 (HKLM-x32\...\Franchise Hockey Manager3) (Version: 3 - Out of the Park Developments)
GIGABYTE Smart USB Backup 3.0.20161104 (HKLM-x32\...\GIGABYTE Smart USB Backup) (Version: 3.0.20161104 - GIGABYTE TECHNOLOGY CO.,LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4520 series Basic Device Software (HKLM\...\{B46D9E8C-10FE-4873-996B-CA9EA3D7D9FE}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{227fd89d-2205-499a-8b73-9ec775789c4d}) (Version: 19.70.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
LanOptimizer (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.2.7 - Realtek)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Magic The Gathering Online  (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\01641bea2c75c522) (Version: 3.4.100.1107 - Wizards of the Coast, LLC)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9126.2152 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive for Business 2013 - en-us (HKLM\...\GrooveRetail - en-us) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth Shadow of War (HKLM-x32\...\Middle Earth Shadow of War_is1) (Version:  - )
Minecraft1.9 (HKLM-x32\...\Minecraft1.9) (Version:  - )
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.17.52805 - Electronic Arts, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{1DDC5451-BE8B-4092-AB04-E92127242886}) (Version: 40.11.1122.1796 - HP Inc.)
QuickSFV (HKLM\...\{89B56CFC-0270-4ACF-8BF1-048251FD9E08}) (Version: 3.0.0 - Totally Useful Software, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7997 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Smart Manager V3 Ver 6.4.5 (HKLM\...\Smart Manager V3) (Version: Ver 6.4.5 - GIGABYTE)
Smart Update v3.3.4 (HKLM-x32\...\Smart Update) (Version: v3.3.4 - GIGABYTE TECHNOLOGY CO.,LTD.)
SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)
TriDef SmartCam (Gigabyte) 1.8 (HKLM-x32\...\webcam-gigabyte-pkg) (Version: 1.8 - Dynamic Digital Depth Australia Pty Ltd)
Unity Web Player (HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)
VooPoo version 1.5.1.29 (HKLM-x32\...\{63EEAD1F-3FC8-40F5-A415-E4BE098004C0}_is1) (Version: 1.5.1.29 - KunShan XW-TEC)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - Dimension Engineering USB Serial Converter (07/23/2016 1.0.3.17) (HKLM\...\A47B0ACE2D6E8887115B5A5AE0998558DE698070) (Version: 07/23/2016 1.0.3.17 - Dimension Engineering)
Windows Driver Package - GIGABYTE (WUDFRd) HIDClass  (03/11/2015 0.20.27.798) (HKLM\...\A8D7BF77AA441174EA62FCC432F43D3815908781) (Version: 03/11/2015 0.20.27.798 - GIGABYTE)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{EDF5C7B3-442F-43C6-BA52-30B7BA3656BB}) (Version: 2.9.1701.1640 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{9F50D5D9-6BA9-4109-8C45-E31F9EA3A395}) (Version: 2.8.1607.2027 - SplitmediaLabs)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxDTCM.dll [2018-02-28] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0762644D-DEB2-4181-9175-AC4FAB48D6B7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {209E2250-0790-408C-B387-423C66F6AB57} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {2A7D7E90-F834-427A-94EE-22AC3028A55B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {2F9C5F51-B89B-4906-BEB7-F9B439D811D3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {3205255B-F2B5-4CC4-8C00-ED18DCC3F6E4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {342E2B31-989B-4B10-AC0F-2F8DBD56F224} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {3A43A0D5-6331-4937-8637-363CC56AE103} - System32\Tasks\RtlLanOptimizerVistaStart => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2016-01-18] (Realtek Semiconductor)
Task: {3B36AF01-61D5-4893-BA1C-BEC5298D9080} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-15] (Microsoft Corporation)
Task: {3C9E3955-2663-4643-8FAB-36614EB09410} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {426B51D3-5373-4C95-8BAA-157CDA6DC244} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {49C87DFF-4762-4D1D-8F4C-22691BA0C5C3} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2017-04-07] (HP Inc.)
