Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome infected by SafeSearch


  • Please log in to reply
9 replies to this topic

#1 jksagita

jksagita

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 August 2018 - 01:27 AM

Hi my chrome has been infected and i need help removing it - symptoms are the SafeSearch settings on Chrome cannot be switch off (Meaning when i uncheck the box and save settings and came back to it having it still checked), Thanks in advance cause i know how great you experts are :)

I've done my FRST and Malwarebyte scans here are the txts.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/08/2018
Scan Time: 13:08
Log File: f954fc6a-9d2c-11e8-9a74-d8cb8a719ca6.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6299
Licence: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: RAVEN\jodie
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 282908
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 1 min, 29 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 11
PUP.Optional.MindSpark.Generic, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1688], [443123],1.0.6299
PUP.Optional.MindSpark.Generic, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_myradioaccess.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1688], [443123],1.0.6299
PUP.Optional.MindSpark.Generic, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.myway.com_0.localstorage-journal, Quarantined, [1688], [443124],1.0.6299
PUP.Optional.MindSpark.Generic, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_myradioaccess.dl.myway.com_0.localstorage-journal, Quarantined, [1688], [443124],1.0.6299
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [320], [455289],1.0.6299
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [320], [455289],1.0.6299
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [320], [455289],1.0.6299
Adware.G00, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [233], [542600],1.0.6299
Adware.G00, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [233], [542600],1.0.6299
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [320], [455289],1.0.6299
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\JODIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [320], [455289],1.0.6299
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by jodie (administrator) on RAVEN (11-08-2018 13:04:30)
Running from C:\Users\jodie\Downloads
Loaded Profiles: jodie (Available Profiles: jodie)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(Hi-Rez Studios) E:\Hi-Rez\HiPatchService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\jodie\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659736 2014-11-26] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-11-26] (MSI)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-07-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\...\Run: [GalaxyClient] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-04-08]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-07-03]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 61.247.0.133 202.73.99.4 118.136.64.5
Tcpip\..\Interfaces\{0EDB63B0-F279-49DD-BE40-046CC9B75D68}: [DhcpNameServer] 61.247.0.133 202.73.99.4 118.136.64.5
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: yten6ic4.default
FF ProfilePath: C:\Users\jodie\AppData\Roaming\Mozilla\Firefox\Profiles\yten6ic4.default [2018-08-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-10] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default [2018-08-11]
CHR Extension: (Slides) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-08]
CHR Extension: (James White) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2018-08-10]
CHR Extension: (YouTube) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Sheets) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (AdBlock) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-26]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\jodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-10]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [880040 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [225384 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [225384 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-07-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [431144 2018-08-03] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2980848 2018-06-28] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [338888 2018-07-23] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [103728 2018-08-09] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-07-23] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-05-28] (EasyAntiCheat Ltd)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-08-10] (EnigmaSoft Limited)
S3 GalaxyClientService; E:\GOG Galaxy\GalaxyClientService.exe [682056 2018-06-01] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8174664 2018-06-01] (GOG.com)
U2 HiPatchService; E:\Hi-Rez\HiPatchService.exe [9728 2018-06-12] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162768 2014-11-26] (MSI)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5691912 2016-05-18] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2201920 2018-05-27] (Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3072328 2018-05-27] (Electronic Arts)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-10] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-20] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-08-10] (EnigmaSoft Limited)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-08-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-08-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-08-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-18] (Qualcomm Atheros, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-08-11] (EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R3 Ke2200; C:\WINDOWS\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-08-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
S3 MSICDSetup; E:\BACKUP SYSTEM - JGN DIHAPUS\driver MSI Z97 Gaming 5\CDriver64.sys [28984 2009-08-13] (Your Corporation)
