Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome pops up with "sidited.net" advertisements


  • This topic is locked This topic is locked
16 replies to this topic

#1 N4TU5

N4TU5

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 30 May 2018 - 02:48 PM

(Internet edge does not allow to put spaces in the message area so I had to change to chrome. I'm starting to dislike edge..)

 

Hello!

So I'm having some problems with my pc. I think I downloaded some malware myself by being stupid and now I don't know how to fix it. There are several bad things that are going on my pc now and I'm not sure if they are connected, but I will list them below:

 

1. Google chrome pops up (even when it's closed. It's kinda regular, every hour or so) with some random advertisements. Before advertisement I can see that the web that pops up is "sidited.net". So I think it's the source of my problem.

2. An empty process (oftenly there are 2 of those at the same time) appears in task manager. It eats up my CPU I think. I usually notice it when playing games (I'm gamer) because my fps drops when that happens. The source of that process is a windows file I believe. And I can't tell which one as I end the task every time I see it and it is not in my task manager at the moment (I will edit this post or make a comment to update about this, probably with screenshots)

     (First two things probably are connected. I'm not too sure about this one, but I will still add it too)

3. My disc usage jumps up to 99-100% randomly. For example when I exited edge ad opened chrome to write this post I've been waiting for like 4-5 minutes to chrome to load up and it showed that Chrome used 98% of my disc at one point. Then it loaded and usage went down.

 

I think that is everything that I noticed so yeah. Below I will add those two scan text files. I will try to add them into spoiler tab or something (I'm not a regular forums visitor so I'm not sure how this stuff works).

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by N4TU5 (administrator) on N4TU5-PC (30-05-2018 21:16:27)
Running from C:\Users\user\Downloads
Loaded Profiles: N4TU5 (Available Profiles: N4TU5)
Platform: Windows 10 Education Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\user\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5062384 2016-02-10] (Realtek semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-12-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4514304 2014-08-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [USB Gamepad] => C:\WINDOWS\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1224704 2017-04-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [21430992 2018-03-27] (Corsair Components, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-19] (Valve Corporation)
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Run: [Lync] => C:\program files (x86)\microsoft office\root\office16\lync.exe [23838384 2018-05-25] (Microsoft Corporation)
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Policies\Explorer: [] 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{a3188e63-b716-4e59-a79b-7f7b93ff9b9b}: [DhcpNameServer] 5.20.0.10 5.20.0.11
Tcpip\..\Interfaces\{f55b01c2-394e-4a7e-ac8b-1a3a9ea16b12}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-09] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-12] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-09] (Microsoft Corporation)

Edge: 
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-15]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2483324785-3864439090-233930438-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-08-14] ()

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-05-30]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-14]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-14]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-14]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-14]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-14]

Opera: 
=======
OPR Extension: (Tampermonkey) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-13]
OPR Extension: (ScriptGate) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-05-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-16] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-09-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-06-09] (Hi-Rez Studios) [File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-04-24] (Lenovo Group Limited)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-12-23] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-23] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142440 2017-12-14] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2018-02-05] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2018-02-05] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R1 MpKsld836ee62; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6D08E8-ADED-4781-84DD-2B7E95F664CC}\MpKsld836ee62.sys [58120 2018-05-30] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4107504 2015-09-24] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_706cb08068861f25\nvlddmkm.sys [17493824 2018-01-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-01-24] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [23040 2012-11-29] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [34816 2013-03-20] (TPMX Electronics Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-12-31] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2016-02-10] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3069680 2016-02-10] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-12-31] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2017-04-07] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-30 21:16 - 2018-05-30 21:18 - 000025517 _____ C:\Users\user\Downloads\FRST.txt
2018-05-30 21:15 - 2018-05-30 21:16 - 000000000 ____D C:\FRST
2018-05-30 21:12 - 2018-05-30 21:12 - 002413056 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2018-05-29 19:24 - 2018-05-30 16:12 - 000000000 ____D C:\Users\user\AppData\Roaming\StardewValley
2018-05-29 13:21 - 2018-05-29 13:21 - 005215923 _____ C:\Users\user\Downloads\forge-1.12.2-14.23.4.2705-installer-win.exe
2018-05-29 13:04 - 2018-05-29 13:04 - 000036456 _____ C:\Users\user\Downloads\VillageInfo_1.12.2.zip
2018-05-29 08:02 - 2018-05-29 08:02 - 415967450 _____ C:\Users\user\Downloads\Stardew.Valley.v1.3.14.rar
2018-05-24 15:37 - 2018-05-18 13:16 - 000000000 ____D C:\Users\user\Downloads\Laboras5
2018-05-24 15:36 - 2018-05-12 21:55 - 000000000 ____D C:\Users\user\Downloads\Laboras4
2018-05-24 13:59 - 2018-05-24 13:59 - 000000109 _____ C:\Users\user\AppData\Local\kritadisplayrc
2018-05-22 20:46 - 2018-05-22 20:46 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-22 17:27 - 2018-05-22 17:27 - 000000000 ____D C:\Users\user\AppData\Roaming\Corsair
2018-05-22 17:27 - 2018-05-22 17:27 - 000000000 ____D C:\Users\user\AppData\Local\Corsair
2018-05-22 17:21 - 2018-05-22 17:21 - 000001199 _____ C:\Users\Public\Desktop\Corsair Utility Engine.lnk
2018-05-22 17:20 - 2018-05-22 17:20 - 000000000 ____D C:\Program Files (x86)\Corsair
2018-05-22 17:15 - 2018-05-22 17:17 - 240615424 _____ C:\Users\user\Downloads\CorsairUtilityEngineSetup_2.24.50_release.msi
2018-05-21 22:49 - 2018-05-21 22:49 - 000000000 ___HD C:\Users\user\AppData\Local\Connection Wizard
2018-05-21 18:27 - 2018-05-21 18:27 - 000000000 ____D C:\Users\Public\Documents\Display
2018-05-21 15:25 - 2018-05-21 15:25 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2018-05-21 15:22 - 2018-05-21 15:22 - 000000000 ____D C:\Users\user\AppData\LocalLow\Lenovo
2018-05-19 09:09 - 2018-05-19 09:18 - 675499134 _____ C:\Users\user\Downloads\2018 04 26 Koncertas Motinos Dienai - Karininku Ramoveje.zip
2018-05-19 09:08 - 2018-05-19 09:33 - 3077355314 _____ C:\Users\user\Downloads\VIDEO_TS.zip
2018-05-18 20:49 - 2018-05-18 20:49 - 000000000 ___HD C:\Users\user\AppData\Local\MSN Gaming Zone
2018-05-18 00:49 - 2018-05-18 00:49 - 000000000 ___HD C:\Users\user\AppData\Local\Miniport Driver
2018-05-17 13:07 - 2018-05-17 13:07 - 000000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2018-05-16 19:47 - 2018-05-16 19:54 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-15 12:42 - 2018-05-15 12:42 - 000000000 ____D C:\Users\user\AppData\Roaming\Synplicity
2018-05-14 22:05 - 2018-05-16 17:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-14 22:05 - 2018-05-16 17:12 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-14 22:04 - 2018-05-17 17:10 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-14 22:04 - 2018-05-17 17:10 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-14 22:04 - 2018-05-14 22:04 - 001129816 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2018-05-13 23:37 - 2018-05-14 11:59 - 1955923898 ____R C:\Users\user\Downloads\Conan.Exiles.Patch.02.02.2017.zip
2018-05-13 22:55 - 2018-05-13 22:55 - 000000000 ____D C:\Users\user\AppData\LocalLow\Raft
2018-05-13 22:49 - 2018-05-13 22:49 - 000003874 _____ C:\WINDOWS\System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB}
2018-05-13 22:49 - 2018-05-13 22:49 - 000003756 _____ C:\WINDOWS\System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3}
2018-05-13 22:49 - 2018-05-13 22:49 - 000003510 _____ C:\WINDOWS\System32\Tasks\{496FA8EB-3AFD-1146-3D9B-AE21D0EE40EE}
2018-05-13 22:49 - 2018-05-13 22:49 - 000000002 _____ C:\Users\user\AppData\Local\WMI.ini
2018-05-10 12:21 - 2018-05-10 12:21 - 000001327 _____ C:\Users\user\Desktop\The Walking Dead A New Frontier Episode 5.lnk
2018-05-10 12:07 - 2018-05-10 12:21 - 000000000 ____D C:\Program Files (x86)\The Walking Dead A New Frontier Episode 5
2018-05-06 13:51 - 2018-05-06 13:51 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:18 - 2018-05-06 13:18 - 000000000 ____D C:\Users\user\AppData\Local\Skyrim
2018-05-06 12:43 - 2018-05-06 12:43 - 000001410 _____ C:\Users\user\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk
2018-05-06 12:14 - 2018-05-07 20:14 - 000000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition
2018-05-02 22:10 - 2018-05-02 22:10 - 000000000 ____D C:\Users\user\AppData\LocalLow\NoBrakesGames
2018-04-30 21:02 - 2018-05-05 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-30 20:19 - 2015-12-31 14:52 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-30 19:56 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-30 19:55 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-30 19:55 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-30 19:50 - 2018-01-23 19:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-30 15:58 - 2017-08-07 23:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-30 14:53 - 2016-03-03 16:58 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2018-05-30 10:43 - 2018-01-23 20:48 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-30 08:45 - 2016-11-17 16:48 - 000606377 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-05-30 08:39 - 2017-08-07 23:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-28 17:34 - 2018-04-09 08:11 - 000273408 ___SH C:\Users\user\Desktop\Thumbs.db
2018-05-25 23:54 - 2016-05-27 17:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-25 17:28 - 2016-01-04 13:56 - 000000000 ____D C:\Users\user\AppData\Roaming\AIMP
2018-05-25 17:27 - 2017-09-29 16:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-25 17:24 - 2015-12-31 10:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-25 17:09 - 2017-08-17 11:57 - 000000000 ____D C:\Users\user\AppData\Local\LenovoServiceBridge
2018-05-24 13:59 - 2017-11-14 13:00 - 000026307 _____ C:\Users\user\AppData\Local\kritarc
2018-05-24 12:39 - 2018-01-23 19:27 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2018-05-24 12:01 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-23 23:27 - 2018-04-10 12:16 - 000059904 ___SH C:\Users\user\Downloads\Thumbs.db
2018-05-22 20:47 - 2018-01-20 19:23 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-22 17:22 - 2017-09-29 16:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-21 21:58 - 2018-02-28 11:51 - 000000000 ____D C:\Users\user\AppData\Roaming\LatticeSemi
2018-05-21 18:23 - 2018-01-23 20:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-21 15:13 - 2017-09-29 11:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-20 11:40 - 2018-01-23 20:48 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2483324785-3864439090-233930438-1001
2018-05-20 11:40 - 2016-01-01 11:36 - 000002398 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-20 11:40 - 2016-01-01 11:36 - 000000000 __RDL C:\Users\user\OneDrive
2018-05-19 10:51 - 2015-12-31 10:35 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2018-05-17 13:30 - 2017-12-16 20:16 - 000000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2018-05-17 13:28 - 2016-01-03 23:29 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2018-05-16 23:34 - 2018-01-23 20:48 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-16 23:33 - 2015-12-31 10:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 23:08 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-14 22:05 - 2016-01-05 16:18 - 000000000 ____D C:\Users\user\AppData\Local\Google
2018-05-14 22:05 - 2016-01-05 16:18 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-14 13:53 - 2018-02-01 11:21 - 000000000 ____D C:\Users\user\ansel
2018-05-13 22:41 - 2018-04-01 23:07 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2018-05-13 21:09 - 2015-12-31 09:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-13 21:05 - 2018-04-09 09:02 - 000000000 ____D C:\Program Files (x86)\The Walking Dead Season 2
2018-05-13 21:05 - 2018-02-23 00:01 - 000000000 ____D C:\Users\user\Documents\Telltale Games
2018-05-12 08:26 - 2018-01-23 19:24 - 001486994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-10 23:18 - 2018-01-28 11:27 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2018-05-10 19:15 - 2016-08-31 11:55 - 000000000 ____D C:\Users\user\AppData\Local\Windows Live
2018-05-07 00:36 - 2017-08-07 23:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-06 13:52 - 2017-08-07 23:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-06 13:51 - 2018-01-31 19:02 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:51 - 2018-01-31 19:02 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:51 - 2018-01-31 19:01 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:50 - 2018-01-23 20:48 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:50 - 2018-01-23 20:48 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:50 - 2018-01-23 20:48 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:50 - 2018-01-23 20:48 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-06 13:50 - 2017-08-07 23:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-06 13:18 - 2016-05-26 14:23 - 000000000 ____D C:\Users\user\Documents\My Games
2018-05-05 22:25 - 2018-04-06 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BANDAI NAMCO Games
2018-05-05 22:24 - 2018-04-13 21:08 - 000000000 ____D C:\Program Files (x86)\Sword Art Online - Fatal Bullet
2018-05-04 17:27 - 2016-04-03 22:49 - 000000000 ____D C:\Users\user\AppData\Roaming\OBS
2018-05-03 20:26 - 2016-01-02 15:11 - 000000000 ____D C:\Users\user\Documents\replicas
2018-04-30 21:04 - 2017-08-23 17:27 - 000000000 ____D C:\Users\user\AppData\Local\SKIDROW