Task: {4A7E43E4-CFF8-4E64-8922-0A16B36AE432} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
Task: {67E6BE77-16C3-4D93-9424-0F2838333F25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {69A731B0-F8C7-479A-84E0-D7B24029416F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {6C36AB94-D5D5-4C7E-AAD9-399C45EACEE7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6D2D071A-68D0-4FBE-A60E-8C1607890E60} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {74A9C889-7756-42EC-A57F-2E9526518237} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
Task: {8892B1D1-B837-4446-8B08-049E4ACBEF1A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-16] (AVAST Software)
Task: {95C3AE04-7073-410C-9C68-5C47F59A679A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {9927C24D-A924-4C22-9379-344BC32B7B21} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {9C74FDC1-E1BA-42B7-8023-531747FF190E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B6225207-560D-4558-81EF-468174530E08} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {BC3AC66C-8A69-4F83-8A19-6FA43A079789} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-15] (Microsoft Corporation)
Task: {C82D5BD4-6668-4856-A9F8-7426C77D4435} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-15] (Microsoft Corporation)
Task: {C99C15B9-5462-4DF5-9865-E3249BC97FEE} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {DA00F470-70A1-40FD-ADF3-6388765CABEC} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {DE725046-B454-437A-80A3-F16540AFFA0D} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2016-08-29] (CyberLink Corp.)
Task: {E1ED9535-E52E-493D-B027-97E8E7721681} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {E8BD7591-E703-4839-8E09-7C0AF5BAB740} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {F43DE4A2-0297-413A-A31C-1D86D30E6252} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-15] (Microsoft Corporation)
Task: {FD48E174-2D78-428E-8AAD-30561EC14454} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\RtlLanOptimizerVistaStart.job => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Azizs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Azizs\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-09 10:03 - 2018-03-23 21:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-02-08 07:53 - 2018-02-08 13:46 - 000075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-07-19 18:09 - 2017-07-19 18:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-11-24 05:37 - 2016-11-24 05:37 - 000019456 _____ () C:\Program Files\SmartManagerV3\ElevateService.exe
2016-11-17 19:26 - 2018-03-14 09:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-17 02:27 - 2016-11-17 02:27 - 000135680 _____ () C:\Program Files\Smart Update\Update_Service.exe
2016-11-17 19:26 - 2018-03-23 19:02 - 000135136 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-10-20 04:47 - 2018-04-02 23:03 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-17 05:19 - 2016-11-17 05:19 - 000266240 _____ () C:\Program Files\Smart Update\GMSG.exe
2016-11-24 05:37 - 2016-11-24 05:37 - 000009728 _____ () C:\Program Files\SmartManagerV3\OSD\IsMetroUI.dll
2016-11-24 05:38 - 2016-11-24 05:38 - 000529920 _____ () C:\Program Files\SmartManagerV3\OSD\Skin\OSD_Skin.dll
2016-11-24 05:37 - 2016-11-24 05:37 - 000213504 _____ () C:\Program Files\SmartManagerV3\GetDispDevs.dll
2016-11-24 05:37 - 2016-11-24 05:37 - 000098304 _____ () C:\Program Files\SmartManagerV3\PCIeCtl.dll
2016-11-24 05:38 - 2016-11-24 05:38 - 005718528 _____ () C:\Program Files\SmartManagerV3\Skin\Main_Skin.dll
2016-07-15 03:51 - 2016-07-15 03:51 - 000418304 _____ () C:\Program Files\SmartManagerV3\EmptyProject11.exe
2017-07-28 22:45 - 2017-07-28 22:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2018-04-24 22:19 - 2018-04-24 22:24 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-24 22:19 - 2018-04-24 22:24 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-24 22:19 - 2018-04-24 22:24 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-24 22:19 - 2018-04-24 22:24 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-24 22:19 - 2018-04-24 22:24 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-26 14:50 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-26 14:50 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-25 18:25 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-26 14:49 - 2018-02-21 20:29 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-04-26 14:49 - 2018-04-15 16:08 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-04-26 21:17 - 2018-04-25 23:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-04-26 21:17 - 2018-04-25 23:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2016-09-15 00:25 - 2016-09-15 00:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-11-17 19:26 - 2018-03-14 09:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-17 