==================== Files in the root of some directories =======

2017-11-14 13:01 - 2017-11-14 13:01 - 000000065 _____ () C:\Users\user\AppData\Local\emaildefaults
2017-11-14 13:03 - 2017-11-14 13:03 - 000000356 _____ () C:\Users\user\AppData\Local\karboncalligraphyrc
2018-03-22 12:12 - 2018-03-22 12:12 - 000000037 _____ () C:\Users\user\AppData\Local\klanguageoverridesrc
2018-05-24 13:59 - 2018-05-24 13:59 - 000000109 _____ () C:\Users\user\AppData\Local\kritadisplayrc
2017-11-14 13:00 - 2018-05-24 13:59 - 000026307 _____ () C:\Users\user\AppData\Local\kritarc
2017-11-16 21:53 - 2017-11-16 21:55 - 000000061 _____ () C:\Users\user\AppData\Local\kritashortcutsrc
2016-03-23 17:37 - 2016-03-23 17:37 - 000000000 ___SH () C:\Users\user\AppData\Local\LumaEmu
2017-09-29 16:42 - 2017-09-29 16:42 - 000059904 ____N (Microsoft Corporation) C:\Users\user\AppData\Local\nHEOUePUMoe.exe
2017-12-13 11:13 - 2017-12-13 11:13 - 000007578 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2018-05-13 22:49 - 2018-05-13 22:49 - 000000002 _____ () C:\Users\user\AppData\Local\WMI.ini

Some files in TEMP:
====================
2018-05-29 14:36 - 2018-05-29 14:36 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-8942524497659683173.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-26 16:39

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by N4TU5 (30-05-2018 21:19:02)
Running from C:\Users\user\Downloads
Windows 10 Education Version 1709 16299.192 (X64) (2018-01-23 17:52:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2483324785-3864439090-233930438-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2483324785-3864439090-233930438-503 - Limited - Disabled)
Guest (S-1-5-21-2483324785-3864439090-233930438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2483324785-3864439090-233930438-1007 - Limited - Enabled)
N4TU5 (S-1-5-21-2483324785-3864439090-233930438-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-2483324785-3864439090-233930438-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
.NET Core SDK 1.1.8 (x64) (HKLM\...\{43A4F49E-040E-42F2-8A57-A95CF4B1B725}) (Version: 4.18.5242 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.8 (x64) (HKLM-x32\...\{5fd48f7d-1d6f-4ef8-abcb-b91b48118165}) (Version: 1.1.8 - Microsoft Corporation)
„Windows 10“ pagalbinė naujinimo priemonė (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
„Windows Live Essentials“ (HKLM-x32\...\{0821D14F-A0CF-470D-88ED-E255B4535D34}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1887, 19.02.2017 - AIMP DevTeam)
Akamai NetSession Interface (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{F02CC6FE-37FC-3D47-F961-721D85BAF224}) (Version: 10.1.15063.674 - Microsoft) Hidden
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version:  - Ubisoft)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
BattleBlock Theater (HKLM-x32\...\BattleBlock Theater_is1) (Version:  - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Brother MFL-Pro Suite DCP-T500W (HKLM-x32\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.02034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{B9FE27F9-F458-4775-8C12-A8238960583F}) (Version: 4.4.02034 - Cisco Systems, Inc.) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D1844DC3-B378-47CC-AB40-7FC16C79A2CD}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
CodeBlocks (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Corsair Utility Engine (HKLM-x32\...\{BB25387A-061E-42E9-AB2F-64073B3E3180}) (Version: 2.24.50 - Corsair)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{5FC8BCBB-3408-48B0-BAF0-839490F7AE65}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.77 - NVIDIA Corporation) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Fotogalerija (HKLM-x32\...\{78D9B622-3BB0-4A44-B7BF-3FECCA0CC63D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Ibb and Obb (HKLM-x32\...\SWJiYW5kT2Ji_is1) (Version: 1 - )
icecap_collection_neutral (HKLM-x32\...\{12C1EC05-F936-4A80-821E-7AAC64C4E6FF}) (Version: 15.6.27413 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{C8E22DF4-5498-4B61-93CF-3081BE95A1BA}) (Version: 15.6.27413 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{079302B9-1EF0-46D0-83FA-382C01ADF6E6}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{500E3263-4930-456B-AD78-E6D0ACC7ABB1}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{63E2B575-D6F7-4572-8EA9-3DAC4208AA2A}) (Version: 10.0.1741 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{87A8879A-3189-4E81-8D1A-0467301C5049}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{971E24EB-1096-64A5-10C0-7FD2D3774669}) (Version: 10.1.15063.674 - Microsoft) Hidden
Krita (x64) 3.3.2.1 (HKLM\...\Krita_x64) (Version: 3.3.2.1 - Krita Foundation)
Lattice Diamond 3.10 (64-bit) (HKLM-x32\...\{FA760214-7E77-4C0D-B029-5F380D807A9B}) (Version: 3.10 - Lattice Semiconductor Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.3 - Lenovo)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Microsoft .NET Core SDK - 2.0.2 (x64) (HKLM-x32\...\{7976d84c-fdff-4801-99ca-cd8354fbbaaf}) (Version: 2.0.2 - Microsoft Corporation)
Microsoft .NET Core SDK - 2.1.100 (x64) (HKLM-x32\...\{2b09e4df-e475-4875-adfc-ab2f261f5b88}) (Version: 2.1.100 - Microsoft Corporation)
Microsoft .NET Core SDK - 2.1.101 (x64) (HKLM-x32\...\{d6e98a01-a05e-4d65-a8e5-21897d1d2501}) (Version: 2.1.101 - Microsoft Corporation)
Microsoft .NET Core SDK - 2.1.103 (x64) (HKLM-x32\...\{759f58bf-356b-4499-882f-086f6ea9d3f2}) (Version: 2.1.103 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - December 2017 (HKLM-x32\...\{3E92648F-29FD-4832-89A1-243C6B770445}) (Version: 5.1.1 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.4 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.4) (Version: 5.4.1811.0037 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft Office 365 ProPlus - lt-lt (HKLM\...\O365ProPlusRetail - lt-lt) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Lithuanian/Lietuvių k. (HKLM-x32\...\Office14.OMUI.lt-lt) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0003 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{EE99006A-F227-41BA-884C-C3AF9642D95A}) (Version: 14.0.3006.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM-x32\...\{FBD0D997-4E36-4B10-8471-BD7CF42ECE7F}) (Version: 14.0.3006.16 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.15.3248.309 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{1ED7F328-5789-44D8-A9BA-C352B8E4018D}) (Version: 10.0.1988 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Movie Maker (HKLM-x32\...\{1FA9CD0B-A51B-405F-9F25-D83D36F89404}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{577FB968-1AAC-A315-93D6-419725A69F36}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
MuseScore 2 (HKLM-x32\...\{B0C97A3D-22BA-4F8D-A95D-6FF42E22AF4A}) (Version: 2.2.0 - Werner Schweer and Others)
NBTExplorer (HKLM-x32\...\{FC4C8FDD-384C-471F-9E9A-C25B57ABE7A8}) (Version: 2.7.6.0 - Justin Aquadro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0427-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 48.0.2685.39 (HKLM-x32\...\Opera 48.0.2685.39) (Version: 48.0.2685.39 - Opera Software)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)
Python 3.6.3 (64-bit) (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\{b3a11d5f-0d2d-4bc3-ad72-39f3fa14162c}) (Version: 3.6.3150.0 - Python Software Foundation)
Python 3.6.3 Core Interpreter (64-bit symbols) (HKLM\...\{4F41E9C9-3079-4BB0-806E-EA74F6E218AC}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (64-bit) (HKLM\...\{5CAB3F9C-AC0C-4796-984C-292FF82FB112}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (64-bit) (HKLM\...\{B6B221CE-20AA-46D6-8156-911613216968}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (64-bit) (HKLM\...\{404A8C42-6B82-4B32-AC7F-0583644A04F2}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (64-bit symbols) (HKLM\...\{B6C96BF6-D381-4011-B65D-44FC4A7CFC9E}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (64-bit) (HKLM\...\{D3ABC2C4-85AF-4AFD-94D4-F2B84F49BFEA}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (64-bit) (HKLM\...\{48EC8399-294B-40F5-8274-E2AFBF0CFCBE}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (64-bit symbols) (HKLM\...\{28FDA5E7-4FD1-4659-96D0-E6D2FD756DDD}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (64-bit) (HKLM\...\{60B3332C-989F-4609-8D4F-7B1FD1DB0A5D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (64-bit symbols) (HKLM\...\{50A4B450-4499-4AF7-8AC9-5125DA32153A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (64-bit) (HKLM\...\{8FE3FFD1-2F7E-4EBB-A4B7-627E279DA70E}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (64-bit symbols) (HKLM\...\{43BEECFA-E1E7-4124-B3EC-124B7D35C170}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (64-bit) (HKLM\...\{2C6B5217-ACF4-4082-B19C-3463C9340E41}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (64-bit) (HKLM\...\{E3F016B8-A524-4F97-9095-944C31A971E0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21275 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Russian Fishing 4 (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\com.rf4game.rf4_launcher_en) (Version: 4.0.9224 - Russian Fishing Spb LLC)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0427-0000-0000000FF1CE}_Office14.OMUI.lt-lt_{58163C23-24DF-410E-87ED-8C58C383B70C}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\{EAABE756-8A47-440F-AAC7-2F6BFF589169}) (Version: 6.0 - Black Box)
The Walking Dead A New Frontier Episode 5 (HKLM-x32\...\The Walking Dead A New Frontier Episode 5_is1) (Version:  - )
TypeScript SDK (HKLM-x32\...\{4185E5A6-374B-4F53-B11C-630F750BC3CD}) (Version: 2.6.5.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Trine 2 -  Complete Story (HKLM-x32\...\GOGPACKTRINE2_is1) (Version: 2.0.0.4 - GOG.com)
Trine Enhanced Edition (HKLM-x32\...\1207659020_is1) (Version: 2.1.0.5 - GOG.com)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{BE2D1829-B45D-4D78-BF02-4076B86AC57C}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{A46D1F7A-BA32-2375-EF97-4975E594A7E7}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{E2EA2702-534B-D6C1-5AC4-724E3CE7B2D9}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Unturned Server Organiser (HKLM\...\Unturned Server Organiser) (Version: 2.2.2 - Pascal Devant)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{B5789DA1-92FB-4760-BD23-44DDCAA94584}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (2) (HKLM-x32\...\fc01dfbe) (Version: 15.6.27428.2015 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{8A2BDA07-3417-46C1-9058-CB32BC63E30E}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{F8F52853-A1A7-42C7-A082-5A6D5853BB0B}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{209A1A84-1A06-4954-9D73-7E654C5F8D7A}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{C2749223-157E-48F0-9410-A510361D6803}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{02DD895F-089F-4A63-81A9-78D00142AF20}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{E6A92308-33DF-494B-A91A-3B80FBC97F2B}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{6B45EEA3-85F8-4B26-B952-6830A45F2688}) (Version: 15.6.27323 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{13E08AD0-D6AC-44C4-9F5B-0AE2EB56B105}) (Version: 15.6.27421 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{03343DEA-224B-E9B6-1FBB-E637E6BC6BAA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.674 (HKLM-x32\...\{6824cee4-b358-4633-b82c-5f20894af8e2}) (Version: 10.1.15063.674 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{D8AA52A2-81E2-BB84-AAF9-C487C586CC15}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{5715A2A6-E637-81E3-464D-3F0F999E506A}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{2B8614A6-D0C1-CFE0-9311-7AF9227DC9BA}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{409D68FF-37DD-F8F4-A60F-30BEAA4AA4CE}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{3617F573-CF51-0F5A-063F-B272F98D0522}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FDE59EF8-D43D-F9DA-5B0C-CC9C90DB0335}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{87CC4887-0873-F87B-D804-6A78B07DC1F5}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D62E0DD5-9853-C09C-AE15-D02988503C60}) (Version: 10.1.15063.674 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Xamarin Android SDK Manager (HKLM-x32\...\{9EF61AB8-EE05-4A3D-9C8D-317C78C45CCF}) (Version: 0.1.132.0 - Xamarin) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{BE11522E-62A3-4D95-8327-33F5246349DF}) (Version: 1.2.3.15 - Xamarin) Hidden
Xamarin Workbooks and Inspector (HKLM-x32\...\{83710A28-017D-4007-997E-BD8C863FE596}) (Version: 1.4.0.9000 - Xamarin) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-06-07] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-15] (Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-06-07] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-24] (NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-06-07] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB1EB69-5613-4EAE-BE62-C1AE24763BBE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-25] (Microsoft Corporation)
Task: {114ECA40-8D59-4BFE-BA50-52C519D15F01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-27] (Microsoft Corporation)
Task: {23D94B90-47AA-4D18-8016-BD3DCEC6B255} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b3060f14-b094-4e79-b0e5-0b258b1fc975 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {272D1A0B-AF9C-4D0B-9CBF-7BC7051CCA24} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {280B9E73-A8B6-47F2-8144-4D11B3655D23} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {28DFA6B5-82F1-46FA-82DA-7C8398075C33} - System32\Tasks\{1DECE34F-6317-4E82-A4E0-93779533185F} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {2F9B9305-046F-469D-A0F5-15EAA7C1176B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {3149EEB1-99B3-4119-9228-0E3C99E7D3EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-25] (Microsoft Corporation)
Task: {34A6A16D-B980-4A33-879B-C00D7679BBEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-14] (Google Inc.)
Task: {36A2868F-702C-413F-932D-444DDAFEF9EF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-25] (Microsoft Corporation)
Task: {377D8408-0280-4213-AF93-65C73C3695F6} - System32\Tasks\{496FA8EB-3AFD-1146-3D9B-AE21D0EE40EE} => C:\WINDOWS\BEySE.exe [2017-09-29] (Microsoft Corporation)
Task: {4937FC4D-F11C-48B8-A7D7-BABF3492E832} - System32\Tasks\{90A94E73-3218-457F-B35E-04E0CF0B0AB7} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\user\Saved Games\LoL\lol.launcher.exe" -d "C:\Users\user\Saved Games\LoL\"
Task: {4D7743D5-D972-4A75-896D-72EE1815226F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {52BFBC81-AC36-40FD-9FBE-0FD1A088B9D0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {57E5D7D1-208F-4EE7-85DD-741C706CD135} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-27] (Microsoft Corporation)
Task: {5B924109-ECE6-4593-9A87-2FA21E6CCF97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-27] (Microsoft Corporation)
Task: {5EDC8DCE-FE74-4635-8A8D-3AEE6D1F132B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {5EFFD372-F89C-43CB-89D9-1D5F25FFED30} - System32\Tasks\{41492F88-2D7F-4455-89FD-1F1392AB4A8C} => "c:\windows\system32\launchwinapp.exe" hxxps://ui.skype.com/ui/0/7.36.0.101/lt/abandoninstall?page=tsInstall
Task: {606A8DEC-1A29-4FC9-893D-6FA199DAAF20} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-25] (Microsoft Corporation)
Task: {61B1E807-B748-45F1-ADB9-64BC40F592A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {65EE7EB0-DA3C-419E-AFD3-231DE2CB0D08} - System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset
Task: {71E92515-D9AD-441C-AD3F-EFE2D4DC5AF1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-04-24] (Lenovo Group Limited)
Task: {81628B9B-F37B-4739-B1B7-562BE5643DFF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {827C69DF-072F-4B3C-B063-74BCB3B8F122} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-25] (Microsoft Corporation)
Task: {88AE8E4D-11AB-4668-976C-AA00EF8C43B6} - System32\Tasks\{F55C4D0C-576D-4742-BC79-E3FFD0E748ED} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\user\Saved Games\LoL\lol.launcher.exe" -d "C:\Users\user\Saved Games\LoL\"
Task: {8EDABF02-18D0-40FE-8AF7-26F9DD6C61F4} - System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3} => C:\Users\user\AppData\Local\nHEOUePUMoe.exe [2017-09-29] (Microsoft Corporation)