01:50 - 2018-01-17 01:50 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-11-17 19:27 - 2018-03-14 09:04 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-03-29 02:45 - 2018-03-14 09:04 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-03-29 02:45 - 2018-03-14 09:04 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-04-15 05:07 - 2017-04-13 13:58 - 050656768 _____ () C:\Users\Azizs\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2018-04-15 05:07 - 2017-04-13 13:58 - 001874944 _____ () C:\Users\Azizs\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2018-04-15 05:07 - 2017-04-13 13:58 - 000075264 _____ () C:\Users\Azizs\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2017-06-02 23:23 - 2018-03-27 19:36 - 081770384 _____ () C:\Users\Azizs\AppData\Roaming\Spotify\libcef.dll
2017-06-02 23:23 - 2018-03-27 19:36 - 003740560 _____ () C:\Users\Azizs\AppData\Roaming\Spotify\libglesv2.dll
2017-06-02 23:23 - 2018-03-27 19:36 - 000088464 _____ () C:\Users\Azizs\AppData\Roaming\Spotify\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\sharepoint.com -> hxxps://ubishopsca-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2017-11-11 19:58 - 000000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
188.240.208.152 mf.svc.nhl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Azizs\Downloads\art_warrior_armor_helmet_sword_wind_storm_95288_1920x1080.jpg
DNS Servers: 192.197.190.2 - 192.197.190.102
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "LeagueDisplays"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "ECigStats"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_3AD9A66FC9B75AE9A998588DF49897EF"
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\...\StartupApproved\Run: => "lite"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{849F0F52-8B80-4D34-9001-4EBCA45C7F53}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [TCP Query User{033BE7FF-4494-40BC-9BD3-149E03D4B83E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [{87787A28-CA42-4323-A986-6B447C032DEE}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{2CA92E76-9C6C-4580-BFAA-2D3C03A455AC}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{57AEFF76-9221-4157-B9E0-EA7BF18B0613}] => (Allow) C:\Users\Azizs\AppData\Local\Lite\Application\lite.exe
FirewallRules: [{D3F1BD98-6075-4FAD-8BB7-89F4C6735A1C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6464275A-CCF2-4941-8430-727ABF0C784F}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [UDP Query User{BE17DB36-66CC-45A9-873F-B4A8FFF8EC7F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [TCP Query User{03812BA1-35B0-4CD6-A5A5-37A9CAFDCBEC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{F8F8ADCF-DC94-4229-A565-10D7DB6A115F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{EE095CF4-1473-47D9-8FAE-C12F18796A8B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [{704C9AC0-87D3-4799-8940-422F914EA898}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25C90CDA-1DD8-4412-8B6F-55805BCF2413}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{70299416-DC56-4515-9306-73D90D388800}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DF7A840C-284D-4601-A3A9-E2FA716F87FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{CB228880-3EC5-4870-A784-F7DE3682A8C3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E689F241-2767-4EC6-B5A7-AAA8A20F9C92}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [{9C56293A-A8B2-4045-9D32-A7C8AD8D7AEB}] => (Allow) C:\Program Files\Daedalus\cardano-node.exe
FirewallRules: [UDP Query User{846382E9-E225-4B36-9861-5ABFA4AEB0DB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2304CC88-A0B7-4376-958F-77E6A2BD7271}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3CE8A3AD-7AC1-4EC5-87A8-C18E14D380BA}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{70F67E3E-B21B-40E6-8C70-BF10A85B1653}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{5318A5D3-CEC4-40FD-9CAB-C0A951FC06E7}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{04D16358-FDF3-4A41-971F-6A0FEA828831}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [UDP Query User{AD0905EB-4AB0-47F6-B45A-1D749266E7D1}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe
FirewallRules: [TCP Query User{7BBF7CB9-4C1B-45B7-9C08-BE3B27FB99E8}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame_be.exe
FirewallRules: [UDP Query User{7C0F202B-8D61-4B81-BB27-26BA3324A8A2}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{1B191929-D4DE-497F-8652-C27318EFC316}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{B47472A9-778C-43F2-8B72-C380A660CA80}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe
FirewallRules: [{E02C59FE-98AD-44E3-BDF3-93AC3FC3B613}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe
FirewallRules: [{1846BCC5-8249-4C26-9DA1-B88538ABA840}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{029A7538-F75E-4F7C-8341-A7842FC368F1}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{D9AF48E4-BA52-4A74-B4DC-46D615C9543B}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{9AA8A117-AECD-494E-860A-BABBDAD94454}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [UDP Query User{17F87B00-F9F7-421D-9B0F-7CD322F5B2E6}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4mp.dat] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4mp.dat
FirewallRules: [TCP Query User{80F690DD-E7C7-4375-B82A-660996B7BB04}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4mp.dat] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4mp.dat
FirewallRules: [UDP Query User{2D24639E-0332-4200-B6DD-42BA62FB8F42}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\com.dat] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\com.dat
FirewallRules: [TCP Query User{C2BE8864-1D61-483E-9EC6-D96D4C2525AF}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\com.dat] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\com.dat
FirewallRules: [UDP Query User{9ED5FA89-C700-4AC1-8716-EAB9FDB37E01}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4masterserver.dat] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4masterserver.dat
FirewallRules: [TCP Query User{886A91EF-6EA3-47FC-9AB2-1FCA8CAFB83B}D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4masterserver.dat] => (Allow) D:\call of duty modern warfare 2 iw4play mp+sp ^^nosteam^^\call of duty modern warfare 2\iw4masterserver.dat
FirewallRules: [{631D3F30-F90A-463C-BAFC-DDE7BE9F7654}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D45168FE-7F9F-49A2-B994-E144654A695B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8A118A28-2858-4411-8AB3-BA5184FCF3A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{B0DBF5DF-E410-4D3C-B0A1-B3A7C56FADD7}D:\call of duty modern warfare\iw3mp.exe] => (Allow) D:\call of duty modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{FB83BC2E-7B5B-481C-89FA-799CBB02490D}D:\call of duty modern warfare\iw3mp.exe] => (Allow) D:\call of duty modern warfare\iw3mp.exe
FirewallRules: [{61E5F7A3-5E1D-4974-8683-A2115ED3E9F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{60E89E1F-1E34-4E0D-96F6-6380FAB67A76}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{073DDA41-BCF7-4C5E-9D3C-344D01EBAEA5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{90FB4575-5916-47C2-869C-18EF397737CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{542CEB92-2793-4B7D-A30F-6FEC66F24111}C:\users\azizs\downloads\cyder.exe] => (Allow) C:\users\azizs\downloads\cyder.exe
FirewallRules: [TCP Query User{1F3DD26A-5829-4E81-ABA4-8A7042422454}C:\users\azizs\downloads\cyder.exe] => (Allow) C:\users\azizs\downloads\cyder.exe
FirewallRules: [{3F12A8C9-9946-4CA7-906A-707F2F90B555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{A1A6DC71-5E95-4967-819C-F878AA4E6987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{E6043CA0-2E97-4952-9A9E-DD1DD603C062}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{7D1FB995-AD68-4E25-89BB-4C80D6BEBF7F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EA9ED0E8-054D-4E0A-9C93-FA4982270A38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C0DE0833-C287-4C6A-8CF7-271CD9FFB6E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{487904DF-B8C6-401B-8476-84332ACB07AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{EB67FD18-519C-4D69-85C3-7A066A700044}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{57E1401B-3932-4C64-9B6A-5845465FF0AF}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{41F755BE-F863-4EFB-941A-78C64DF652D6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{DB34917D-30F7-4AE7-915E-908337BBB91A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B6F8FF13-08BE-494F-A849-D5BBEB93A495}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{E1A693BA-1DC0-49E0-8EA4-E0645FFA6B54}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9C38A88C-1C3B-47E0-B038-42D2E76FB323}D:\monero-gui-0.11.0.0\monerod.exe] => (Allow) D:\monero-gui-0.11.0.0\monerod.exe
FirewallRules: [TCP Query User{3E1326E9-5EBB-4B67-8410-94B858AD8CA9}D:\monero-gui-0.11.0.0\monerod.exe] => (Allow) D:\monero-gui-0.11.0.0\monerod.exe
FirewallRules: [UDP Query User{BEDB101D-DF7F-40C0-A395-BDB4D546197D}C:\users\azizs\desktop\monero-gui-0.11.0.0\monerod.exe] => (Allow) C:\users\azizs\desktop\monero-gui-0.11.0.0\monerod.exe
FirewallRules: [TCP Query User{B799582C-5E61-4C5B-BA6E-B074CA23204A}C:\users\azizs\desktop\monero-gui-0.11.0.0\monerod.exe] => (Allow) C:\users\azizs\desktop\monero-gui-0.11.0.0\monerod.exe