Task: {8F423143-4933-49BA-B1EF-672C7F0AF42B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\afe2c894-fefe-4cf7-8dc6-6373cace3856 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {921F9422-C2A6-4B99-BE9D-7C9B507BB556} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {A540F154-5CE6-4D61-909C-464EB89297C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-14] (Google Inc.)
Task: {AA6DFB8F-ED90-4C07-8429-8C01D3C382CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {B154A0B4-E9F1-4353-9E65-126956A6C1CF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BD025A48-37F6-40A0-873E-C0B25B962B92} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-27] (Microsoft Corporation)
Task: {C0C14CC8-A678-4133-879C-57952DD7295E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0fc28e2c-321e-42cd-bfed-45ca1a90b1b1 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {C1E2E392-3E59-4AE1-81E8-70D8BF00E78F} - System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://sidited.net/cl/?guid=e27t5j1jukdil6xacigefm25s2ca4gx8&prid=1&pid=4_1324_0
Task: {C28BE233-6838-4812-8A2B-6B0E0B3F147C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {C3B59066-3EF5-495F-B413-87DB8D3B14FD} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {C5ECCD5E-5134-4E7C-B206-06749B212B47} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {D1929B21-3FC3-4B95-946B-890A9E27A853} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3fee0a9e-560f-4568-a7db-548d7aaed0b6 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-04-24] (Lenovo Group Limited)
Task: {D310A3C8-27E8-4060-A788-4945891987E3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {D9AAC056-3F9C-4BC0-A595-6DE0157CE81E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {E0307809-5497-460F-882B-C7AF65D3FE03} - System32\Tasks\{DB46676E-8B27-4AF6-9BC9-88518AFEF03C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\user\Saved Games\LoL\lol.launcher.exe" -d "C:\Users\user\Saved Games\LoL\"
Task: {E18A0E5F-DD2A-49B5-983E-A899910DE72B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {E7381B79-A0EF-4E49-90FC-0085C31176C0} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2483324785-3864439090-233930438-1001 => C:\Users\user\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-05-24] (Lenovo Group Limited)
Task: {EAA339AD-CCF1-422C-9955-729CFD25777F} - System32\Tasks\Opera scheduled Autoupdate 1491981666 => C:\Program Files\Opera\launcher.exe [2017-10-10] (Opera Software)
Task: {EC76A548-CF97-4F6A-9223-042CCFD63ADF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {EFDED09D-D741-4092-8433-9BDB059B3192} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {F7DFABFA-E3F2-44A0-9C52-FBAD0D6CAFE5} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-05-25] (Microsoft Corporation)
Task: {F9D999CC-CA33-49A2-A984-D98F1664F6F7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-31 19:00 - 2018-01-24 03:23 - 000544240 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-01-31 19:01 - 2018-03-14 16:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-23 22:24 - 2016-12-23 22:24 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-09-18 16:47 - 2005-04-22 07:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-09-29 16:41 - 2017-09-29 16:41 - 000419840 _____ () c:\windows\system32\SSDM.dll
2017-09-29 16:41 - 2017-09-29 16:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-07 23:33 - 2018-01-24 01:57 - 000133704 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-23 22:28 - 2017-04-23 22:28 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-01-23 17:22 - 2018-01-23 17:22 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-23 17:22 - 2018-01-23 17:22 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-22 21:22 - 2018-05-22 21:23 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-22 21:22 - 2018-05-22 21:23 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-22 21:22 - 2018-05-22 21:23 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-22 21:22 - 2018-05-22 21:23 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-22 21:22 - 2018-05-22 21:22 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-05-02 08:58 - 2018-05-02 08:58 - 004165632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-02 08:58 - 2018-05-02 08:58 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-02-21 16:36 - 2018-02-21 16:37 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-21 16:36 - 2018-02-21 16:37 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-21 16:36 - 2018-02-21 16:36 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 18:12 - 2017-09-26 18:12 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 16:36 - 2018-02-21 16:37 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2018-05-19 22:14 - 2018-05-19 22:15 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-08 20:52 - 2018-05-08 20:52 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-03-28 12:30 - 2015-02-09 11:18 - 000124440 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2017-09-29 16:41 - 2017-09-29 16:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2017-04-07 20:27 - 2017-04-07 20:27 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2017-09-12 13:33 - 2016-02-24 07:48 - 000062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2017-09-12 13:33 - 2016-02-24 07:47 - 000110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2018-01-31 19:01 - 2018-03-14 16:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-27 19:18 - 2018-03-27 19:18 - 000197120 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2018-03-27 19:11 - 2018-03-27 19:11 - 000044544 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2018-03-27 19:42 - 2018-03-27 19:42 - 000151040 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2018-03-27 19:11 - 2018-03-27 19:11 - 000097280 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2017-10-02 08:54 - 2017-10-02 08:54 - 000013312 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-10-02 08:54 - 2017-10-02 08:54 - 001950720 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2018-01-31 19:02 - 2018-03-14 16:04 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-06 13:51 - 2018-03-14 16:04 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-06 13:51 - 2018-03-14 16:04 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2015-12-31 14:53 - 2018-05-01 10:32 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-12-31 14:53 - 2018-05-19 02:01 - 002632480 _____ () C:\Program Files (x86)\Steam\video.dll
2015-12-31 14:53 - 2016-09-01 04:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-14 17:04 - 2017-12-20 04:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 17:04 - 2017-12-20 04:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 17:04 - 2017-12-20 04:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 17:04 - 2017-12-20 04:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 17:04 - 2017-12-20 04:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2015-12-31 14:53 - 2016-09-01 04:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-12-31 14:53 - 2016-09-01 04:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-12-31 14:53 - 2018-05-19 02:01 - 000979232 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 16:36 - 2016-07-05 01:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-09 12:23 - 2018-05-01 10:32 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-13 16:38 - 2018-05-14 22:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-12-31 14:53 - 2015-09-25 02:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-11 09:33 - 2018-05-14 22:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-11 09:33 - 2018-05-14 22:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2483324785-3864439090-233930438-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\sharepoint.com -> hxxps://ktuedu-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-31 01:42 - 2015-07-31 01:39 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2483324785-3864439090-233930438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "USB Gamepad"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E2E5CAB6-6642-45DE-AF8B-7A167C85DD4B}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [TCP Query User{AF01344A-9437-4ECB-A2A6-07FD92E8B287}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [UDP Query User{3B389F80-58F7-4193-9DD1-09B9C911EF7A}C:\users\user\saved games\portal 2\portal2.exe] => (Block) C:\users\user\saved games\portal 2\portal2.exe
FirewallRules: [TCP Query User{E454AA20-5381-400A-BC7B-2AA2146F7CAE}C:\users\user\saved games\portal 2\portal2.exe] => (Block) C:\users\user\saved games\portal 2\portal2.exe
FirewallRules: [UDP Query User{C7452A5D-916B-4AB1-AB78-8B0C26487809}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{6F20D7B6-45CE-4618-A320-FBD3A2C37BBF}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{3902D809-10E3-42CE-9DCA-404A2C55209E}C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_eventplayer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_eventplayer.exe
FirewallRules: [TCP Query User{8C0B3D54-47D6-493C-879A-9B8B486F3072}C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_eventplayer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_eventplayer.exe
FirewallRules: [UDP Query User{3A897C0D-85E6-43CA-A21F-40B4818157A2}C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_musicplayer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_musicplayer.exe
FirewallRules: [TCP Query User{DF063326-23A0-47A5-9B4A-FD4EBCFF1422}C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_musicplayer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve mod tools\mod_tools\fmod_designer\fmod_musicplayer.exe
FirewallRules: [{00C8C4DA-C8F5-4856-B590-69BCD6AFC274}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\Sublime\sublime_text.exe
FirewallRules: [{41D9B533-E681-4526-A7AD-429C0C19DB0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\Sublime\sublime_text.exe
FirewallRules: [{ABFE2493-1271-4E1A-9762-EE1894C42EE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\Tiled\tiled.exe
FirewallRules: [{10C690FF-C39B-4CC3-8108-1CF3D9F87544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\Tiled\tiled.exe
FirewallRules: [{ACA63946-8FC0-487C-AEEC-5E9BA97E5B2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\FMOD_Designer\fmod_designer.exe
FirewallRules: [{4CDFD4B4-2240-40E3-AABA-B3AE1CBFF3B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\FMOD_Designer\fmod_designer.exe
FirewallRules: [{FD99FEF6-B7B1-41B0-93BD-9D004A4FA2E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\Spriter\Spriter.exe
FirewallRules: [{194A5E62-99B1-47E5-9C84-69D6DAAB40A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\mod_tools\Spriter\Spriter.exe
FirewallRules: [{476286C9-43FC-4239-BB97-B43A74809650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\ModUploader.exe
FirewallRules: [{41ACC210-C8D4-4CA2-BF71-40ED037F84A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Mod Tools\ModUploader.exe
FirewallRules: [{AD3E969B-A745-4774-B951-F01705BC1A06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{79090D8C-72AB-4378-9583-0587304EC0C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{96751CC2-AC94-4A0B-8AB1-D058BBDB8D52}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe
FirewallRules: [UDP Query User{31250C48-D23D-4601-B764-153D6082634F}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe
FirewallRules: [TCP Query User{207F3023-EF1A-4D00-B223-6457E304A341}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe
FirewallRules: [{53BFEDB5-8845-445E-9D60-DFE5B97E68C3}] => (Allow) C:\Program Files\Opera\48.0.2685.35\opera.exe
FirewallRules: [UDP Query User{30738E13-FACE-4100-9D40-72EB5FFB3688}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{D0FC38A4-69B5-47FB-89CB-5A07E2C1F27A}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D67B900E-4A18-4DF9-923C-23E692CE18DD}] => (Allow) LPort=50248
FirewallRules: [UDP Query User{4F8E5462-C934-401E-B349-35BB7BCD9732}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{9E7BA528-A3D6-4297-AA4E-689D8A0CA2D3}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A6208662-5EEB-4C83-B84D-5E6121DE9D0E}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{B7732460-CC2C-4CD5-A2EA-5C6F01DA38C1}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{F3347383-AA0B-43A8-8ADC-27A9348B380E}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{0605313A-E2AE-451F-B039-3A171BF63E7D}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{80A13CD3-C9CC-419F-BCA8-703DD1F80E68}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{A52778DD-ACDC-46DF-A55F-1ED2E5D00473}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [UDP Query User{579D0EF4-3175-4B16-B941-6290E04B79F0}C:\program files (x86)\nordic games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe] => (Allow) C:\program files (x86)\nordic games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe
FirewallRules: [TCP Query User{4C448B45-235B-4401-ACE5-F3FB7C87B7B9}C:\program files (x86)\nordic games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe] => (Allow) C:\program files (x86)\nordic games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe
FirewallRules: [UDP Query User{D4AE91FA-6D9E-4D45-9DD2-FF22D8F87E80}C:\gog games\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) C:\gog games\trine\_enchanted_edition_\trine1_32bit.exe
FirewallRules: [TCP Query User{F0E094CB-1170-4A23-9132-980356A3C4F4}C:\gog games\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) C:\gog games\trine\_enchanted_edition_\trine1_32bit.exe
FirewallRules: [UDP Query User{7D296ED3-BF72-42B7-8886-A4327557A390}C:\users\user\saved games\outlast\binaries\win64\olgame.exe] => (Allow) C:\users\user\saved games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{C684F3A9-0562-4A8D-B46D-555A8F0DC474}C:\users\user\saved games\outlast\binaries\win64\olgame.exe] => (Allow) C:\users\user\saved games\outlast\binaries\win64\olgame.exe
FirewallRules: [{43DBCF6F-943E-4281-B59B-9A6A50825839}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8E53FACA-4AA7-4D49-9B7B-4EF69A4F6264}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8F625FB7-FABA-4656-AB88-47B82C32C3E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04A4E7B9-F410-45F8-B901-3720A846A297}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{2EFDD66D-7FEC-4344-8E2A-EBF6AC01E071}C:\users\user\downloads\rmp210\rmp.exe] => (Allow) C:\users\user\downloads\rmp210\rmp.exe
FirewallRules: [TCP Query User{A113D730-3A91-4A4C-A83B-8D0D6FAB0AF2}C:\users\user\downloads\rmp210\rmp.exe] => (Allow) C:\users\user\downloads\rmp210\rmp.exe
FirewallRules: [{56C13834-79E5-4CFB-8ACD-A662002A2EC7}] => (Allow) LPort=54925
FirewallRules: [{95F92C4A-230F-4BC0-92FF-9BB92880C424}] => (Allow) LPort=1900
FirewallRules: [{95848C09-4949-4FDE-8356-7CC3C51CBD8D}] => (Allow) LPort=2869
FirewallRules: [{BE011647-CC81-48D9-B1D5-0D1468C50EA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{49A92EDA-FF01-4347-82A2-41227D688035}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4F56BA39-981E-4A3C-A93D-41628638C6A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F9D57216-693B-45FB-84A1-F944742AB7FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E8ACB404-CB67-4C20-B39E-5315E36A5666}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{EAD6D440-3871-4FCE-8427-F23DD170DC5A}C:\users\user\saved games\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) C:\users\user\saved games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{0AA6FED2-709D-4D2D-B58C-345A9FF0272F}C:\users\user\saved games\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) C:\users\user\saved games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [{9F782B07-F540-46F0-AFF4-D7295DAD426E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA 2K16\NBA2K16.exe
FirewallRules: [{AADCF742-0A06-48AE-B233-0C2BBB55ADE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA 2K16\NBA2K16.exe
FirewallRules: [UDP Query User{CEB0060E-2BEF-4722-81A4-04F3C847685A}C:\users\user\documents\unturned server organiser\game\unturned.exe] => (Allow) C:\users\user\documents\unturned server organiser\game\unturned.exe
FirewallRules: [TCP Query User{FBF5EF12-BCEC-4768-9E21-3594713E0362}C:\users\user\documents\unturned server organiser\game\unturned.exe] => (Allow) C:\users\user\documents\unturned server organiser\game\unturned.exe
FirewallRules: [UDP Query User{87167D8B-8AAA-4266-AA6E-9ABE29D31698}C:\users\user\saved games\ts3\ts3server.exe] => (Allow) C:\users\user\saved games\ts3\ts3server.exe
FirewallRules: [TCP Query User{52E2448D-9F80-465E-BA9D-EC13033395E6}C:\users\user\saved games\ts3\ts3server.exe] => (Allow) C:\users\user\saved games\ts3\ts3server.exe
FirewallRules: [{AFB50B1B-6426-4BEE-85B0-5182FED6E806}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{866FCD20-C63B-42E8-94E1-D358C4E8B04F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A4AC8B2-CC8B-4B30-B644-EA7918D29524}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A7F5C49-75D3-4A7B-B4E8-8CE69B1AC505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{89559D6D-D0F6-43BA-AC48-9F6974EC3BEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{EE05B91C-F004-41EB-9ECF-65D0266DFC25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7A5905AA-4F0C-44D8-8603-6F9E1AAB64CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DCA6CF39-D44B-430C-8F6D-FB1E19F9563E}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{72FEBA6A-4FB8-448F-95F2-0998BDC8E199}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AEAE8329-130D-4D8D-A525-06719BD3E626}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FCD5C57-5072-4B52-86BB-6F77115256C8}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC079584-1747-479C-8ACE-C48DD7F35FF8}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE9C40BB-5DC8-4BC8-AE85-60D7435BB1C0}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74815784-D59F-414E-9818-D7F208E3DD4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{74C94057-CE49-4C86-B05A-A55AD6278BB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F0569DAF-9C44-4EBD-BD6B-217C22A294B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe
FirewallRules: [{3EE672FB-8523-47ED-8DEF-9D6A5CA59D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe
FirewallRules: [TCP Query User{BE66C460-79F2-4371-94FB-BEBC5F3DFF52}C:\users\user\documents\unturned server organiser\gamevanilla\unturned.exe] => (Allow) C:\users\user\documents\unturned server organiser\gamevanilla\unturned.exe
FirewallRules: [UDP Query User{960F518D-E36B-4AC1-81B0-0FFBB6B48701}C:\users\user\documents\unturned server organiser\gamevanilla\unturned.exe] => (Allow) C:\users\user\documents\unturned server organiser\gamevanilla\unturned.exe
FirewallRules: [{747A06B3-8BFC-4554-ACFC-CBDF419973AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{6D98F0E7-E54C-4AB6-AC1A-31A94BE90759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{5BD12227-AA83-4A50-8E22-6931011A7C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8F9EEB7F-BC5D-405C-B995-742B1DF6FEA0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{64573F72-6E22-435E-9CE2-94953B5F9AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{5B9DE4D3-9C57-444A-9050-9CAC916D8C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{D3BD299A-D59D-46F4-8090-D972E18595D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{CE42F1B4-056E-4FDA-899A-3FFD97D16024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{694EA118-D662-4009-9DA7-9216A55E9882}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{69C1BBD6-C20A-4935-A784-B23C0C4ABBFC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FFABEC61-E563-4562-B023-AA804FDEE2CD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DF5369BE-F927-4CE0-AFA9-8AA730B4254B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AC3419CC-29D1-4576-A22A-3B32C7D0CB45}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{4D786FA9-BC63-4E0D-85A1-17EFAD5EA3A3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{2CC3ED49-F9AC-462C-86F2-6E86FDF1B4A7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{4049C88D-D471-4672-9074-BB4DFD464719}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{D6E085B7-8C54-4CE9-84AC-62FAB9FC58F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1595DE31-0818-472C-A9A4-D41226E38386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{8D906EA5-733E-4014-8479-3914539DA05D}C:\users\user\saved games\7 days to die\7daystodie.exe] => (Allow) C:\users\user\saved games\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{FEB7D8BF-1889-4316-83F7-AF9E0AF85626}C:\users\user\saved games\7 days to die\7daystodie.exe] => (Allow) C:\users\user\saved games\7 days to die\7daystodie.exe
FirewallRules: [{749171E3-14DA-4E22-8449-6F88D7495C29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{ED590C0B-4E4B-41FD-B726-3978B99360F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{581B2AAA-9B39-433F-943D-B5611BA2BF96}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{3169298D-5179-4EF5-8C03-817C10980D24}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{7D8AA00A-EAD5-4430-AB9A-389B6D3F2C2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{0DC2C26C-0C8E-4ECB-8388-64894BFF4BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{77738B15-61A4-4A2C-88CE-91D49B0E998E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{F7BA39B0-2DF7-4409-9BDF-DE10438E6178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{9576D753-1984-4B46-9F37-0140DBBC0952}C:\users\user\saved games\outlast\binaries\win64\olgame.exe] => (Block) C:\users\user\saved games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{9F11F30A-4C48-4913-953C-38F721189B24}C:\users\user\saved games\outlast\binaries\win64\olgame.exe] => (Block) C:\users\user\saved games\outlast\binaries\win64\olgame.exe
FirewallRules: [{011CE835-2E35-4529-8E29-5DD5578E0E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{4F70AE8A-5366-4EE9-A886-ADF1D05D714D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{A0C4EA69-056C-47BE-B5BF-3DA5983A4288}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{9F295A41-B29D-4017-9155-1259D7B9D7F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{7DDD1BC6-9075-45B5-91AC-4C27535D6A35}C:\users\user\saved games\magicite\magicite.exe] => (Allow) C:\users\user\saved games\magicite\magicite.exe
FirewallRules: [UDP Query User{B3EF2392-FE0A-44B3-8D11-E4F703C9A81F}C:\users\user\saved games\magicite\magicite.exe] => (Allow) C:\users\user\saved games\magicite\magicite.exe
FirewallRules: [TCP Query User{9140CF3D-A12B-4572-A9FC-266A2DA3E1EF}C:\users\user\saved games\dont.starve.together\bin\dontstarve_steam.exe] => (Allow) C:\users\user\saved games\dont.starve.together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{3B3B9C5B-95A5-4D34-80E5-930CFAFC4C9E}C:\users\user\saved games\dont.starve.together\bin\dontstarve_steam.exe] => (Allow) C:\users\user\saved games\dont.starve.together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{54D83EA7-EC0A-4ADB-8139-5166E8F50044}C:\users\user\saved games\dont.starve.together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\users\user\saved games\dont.starve.together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{37AFBA91-DB48-4D66-8DC8-D1BBBD060823}C:\users\user\saved games\dont.starve.together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\users\user\saved games\dont.starve.together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{1930CE55-7267-44CD-8024-D65D8A9F44B8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7D90B98B-9A4B-4ABD-A4D3-F68A1615C2A8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{DDDA3BCE-7AE0-46D4-AC0B-7BEB17C00BE6}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{67205911-9568-496A-B691-2B8B8F63B70B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{098D3301-FD49-48B0-8935-7772DBFAF09B}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{171EDBB7-40F3-47C5-B3BC-6445A55F09CB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1A953C83-3C1F-4FB1-B1F5-DD33BCF832C5}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{64E3ABEC-DC36-40C5-9C9A-9FBAE1B372A3}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A1202D2C-B52C-4B4B-9217-FA06296F4C73}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{0FE6CE6B-1E64-467F-9DA8-A0F6406F93D3}C:\users\user\saved games\russian fishing 4\rf4launcher.exe] => (Allow) C:\users\user\saved games\russian fishing 4\rf4launcher.exe
FirewallRules: [UDP Query User{2DAE4C5F-E296-4C89-B15B-54A866B23347}C:\users\user\saved games\russian fishing 4\rf4launcher.exe] => (Allow) C:\users\user\saved games\russian fishing 4\rf4launcher.exe
FirewallRules: [{188E6BAF-FBE3-405A-9ACC-07D4F1399977}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8FEB1D3B-C5F2-4E89-B483-82D80220A247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{91D35B74-FF4C-4127-BE89-D4DD7F3EBE5F}C:\users\user\saved games\lovers.in.a.dangerous.spacetime.v1.4.4\loversinadangerousspacetime.exe] => (Allow) C:\users\user\saved games\lovers.in.a.dangerous.spacetime.v1.4.4\loversinadangerousspacetime.exe
FirewallRules: [UDP Query User{C9844FAB-E0E0-4B5D-8579-68A37FDE2986}C:\users\user\saved games\lovers.in.a.dangerous.spacetime.v1.4.4\loversinadangerousspacetime.exe] => (Allow) C:\users\user\saved games\lovers.in.a.dangerous.spacetime.v1.4.4\loversinadangerousspacetime.exe
FirewallRules: [TCP Query User{B626ED55-9BD4-4D63-A99F-BCADB14EADD4}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [UDP Query User{9D8153AD-2099-471D-855B-AF96FF658C68}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [TCP Query User{027A812D-FEF5-4844-BB50-0070E4CAFE99}C:\users\user\saved games\the.long.dark.v1.21\tld.exe] => (Allow) C:\users\user\saved games\the.long.dark.v1.21\tld.exe
FirewallRules: [UDP Query User{ED88CE24-1295-403E-9F71-4E7FE55E361A}C:\users\user\saved games\the.long.dark.v1.21\tld.exe] => (Allow) C:\users\user\saved games\the.long.dark.v1.21\tld.exe
FirewallRules: [TCP Query User{EC32BE11-3465-4C7E-858B-0A1C0A6A906B}C:\users\user\saved games\the.long.dark.v1.21\tld.exe] => (Block) C:\users\user\saved games\the.long.dark.v1.21\tld.exe
FirewallRules: [UDP Query User{6CB6C995-E8FD-4371-AC45-F2934727182B}C:\users\user\saved games\the.long.dark.v1.21\tld.exe] => (Block) C:\users\user\saved games\the.long.dark.v1.21\tld.exe
FirewallRules: [{01BE0FDD-0877-4047-AB71-BD082C50E9CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{540041DE-D788-4025-B225-72523D4B1E15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{F35F7885-772A-4628-85F7-FB176198886E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Dedicated Server\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{DEB37533-E3A0-4E33-B6D4-B1CBA7841261}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Dedicated Server\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{A0371AF7-88CD-4579-A1A9-301A42F2D6A5}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.139\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{76FFCE1A-C08D-40CF-A3E6-4207CB6B123B}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.139\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.139\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CAE49AF9-AF36-4109-8202-4F3624B3087F}C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synbatch.exe] => (Allow) C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synbatch.exe
FirewallRules: [UDP Query User{EDA28D8F-ED7C-4EA6-8950-F09A3090517F}C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synbatch.exe] => (Allow) C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synbatch.exe
FirewallRules: [TCP Query User{AF2F409D-E9F0-4F72-B1A5-0E48336F9213}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{F09B6266-BF9D-4C60-A7FE-51C2CCFB3DA1}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{AEC888B0-DEB9-46B8-BB1C-11E0ADC6FD6A}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7B77F643-B595-422D-93A7-6EBAC2BF58D2}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{AFD9CB05-7604-4599-91B6-CCAA9C64ACA5}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [UDP Query User{4A1CFC57-F3C8-4EFA-87F0-77AFF354EB3E}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E9CCB08D-631C-4EA2-8208-95B673B34172}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [UDP Query User{181EA700-CB61-4330-B659-033B2CCCB637}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [TCP Query User{72CB4E50-9C36-4D9B-9459-E59CD0AF3C99}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D9991E89-5524-4046-9D42-FCF4C052BC05}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{0DC8B9E1-53B4-4A8C-827E-5BCF312BCBF9}C:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Allow) C:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [UDP Query User{F192228E-11A5-4DE4-A5E1-D5C526D1BD51}C:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Allow) C:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [TCP Query User{A983A4CB-9EA3-4890-A442-E5388BC78D9D}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{FB71CCA1-A413-4D41-BCBF-F538AAB68A21}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [{94097E4C-F9D5-4F21-B684-70E72F6FA456}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DFD7F35F-65AB-4CDE-BDDD-BEAC1CF40AC4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{16C8AD04-80CC-4202-87BC-F850974AD44C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{31320B6B-98D0-4083-AF7B-E76290F540E2}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{5F54143E-0334-4C0B-BA94-E48F74665999}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{CAAFFF68-8F6D-49E6-9247-2B48653CE0E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Death Toll\DeathToll.exe
FirewallRules: [{472BC2FE-C402-49AA-8AE3-FF42A09F16A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Death Toll\DeathToll.exe