FirewallRules: [UDP Query User{33C51B44-E268-4D20-932F-944FC3B2CA20}C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{2034CE41-D287-4AF9-8AA5-593397540EEA}C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{02CE6DE2-3DE2-404F-BA39-D06B0BB54F61}C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{F0224ECA-9DB7-4E99-8108-987C0AB6EA14}C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\azizs\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1A9A19A1-92F2-4902-9A9F-B09CAD941F94}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2A57FD86-4A53-4746-B8C9-40108C54B7D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{19971802-52D7-4FCD-8E0F-CE5969C65AB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7BC07EB0-122B-40AC-8CA6-3DF0F10E7D75}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{77141268-F922-4ABA-B254-E492D8F150C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5B524E5F-4EDA-4897-AB9E-82788532CC03}] => (Allow) D:\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{73B05176-878F-4D92-910A-563C4E65B3E5}] => (Allow) D:\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{4202A00B-2CD2-4552-AA3C-DA11395471ED}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{1F0BF1F9-F155-4076-B02E-9C47B3B51C82}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{85093C75-7E92-40B2-A5F4-DC0DE023DD86}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CCB21638-F29A-4236-9783-239F8779E83F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [UDP Query User{D11A2862-2623-4186-9BCE-FC1BC726CA84}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{59A89AD5-74EF-400B-A335-1D0DB5FFBFB2}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{AE62F9EF-435F-43C8-BA53-883CD9EB0E72}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5497E0A1-F437-4C71-80F9-68D8B0AE6DAA}] => (Allow) LPort=5357
FirewallRules: [{2DF57233-9826-4715-8B08-DC3F4B4F1C36}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{F10D64AA-53E6-49C7-A132-1A773CEB74A3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{AF31C491-E2B5-42B1-BAEC-4BE5ABD00F17}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{2924B43F-C4BF-4160-9B92-AF506843A5F0}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{9858C9EC-5910-4F70-A04A-942BEFEE6DF3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{ABA09CA1-FCD0-437C-90B7-04A93D4C7187}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{DA8C3C40-616B-4A8B-805F-1CB736209859}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{CB87CE59-17DA-4556-AA7E-61E24BAD75BC}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{D436874E-2E13-4762-956B-2CF6E4DF1646}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [UDP Query User{C80A9AD3-D8FB-41CB-B5BE-A99F1079C95C}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{E27A6980-9442-46B5-818E-312A010D48E8}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{8198395E-92D8-491C-B93D-91BEB823214D}] => (Allow) C:\Users\Azizs\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{690B2993-51EB-4E1E-9330-8DEE1002A014}] => (Allow) C:\Users\Azizs\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8F01DEC-15C8-4A9A-A623-A5CC2D2856DF}] => (Allow) C:\Users\Azizs\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8705600F-BABD-41A3-9B58-901EA6B23F05}] => (Allow) C:\Users\Azizs\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE99CBB2-7D97-44E0-95CD-8FC3DF03BA23}] => (Allow) C:\Users\Azizs\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6BA1E76-1735-431E-9C3B-9704CF356A70}] => (Allow) C:\Users\Azizs\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{80276B91-713D-4DA6-B0D6-0B2DD2B00894}C:\users\azizs\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azizs\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5CA95EA6-CCD5-45D5-9174-34B23A78D350}C:\users\azizs\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azizs\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B0EF6D8D-6D7B-4F5D-9EA8-0863CE2EF94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7BDA07E5-0C1E-4660-B919-51EC00F5F974}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C50345D0-55DA-45FC-ABAD-AAE79BCE18F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{112BB842-C2E2-4606-B500-2E93CCED050A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B8E3263D-4DBA-44FD-A246-A2B13F92800C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4EA2B3B8-F82C-426B-8164-BFF03FAF1A5E}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{ED4004DD-DD58-48F9-86A6-E6B043743858}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{90DD280B-2C5B-44E2-9444-28F69E487871}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{4B4D5206-0B27-4609-BDB7-44A455AFD9C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2018 12:54:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/27/2018 12:54:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/26/2018 07:56:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Azizs\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.402_none_15c8d4a49364b6d7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.402_none_5d760b7ba7e0dfdd.manifest.