FirewallRules: [{60BF9908-F7FC-4718-8589-C1E2923F04B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D6D87B17-70C0-4890-927F-C15957E9A493}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E39CB96B-1051-484F-9A9A-6F7383BE47E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D4F11C02-92AB-4C63-AC83-CF0ACC05FB31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{BFCAA653-7B33-421F-BA7F-6745169B4D68}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2263BDA6-0B43-402F-8D1E-57DECBCC819F}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [TCP Query User{507F0137-3F8C-4DA6-B266-E8644DE515E4}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2F04A59D-0393-479E-A554-7349DA193DB3}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [TCP Query User{7BD2217E-A494-4FDD-AA3E-AA30F90C3C86}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Block) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [UDP Query User{1F810AA7-7464-4D68-8E14-4DFE1382F52E}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Block) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [TCP Query User{149F15F0-644C-4718-A924-1625CAB411C3}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [UDP Query User{511A91C4-3337-46D6-8685-EEB584ED789E}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [{B10DD20F-B171-43D3-B415-DE34E86E0767}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{7F96863C-A24F-472C-9760-70354F3B66D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{88B602F1-E985-467E-B05B-153A48C96F35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BB78C25F-73C1-43EB-88C4-F3D1D766D3FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E8E4617B-A40E-4F1E-ABA9-5DACFF921EE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{36DA757D-8324-4AC5-8AEC-7C6D9EB652C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{FECFC0E0-9A32-4E98-A1F7-AC69133DD6DB}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe
FirewallRules: [UDP Query User{04A2A16A-C039-4FF1-9FC7-2C9235048000}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe
FirewallRules: [{18E9A22D-3E57-44CD-BC0C-F7D687181550}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{2B21E6B3-B3FB-4F5E-8585-B4DF176B0E57}] => (Allow) C:\Users\user\AppData\Local\nHEOUePUMoe.exe
FirewallRules: [{12F27367-5E8F-499C-81B9-AA31D1AA9BFC}] => (Allow) C:\WINDOWS\BEySE.exe
FirewallRules: [{F7DFA2E9-9258-4184-9AB2-681B605B3EE3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [TCP Query User{1DC2237E-A6FB-48E9-8FB5-3DB1DE366FC9}C:\users\user\saved games\conan.exiles.patch.02.02.2017\conansandbox\binaries\win64\conansandbox.exe] => (Allow) C:\users\user\saved games\conan.exiles.patch.02.02.2017\conansandbox\binaries\win64\conansandbox.exe
FirewallRules: [UDP Query User{48614D30-5EFB-4466-BC81-6A8AB1E1B257}C:\users\user\saved games\conan.exiles.patch.02.02.2017\conansandbox\binaries\win64\conansandbox.exe] => (Allow) C:\users\user\saved games\conan.exiles.patch.02.02.2017\conansandbox\binaries\win64\conansandbox.exe
FirewallRules: [TCP Query User{256E04B5-0CD5-4F54-A25A-059FC814E0F2}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe
FirewallRules: [UDP Query User{713BAB9D-997C-452E-93B8-CEE98D98E79B}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.190\deploy\leagueclient.exe
FirewallRules: [TCP Query User{DAE01A40-AA5B-40AE-BE0B-11CE7C297CBF}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.191\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.191\deploy\leagueclient.exe
FirewallRules: [UDP Query User{186AC935-F29A-4314-81B6-D4A53C7B897D}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.191\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.191\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B03F81CC-04A7-4B79-A8C8-EB2FF501E503}C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synplify.exe] => (Allow) C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synplify.exe
FirewallRules: [UDP Query User{11C3F2AA-734A-4DC1-89CD-C96168CBF78B}C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synplify.exe] => (Allow) C:\users\user\documents\diamond\3.10_x64\synpbase\bin64\mbin\synplify.exe
FirewallRules: [TCP Query User{2E263C2F-F41D-42AE-A502-D4DCC879F830}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.192\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.192\deploy\leagueclient.exe
FirewallRules: [UDP Query User{BDB4BE16-7EEE-4C2E-84F0-51467AA55B21}C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.192\deploy\leagueclient.exe] => (Allow) C:\riot games\pbe\rads\projects\league_client\releases\0.0.1.192\deploy\leagueclient.exe
FirewallRules: [{E59E185F-088D-4065-B9E7-0B35E53B7CF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{34DE0052-D1C9-43A5-945A-378D6F9BD950}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [UDP Query User{731D958D-5C75-4FB1-8439-8367994DC22A}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [TCP Query User{237C5389-EA27-4009-B02B-0F7581652ACB}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7171C618-16B7-4BBA-B513-0A0E635F2868}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [{133C7A43-2FB7-4C60-A823-0FE54C1D8872}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{9D187D7D-EFC8-482C-8402-942443021CA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [TCP Query User{75C185E8-A57B-462F-A7C3-A130CB2005A0}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [UDP Query User{9AC3F648-B008-45A2-B08A-E65A3F63B8D0}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [{F3F66EAA-DAA2-4DDD-B520-198D1E6CF0FD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{3F9CFFAC-D91B-4B20-BB49-D7CC39925CDB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{2587333A-B7B9-4244-B018-B6301A771686}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{CF06C899-0097-41EA-BCE5-1B8BC68411A4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{ABE941ED-9403-408F-B9EB-5C600CA8494C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{1C81F220-5706-48EB-9514-70CD413D1453}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{6CFE01F5-51B3-411C-B757-9B1F793EAFED}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{A88018A1-9AF5-446B-A060-3E7986957E33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{41051715-7872-4F4C-92BE-BF21C04F03D4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{67508ECC-3AB4-4F40-889D-53744584F07A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{E29CAC69-27FF-4357-866B-DF1F900AF990}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{F7CDD5F0-F6DD-46F6-8B06-6FD54311D050}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{6DCCC793-CA9B-4DC5-AF35-F160888CD5BD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{B62F2B7D-0077-46FB-BDF8-A6567C061D61}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0AAE8CC7-3FA7-482E-9047-478722CC4BA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{9355E117-D402-4036-AE27-8705A1A20259}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{BDADA724-485B-4CA9-9993-B64C35D86A9C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{E654FE5E-2D69-4BD6-B692-ECBB49E9EE17}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{93EED347-CC38-4994-88EE-AF259E6FC97E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{CD934C6D-43FD-4088-BF0B-E984E767467A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{5E20E0D8-F3D0-4B73-9021-CD8EB8FBBED7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7B7F7D34-4503-476B-9F2A-9996716EFB97}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{F36462B7-A38A-462E-B16B-2B4AA6B9AA18}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D8A1192A-6093-4789-AB1C-26D3550F05C8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{EC9431C0-773E-46D8-B15C-0DAA2250F0CD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{16F58C99-931E-479E-AC17-6D7C89C42187}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{AED28002-2AA1-4AA9-AD5B-E3B7A553882C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{A0B9D21C-E926-42A1-B45F-ACF51AEF54E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{14C41428-7A3A-4980-8347-03446861DBBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{A34CD085-A0C1-4AB9-9121-4E77677161F9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{230F691D-8C5C-4445-B012-06D65EF56DEF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{BA3C2608-60E3-412C-B65C-5B87226CC797}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{927BACA9-954C-47B0-B118-CB3986518FCB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{87A2F28B-AB42-45F6-8079-1389F7B2D9D2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{5AC98B3F-4BF4-454D-9CEE-B1011EC1BAA8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{BFA93FC1-AC07-47CA-A07E-17F057DB0DFE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{2D3C06D7-0199-49D5-9AA4-E41782862228}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0EE181A8-D57B-44F7-8A50-9C5BA2440003}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{3413DFA7-0B8C-467C-9312-4C5D9A724100}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{CD5E4270-866A-437B-A022-B5D27D7587C0}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{3D4553B4-B6C3-4773-9876-CCFAE7A22868}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{E27936F5-C505-4AE0-AC1A-4708A1AFE5BF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{A320AEFE-CE8E-4A36-9A82-E7F0A23C441E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{E3BA5F84-A198-48D1-85D7-134E34CCA9E3}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{C6A58583-CDA1-421F-8D28-4D39B1077515}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{54871F59-5295-4436-9A03-1EDEF8E01BA2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{FFAC4A2D-DAD6-42F9-80A4-F842144B402F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D8734EE5-FB9E-4B5E-B01B-3FB3D98CFD53}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{BB13EAB7-F58E-4615-9449-74EF05F75D36}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{CD8E9603-37AF-4F8B-8DE3-297F97877B93}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{534B796C-6033-42F3-8E01-F772A70D96D2}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{66E1CAA6-3CF7-4B68-A4E2-E3E9C68868EF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D40A675C-AB7D-48C0-9AA9-B93392E6DE88}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{BE9BA306-A811-419B-9735-209AC506A16D}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{5D437724-DB1E-464C-B4B0-02C4251AFA68}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{586BD8A5-ED23-461E-8445-DDCA8436E3BF}] => (Allow) C:\Users\user\AppData\Local\WinSxS\msiexec64.exe
FirewallRules: [{A4839E84-F2AB-4C3E-B579-29AB383710F4}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe
FirewallRules: [{DCD9C15B-BBCA-4778-9422-09150E644617}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{F4044D84-6BEF-407E-9F17-EC59CA81A53D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{A0DF9C5F-5536-4B4E-A2B4-0DACAE83369E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{027AF2E4-E83C-4B10-9EDB-342F6DC52254}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0F5DB7A4-C083-44EF-9DEE-30736A427483}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{761BDB5E-4C93-480C-B6DA-568844B16616}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{B9ECA560-CB6C-4593-B016-07BCA5F455AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{20FF6C2A-0ADC-4FCA-8785-B4AD1F2AB38A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{3395636D-47D9-4A57-9AF3-1D3D38C208C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Dedicated Server\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{0D8FCD04-4701-49F0-95BD-564FCE0ACDED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Dedicated Server\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{DA868D2F-89F4-4B1F-A5E2-EF7FCEC64B77}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe
FirewallRules: [UDP Query User{9448EA50-10B7-4304-BB73-2D7B97E6BC73}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.146\deploy\leagueclient.exe
FirewallRules: [{7018288E-0C05-43E0-B082-D131EFA72B2E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{6EC40C73-0B5D-4005-9F2B-571C31F219B4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{838E794B-AD9C-41FE-9964-3017CE22494D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{CB3E051F-D406-405B-A7DF-23F8E5CE9779}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{F11E0FE5-A19F-4B02-9F36-F65326B29EB7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [TCP Query User{F93FB2C7-7B02-45A3-A047-71F7570F4D4B}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B0699871-56FD-4F82-AB8B-2E7C1DB813B2}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [{95C1B2CF-28D7-4B43-A3BF-2596B08243CE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0CAAE09C-3723-48D2-A780-D4D6A36436EB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{E1CAEEA5-59F4-475C-A01A-9E5C339241F8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{6560E166-54A8-41AE-B435-7E8349BED3AE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{82C385E2-CC28-4053-995F-896C77E66720}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{65990CF8-9BB1-490A-A89D-961508FC3911}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{519C2742-B421-4148-BB9C-D37271AF6881}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{E844DA5E-78E5-4451-A0E0-FC4B3A5F27E8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{A1E524EC-6D54-4891-8DD0-2ACF352D861E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{8608E8B7-F152-463D-90B7-1E0B7A79849F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{633F2F99-8DE1-409D-BF65-996FC0651C1D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{4F6E1748-D7E7-4041-A0FC-D20C90FC5E7E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{C967F548-CC72-4D49-B296-09D36C1E99D6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{44C62A87-AB0C-4A3C-A1B6-5E91DA965F82}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{BAB58377-385E-42EA-8478-864B3446EADF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{4DC9FE57-2D7E-4C35-94E4-655EE72DCB6E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [TCP Query User{141104D2-17D2-4ED9-B799-845604B400CB}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [UDP Query User{684E2777-DFD6-4C80-897D-1187EC04BEF0}C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\users\user\saved games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [{82774D89-AE24-415C-9821-E3A676F0D6A8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{31C7B2CD-EBEF-45CD-A2BA-1504D00A3AEE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{AF46EC1C-F32A-4324-9BAE-D48570DDC1B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{D9606B3B-A6E0-40C0-B833-8FE82A5B12E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{3C5D1554-6662-47FF-A879-14D089CFA863}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{C76D41ED-CB42-4BDC-8FA0-92C653BF4BE9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{7D816B9E-3F9F-464A-9D7F-BB0D1B1324DD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{8601D7C7-A86E-4BC1-909A-FA2072FE3FB2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{76736857-B92C-449A-BF09-11E9B2C07FFF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{8D84DA24-4C40-473E-9AE9-845166486459}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0767DD36-80F2-474C-9E92-679CF0C825D1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{8C477308-5A3C-4E79-8269-12347D6DF017}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0F44EA4A-1958-4492-83B2-8B109336F7A3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{6CF27467-35C3-4707-9540-F3742BD4B6F8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{49E66DD9-401E-4C66-A03D-8836C1378D15}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{4210599F-9243-469F-B390-7DDE4F7C26CF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{B79E0A03-79A0-4250-94BA-D6FA0F3F4AAE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{0661FE7E-5350-4C10-A760-AC466ECA254B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{37174BC2-AC66-4F5F-A3B7-4E75FEC38DED}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D88B2020-C534-40A3-807F-A81370CF8E6E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

==================== Restore Points =========================

18-05-2018 22:26:44 Scheduled Checkpoint
26-05-2018 01:34:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2018 08:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 66.0.3359.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 47ec

Start Time: 01d3f83e7db4c84d

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 7cde13a9-7ca8-4abf-b292-24f2573610ac

Faulting package full name: 

Faulting package-relative application ID:

Error: (05/30/2018 02:52:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: osfinstaller.exe, version: 16.0.9330.2087, time stamp: 0x5b049e6c
Faulting module name: Mso20Win32Client.dll, version: 16.0.9330.2073, time stamp: 0x5aff7102
Exception code: 0x01483052
Fault offset: 0x0016a930
Faulting process id: 0x1d2c
Faulting application start time: 0x01d3f80c6571a71d
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe
Faulting module path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\Mso20Win32Client.dll
Report Id: 2835fb82-8dc3-47c8-874d-211e83a33811
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/30/2018 02:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000044e
Faulting process id: 0x3240
Faulting application start time: 0x01d3f80c6c75a9da
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 6ee451fd-f21c-449f-a61a-bf193dae33a1
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (05/30/2018 08:46:51 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/29/2018 04:55:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 66.0.3359.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4020

Start Time: 01d3f753cc271b07

Termination Time: 16

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: e3bae473-35da-4240-935b-2979900f22f4

Faulting package full name: 

Faulting package-relative application ID:

Error: (05/29/2018 06:34:18 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/28/2018 04:22:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/28/2018 12:21:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/30/2018 08:49:48 PM) (Source: DCOM) (EventID: 10016) (User: N4TU5-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user N4TU5-PC\N4TU5 SID (S-1-5-21-2483324785-3864439090-233930438-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 08:09:07 PM) (Source: DCOM) (EventID: 10016) (User: N4TU5-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user N4TU5-PC\N4TU5 SID (S-1-5-21-2483324785-3864439090-233930438-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 08:06:22 PM) (Source: DCOM) (EventID: 10016) (User: N4TU5-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user N4TU5-PC\N4TU5 SID (S-1-5-21-2483324785-3864439090-233930438-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 07:55:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 04:49:14 PM) (Source: DCOM) (EventID: 10016) (User: N4TU5-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user N4TU5-PC\N4TU5 SID (S-1-5-21-2483324785-3864439090-233930438-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 04:36:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 04:09:02 PM) (Source: DCOM) (EventID: 10016) (User: N4TU5-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user N4TU5-PC\N4TU5 SID (S-1-5-21-2483324785-3864439090-233930438-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/30/2018 03:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-05-30 16:50:21.747
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0FD6D0A3-7077-493A-BE5A-B548D1792E57}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-30 16:41:47.384
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9C120422-9278-4EE0-921E-3CDF78906876}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-22 17:27:13.556
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {489415E8-6820-4A51-A1F9-D58E181D14B9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-22 17:04:49.469
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2D3D285B-CFBB-49CB-BF20-5F1F2DC4BCEE}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-17 22:30:34.590
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C1BC644E-443A-4A16-AEF1-273ACAB60B5D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-28 15:52:07.212
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.146.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-05-23 17:00:53.469
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1804.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-05-21 18:34:51.321
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1739.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-05-20 11:35:21.829
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1569.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-20 11:35:21.829
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.1569.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2018-05-30 08:44:58.799
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 16:50:16.408
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 09:01:52.522
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 08:43:45.127
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 08:09:22.990
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 06:09:04.631
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 06:08:56.996
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-29 06:08:46.970
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8104.27 MB
Available physical RAM: 3285.76 MB
Total Virtual: 16296.27 MB
Available Virtual: 9575.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.08 GB) (Free:264.89 GB) NTFS

\\?\Volume{7461471b-cdce-4aee-857e-27088b581f59}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{50be0381-bc93-49e7-9831-755de8b18b6c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{937defe1-ae16-48d8-9549-7dfc37fe66d9}\ () (Fixed) (Total:0.88 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E939645)

Partition: GPT.

==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 30 May 2018 - 03:22 PM

Just when I posted this post those two processes popped up so I made two screenshots (one of task manager where those processes can be seen and another one is properties of the process). However I don't know how to upload them here so if someone can help me with that I will post them here :)



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 30 May 2018 - 09:38 PM

Greetings N4TU5 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 31 May 2018 - 12:23 AM

Hello Gary. Everything sounds clear I think. My name is Mantas. Nice to meet you! I will be patient and check this thread as often as I can, because I want this problem to be fixed as soon as possible. Thank you for replying to me so quickly.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 31 May 2018 - 03:21 PM

Thank you for your patience Mantas.

Please consider and do this. You can copy/paste the information without using the code box.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF}
OPR Extension: (ScriptGate) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-05-13]
2018-05-13 22:49 - 2018-05-13 22:49 - 000003874 _____ C:\WINDOWS\System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB}
2018-05-13 22:49 - 2018-05-13 22:49 - 000003756 _____ C:\WINDOWS\System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3}
2018-05-13 22:49 - 2018-05-13 22:49 - 000003510 _____ C:\WINDOWS\System32\Tasks\{496FA8EB-3AFD-1146-3D9B-AE21D0EE40EE}
2018-05-13 22:49 - 2018-05-13 22:49 - 000000002 _____ C:\Users\user\AppData\Local\WMI.ini
2018-05-29 14:36 - 2018-05-29 14:36 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-8942524497659683173.dll
CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24}
Task: {28DFA6B5-82F1-46FA-82DA-7C8398075C33} - System32\Tasks\{1DECE34F-6317-4E82-A4E0-93779533185F} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {8EDABF02-18D0-40FE-8AF7-26F9DD6C61F4} - System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3} => C:\Users\user\AppData\Local\nHEOUePUMoe.exe [2017-09-29] (Microsoft Corporation)
C:\Users\user\AppData\Local\nHEOUePUMoe.exe
Task: {B154A0B4-E9F1-4353-9E65-126956A6C1CF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask
Task: {C1E2E392-3E59-4AE1-81E8-70D8BF00E78F} - System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://sidited.net/cl/?guid=e27t5j1jukdil6xacigefm25s2ca4gx8&prid=1&pid=4_1324_0
Task: {280B9E73-A8B6-47F2-8144-4D11B3655D23} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Policies\Explorer: [] 
GroupPolicy: Restriction
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer/browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 31 May 2018 - 05:29 PM