 
Error: (04/26/2018 07:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.643, time stamp: 0x5ab294e4
Faulting module name: arwlib.dll, version: 3.0.0.613, time stamp: 0x5aa00e7b
Exception code: 0xc0000005
Fault offset: 0x000000000006f1d1
Faulting process id: 0x1234
Faulting application start time: 0x01d3dda6faf4ed65
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
Report Id: d2075451-388d-45b3-89bd-59150dd07a19
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/26/2018 07:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 66.0.3359.117, time stamp: 0x5ad57569
Faulting module name: ntdll.dll, version: 10.0.16299.402, time stamp: 0xd826f10d
Exception code: 0xc0000374
Fault offset: 0x00000000000f879b
Faulting process id: 0x1d98
Faulting application start time: 0x01d3ddb6ea4f532a
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cde5060f-7217-41c0-bd39-0fc95fe93167
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/26/2018 07:32:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Azizs\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.402_none_15c8d4a49364b6d7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.402_none_5d760b7ba7e0dfdd.manifest.
 
Error: (04/26/2018 05:37:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xe98
Faulting application start time: 0x01d3dd89b0dfc8b7
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 075fc5e5-253b-4e24-8e7c-e6f5d070f942
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/26/2018 02:49:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Azizs\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_15cbcf8893620c09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_5d79065fa7de350f.manifest.
 
 
System errors:
=============
Error: (04/27/2018 12:30:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 10:42:20 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 10:37:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 09:31:54 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 12:35:25 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 12:29:24 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 12:07:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/27/2018 12:00:11 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VQ0EG5C)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-VQ0EG5C\Azizs SID (S-1-5-21-379715055-2264656514-1796656529-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-04-26 13:57:56.646
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_C:\Users\Azizs\Desktop\New folder (8)\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.267.386.0, AS: 1.267.386.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4
 
Date: 2018-04-26 17:49:05.083
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.420.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 31%
Total physical RAM: 16137.36 MB
Available physical RAM: 11002.16 MB
Total Virtual: 18569.36 MB
Available Virtual: 12214 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:223.72 GB) (Free:14.3 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:423.32 GB) NTFS
 
\\?\Volume{1e4f0881-756c-4cbe-bd96-5e040d709aab}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{22b57ec4-064c-4abd-baa3-af5b45bd5fb6}\ () (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS
\\?\Volume{7f9a83fe-3d2a-4bb9-b94c-dd01c3b33100}\ (RecoveryImage) (Fixed) (Total:14 GB) (Free:0.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: EF0097BD)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EF00979E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached File  FRST.txt   207.58KB   0 downloads



#15 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 27 April 2018 - 12:13 PM

I uninstalled all pirated games prior. 

The CKscanner results

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\cyberlink\powerdvd12\common\navfilter\kmsvc.exe
c:\users\azizs\desktop\new folder (3)\# crack\zt.exe
c:\users\azizs\desktop\new folder (3)\# crack\zwidescreen.z2f
c:\users\azizs\downloads\call.of.duty.wwii.cracked-koncept.torrent
scanner sequence 3.CA.11.IEAAM0
 ----- EOF ----- 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users