So I did that fix thing you said (copied the code then pressed fix without pasting anything anywhere). It restarted my PC created that .txt file. Now I used my laptop for about an hour or so and no advertisements popped up. No empty processes in task manager. The disk usage goes up to 100% but as I said this is probably not connected and caused not by a virus. I will go to bed for today and I will post here again in tomorrow's evening (so I know if anything is still happening after a day of use). I will paste the Fixlog.txt file below:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by N4TU5 (31-05-2018 23:50:12) Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: N4TU5 (Available Profiles: N4TU5)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF}
OPR Extension: (ScriptGate) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-05-13]
2018-05-13 22:49 - 2018-05-13 22:49 - 000003874 _____ C:\WINDOWS\System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB}
2018-05-13 22:49 - 2018-05-13 22:49 - 000003756 _____ C:\WINDOWS\System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3}
2018-05-13 22:49 - 2018-05-13 22:49 - 000003510 _____ C:\WINDOWS\System32\Tasks\{496FA8EB-3AFD-1146-3D9B-AE21D0EE40EE}
2018-05-13 22:49 - 2018-05-13 22:49 - 000000002 _____ C:\Users\user\AppData\Local\WMI.ini
2018-05-29 14:36 - 2018-05-29 14:36 - 000019968 ____N (Red Hat®, Inc.) C:\Users\user\AppData\Local\Temp\jansi-64-8942524497659683173.dll
CustomCLSID: HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24}
Task: {28DFA6B5-82F1-46FA-82DA-7C8398075C33} - System32\Tasks\{1DECE34F-6317-4E82-A4E0-93779533185F} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {8EDABF02-18D0-40FE-8AF7-26F9DD6C61F4} - System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3} => C:\Users\user\AppData\Local\nHEOUePUMoe.exe [2017-09-29] (Microsoft Corporation)
C:\Users\user\AppData\Local\nHEOUePUMoe.exe
Task: {B154A0B4-E9F1-4353-9E65-126956A6C1CF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask
Task: {C1E2E392-3E59-4AE1-81E8-70D8BF00E78F} - System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://sidited.net/cl/?guid=e27t5j1jukdil6xacigefm25s2ca4gx8&prid=1&pid=4_1324_0
Task: {280B9E73-A8B6-47F2-8144-4D11B3655D23} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico
HKU\S-1-5-21-2483324785-3864439090-233930438-1001\...\Policies\Explorer: [] 
GroupPolicy: Restriction
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} => not found
C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie => moved successfully
C:\WINDOWS\System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB} => moved successfully
C:\WINDOWS\System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3} => moved successfully
C:\WINDOWS\System32\Tasks\{496FA8EB-3AFD-1146-3D9B-AE21D0EE40EE} => moved successfully
C:\Users\user\AppData\Local\WMI.ini => moved successfully
C:\Users\user\AppData\Local\Temp\jansi-64-8942524497659683173.dll => moved successfully
"HKU\S-1-5-21-2483324785-3864439090-233930438-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28DFA6B5-82F1-46FA-82DA-7C8398075C33}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28DFA6B5-82F1-46FA-82DA-7C8398075C33}" => removed successfully
C:\WINDOWS\System32\Tasks\{1DECE34F-6317-4E82-A4E0-93779533185F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1DECE34F-6317-4E82-A4E0-93779533185F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EDABF02-18D0-40FE-8AF7-26F9DD6C61F4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EDABF02-18D0-40FE-8AF7-26F9DD6C61F4}" => removed successfully
"C:\WINDOWS\System32\Tasks\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE2E6FE6-DFAF-AE9E-A05B-73188321BDA3}" => removed successfully
C:\Users\user\AppData\Local\nHEOUePUMoe.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B154A0B4-E9F1-4353-9E65-126956A6C1CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B154A0B4-E9F1-4353-9E65-126956A6C1CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1E2E392-3E59-4AE1-81E8-70D8BF00E78F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1E2E392-3E59-4AE1-81E8-70D8BF00E78F}" => removed successfully
"C:\WINDOWS\System32\Tasks\{770A83BE-0636-8975-40DD-CE19B54DC7AB}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{770A83BE-0636-8975-40DD-CE19B54DC7AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{280B9E73-A8B6-47F2-8144-4D11B3655D23}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{280B9E73-A8B6-47F2-8144-4D11B3655D23}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => removed successfully
C:\Program Files\KMSpico => moved successfully
"HKU\S-1-5-21-2483324785-3864439090-233930438-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{15DFA806-674C-4443-B43B-16CBEE3FB255} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2483324785-3864439090-233930438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2483324785-3864439090-233930438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-05-2018 23:58:34)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
 
==== End of Fixlog 23:58:43 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 31 May 2018 - 07:01 PM

Great.

While you continue to monitor your computer please do this.

===================================================

Updating Java Using Internet Explorer

-------------------

Note: Use Internet Explorer for these steps.
  • Click Start, type Internet Explorer, then hit Enter
  • Copy and paste http://java.com/en/download/testjava.jsp in the address bar then hit Enter
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Click Run
  • Click Install
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Java update?
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 01 June 2018 - 02:13 AM

Thank you for your help! However I have a little problem.

So it has been like 2 hours in a next day and no advertisements popped up, no empty processes appeared. I updated my java, it asked me to delete 2 old versions of it so I did that. Now I launched ESET scanner you said me to launch. And I think I checked what you told me to (I hope I didn't make any silly mistakes by accident) and now it's on step 2 out of 4, at 42% with a red text above saying "Can not get update. Is proxy configured?" The only button I see is "Back" so I'm not sure what to do next now. I didn't download security analysis by Rocket Grannie yet, as it was a third thing to do and I got stuck on a second one.

So all in all my computer seems fine at the moment (I won't say it's clean and everything is good until you say that it is, but it's way better than it was!) and the only problem I have is running this ESET online scanner. I could try to go back or google what the problem might be, but I don't want to mess around to make everything worse. I'm waiting for your answer! (I will probably turn off scanner as I might need to turn off my pc after couple of hours. I hope it won't be a problem)



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 01 June 2018 - 08:52 AM

Greetings,

There are a variety of potential causes for this, most of which are not malware related.

===================================================

Disable Windows Defender.

===================================================

Modifying Proxy Settings Windows 10

--------------------
  • Hit the Windows Key + R at the same time
  • Type inetcpl.cpl and hit Enter
  • Click the Connections tab
  • Click the LAN settings button
  • If necessary, check Automatically detect settings and uncheck Use a proxy server for your LAN
  • Click Apply, then OK
  • Close Internet Explorer
  • Attempt to run ESET again
===================================================

If ESET still gives a Proxy error attempt to boot into Safe Mode with Networking and run ESET.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Edited by Oh My!, 01 June 2018 - 08:52 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 01 June 2018 - 11:23 PM

It took about 9 hours for ESET to scan my PC. Good thing I did that when I was sleeping!

Scan was successful, there were a lot of infected files, I deleted them all. After the scan was done, I turned back on my windows defender (as it's only antivirus I have). Then I launched security analysis. And here are results:

 

ESET.txt:

 

C:\Program Files (x86)\2K Games\BioShock Infinite\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\BANDAI NAMCO Games\DARK SOULS - Prepare To Die Edition\DATA\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Nordic Games\Painkiller - Hell and Damnation\Binaries\Win32\steamclient.dll a variant of Win32/HackTool.Crack.EA potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Nordic Games\Painkiller - Hell and Damnation\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\CZ\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\DE\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\EN\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\ES\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\FR\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\IT\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\PL\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\RU\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
C:\Users\user\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application cleaned by deleting
C:\Users\user\Downloads\updt\codex-outlast.2.update.v20170505\Update\Setup.exe a variant of Win32/HackTool.Crack.ES potentially unsafe application cleaned by deleting
C:\Users\user\Downloads\updt\codex-outlast.2.update.v20170510\Update\Setup.exe a variant of Win32/HackTool.Crack.ES potentially unsafe application cleaned by deleting
C:\Users\user\Saved Games\Magicite.rar a variant of Win32/HackTool.Crack.CM potentially unsafe application deleted
C:\Users\user\Saved Games\Ibb and Obb\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Users\user\Saved Games\Magicite\steam_api.dll a variant of Win32/HackTool.Crack.CM potentially unsafe application cleaned by deleting
C:\Users\user\Saved Games\Synthesia\Synthesia.9.x-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application cleaned by deleting
 
 
SALog.txt:
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 13th May, 2018
Running from:C:\Users\user\Desktop (07:18:16 - 06/02/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Education X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.170) ==> is out of Date
Adobe Acrobat Reader DC (18.011.20040)
CCleaner (5.38) ==> is out of Date
Google Chrome (66.0.3359.181)
Java (8.0.1310.11) ==> is out of Date
Opera (48.0.2685.39)
 
***----------------Analysis Complete-------------------------***


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 02 June 2018 - 07:56 AM

Greetings.

ESET is thorough and worth the wait.

We need to update some programs. If you want to continue to use CCleaner download the latest version.

Pease do this.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck optional offers
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click on the FlashPlayer icon on your Desktop and allow the installer to run
  • When completed click Finish
===================================================

Updating Java Using Internet Explorer

-------------------

Note: Use Internet Explorer for these steps.
  • Click Start, type Internet Explorer, then hit Enter
  • Copy and paste http://java.com/en/download/testjava.jsp in the address bar then hit Enter
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Click Run
  • Click Install
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs update/uninstall?
  • How is your computer running? Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 02 June 2018 - 12:40 PM

Heyy!

(I don't really care which program was worth or thorough. I just know that writing here was worth my time because you helped me a loooot. If there is a way to give you some reputation or press a + on your good work give me a link please. It looks like you are wasting your time and helping me even more then I asked!)

I have updated my CCleaner.

I downloaded and ran adobe flash. It took like 20 seconds but it said that flash was installed so I guess I updated it too

As I said previously I updated my java and deleted 2 old versions (it showed 2 of those and said to delete them). However I went to that website anyway and checked it, but it said that my Java is up to date so I guess I don't need to update anything here anymore?

 

My computer is running fine. I mean that virus problem is gone. The 100% disk problem still occurs I think, but I don't think it's caused by a virus so it's probably wrong place to search for help with this problem.

I think that's all I had to do..

Oh and by the way, my windows defender detected something yesterday. It said it was trojan, so I pressed to delete it. I don't know if I did the right thing, but seeing "trojan" name and a "delete" button near it.. I just did that automatically without thinking



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 02 June 2018 - 04:46 PM

Greetings.

Thank you for your kind words, your appreciation is more than enough for me. None of this has been a waste of time, at least on my end.

It is not uncommon to see disk usage to spike for a short period of time. I would like to leave the topic open until tomorrow so that you can provide an update on your computer performance. Doesn't cost anything to monitor things a little longer, especially in light of the Windows Defender detection.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 04 June 2018 - 07:45 PM

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 N4TU5

N4TU5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 05 June 2018 - 07:17 AM

I used my PC for couple of days after the last message I think (sorry for not replying yesterday. I had exam today, studying programming. Wasn't an easy one heh). It doesn't seem to have any problems now. I mean everything is working more smoothly, no random ads popping out from nowhere, no no-name processes slowing down my PC. Windows defender is chilling too (0 threats found). So I guess everything is done now? (It's up to you to say when our job is done and everything is good tho) Thank you very very much for your help!

I really appreciate what you have done for me, Gary (it feels strange to call you by your name to be honest). I will save this web and recommend it to anyone I can (that needs help of course) and will probably come back later with a new problem (after a month or maybe a year or two). However I even if I mention you and how good you was, I probably won't tell anyone to search for you and spam you. Because I'm aware that you don't get payed for what you do here, so some extra annoying spammers wouldn't do any good for you! I hope to meet you again tho!

 

P,.S. I hope you will say that our work is done. It would be awkward if after this long good bye you would say that there is something left to do and its not time yet :D






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users