S3 NTIOLib_1_0_C; E:\BACKUP SYSTEM - JGN DIHAPUS\driver MSI Z97 Gaming 5\NTIOLib_X64.sys [11888 2011-06-29] (MSI) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 NVVADARM; C:\WINDOWS\system32\drivers\nvvadarm.sys [56168 2018-06-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-21] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51224 2016-02-04] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47640 2016-02-04] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 SaiK0CFA; C:\WINDOWS\system32\DRIVERS\SaiK0CFA.sys [174600 2010-07-21] (Saitek)
S3 SaiU0CFA; C:\WINDOWS\System32\drivers\SaiU0CFA.sys [41352 2010-07-21] (Saitek)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 npkcusb; \??\E:\Games\RO\Ragnarok Online Indonesia\npkcusb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-11 13:04 - 2018-08-11 13:04 - 000024411 _____ C:\Users\jodie\Downloads\FRST.txt
2018-08-11 12:55 - 2018-08-11 13:04 - 000000000 ____D C:\FRST
2018-08-11 12:54 - 2018-08-11 12:58 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-08-11 12:54 - 2018-08-11 12:55 - 007395536 _____ (Malwarebytes) C:\Users\jodie\Downloads\AdwCleaner.exe
2018-08-11 12:54 - 2018-08-11 12:54 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-11 12:54 - 2018-08-11 12:54 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-08-11 12:54 - 2018-08-11 12:54 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-08-11 12:54 - 2018-08-11 12:54 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-08-11 12:54 - 2018-08-11 12:54 - 000001891 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-11 12:54 - 2018-08-11 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-11 12:54 - 2018-08-11 12:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-11 12:54 - 2018-08-11 12:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-11 12:54 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-08-11 12:53 - 2018-08-11 12:54 - 078989872 _____ (Malwarebytes ) C:\Users\jodie\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
2018-08-11 12:53 - 2018-08-11 12:54 - 002412544 _____ (Farbar) C:\Users\jodie\Downloads\FRST64.exe
2018-08-10 12:01 - 2018-08-10 12:01 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000987848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000690016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000484552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-08-10 12:01 - 2018-08-10 12:01 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-08-10 10:55 - 2018-08-10 10:55 - 000000000 ____D C:\Users\jodie\AppData\Local\AviraSpeedup
2018-08-10 10:53 - 2018-08-10 10:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2018-08-10 04:48 - 2018-08-10 04:34 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-08-10 04:48 - 2018-08-10 04:34 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-08-10 04:48 - 2018-08-10 04:34 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2018-08-10 04:37 - 2018-08-10 04:37 - 000000000 ____D C:\Users\jodie\AppData\Local\Avira
2018-08-10 02:43 - 2018-08-10 02:43 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-08-10 02:34 - 2018-08-11 13:03 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-08-10 02:34 - 2018-08-10 02:34 - 000003662 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2018-08-10 02:33 - 2018-08-10 02:33 - 000001216 _____ C:\Users\Public\Desktop\Avira.lnk
2018-08-10 02:32 - 2018-08-10 02:32 - 005422600 _____ (Avira Operations GmbH & Co. KG) C:\Users\jodie\Downloads\avira_en_aps10_3086356103_lzjaffavzrs20e7jfmoz_wd.exe
2018-08-10 02:11 - 2018-08-11 11:53 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-08-10 02:11 - 2018-08-10 02:11 - 000001034 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-08-10 02:11 - 2018-08-10 02:11 - 000000000 ____D C:\sh5ldr
2018-08-10 02:11 - 2018-08-10 02:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-08-10 02:11 - 2018-08-10 02:11 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-08-10 02:10 - 2018-08-10 02:10 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-08-10 02:09 - 2018-08-10 02:09 - 005930728 _____ (EnigmaSoft Limited) C:\Users\jodie\Downloads\SpyHunter-Installer.exe
2018-08-10 01:40 - 2018-08-10 01:40 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 01:39 - 2018-08-10 01:39 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-10 01:39 - 2018-08-10 01:39 - 000003204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-10 01:38 - 2018-08-10 01:38 - 001130840 _____ (Google Inc.) C:\Users\jodie\Downloads\ChromeSetup.exe
2018-08-03 00:46 - 2018-08-03 01:39 - 000000000 ____D C:\Users\jodie\Downloads\Avengers Infinity War (2018) [WEBRip] [1080p] [YTS.AM]
2018-08-03 00:42 - 2018-08-03 00:42 - 000098762 _____ C:\Users\jodie\Downloads\Avengers_ Infinity War (2018) [1080p] [YTS.GG].torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-11 12:31 - 2015-11-25 01:19 - 000000000 __RDO C:\Users\jodie\OneDrive
2018-08-11 12:25 - 2016-04-08 10:41 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-11 11:59 - 2014-11-22 08:00 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-11 11:59 - 2013-08-22 20:36 - 000000000 ____D C:\WINDOWS\Inf
2018-08-11 11:54 - 2016-04-08 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-08-11 11:54 - 2016-04-08 10:48 - 000000000 ____D C:\ProgramData\Avira
2018-08-11 11:54 - 2016-04-08 10:48 - 000000000 ____D C:\Program Files (x86)\Avira
2018-08-11 11:54 - 2016-04-08 10:45 - 000003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2018-08-11 11:53 - 2013-08-22 21:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-11 03:41 - 2013-08-22 20:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-08-11 03:35 - 2016-04-08 23:34 - 000000000 ____D C:\Users\jodie\AppData\Local\Battle.net
2018-08-10 14:24 - 2016-04-07 21:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1350832179-4232057107-3812676931-1001
2018-08-10 12:02 - 2013-08-22 22:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-10 10:52 - 2013-08-22 21:44 - 000495768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-10 02:33 - 2016-04-08 10:19 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-10 01:40 - 2016-04-08 10:35 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-10 01:39 - 2016-04-07 21:22 - 000000000 __SHD C:\Users\jodie\AppData\Local\EmieUserList
2018-08-10 01:39 - 2016-04-07 21:22 - 000000000 __SHD C:\Users\jodie\AppData\Local\EmieSiteList
2018-08-10 01:25 - 2016-06-09 20:22 - 000000000 ____D C:\Users\jodie\AppData\Roaming\uTorrent
2018-08-10 01:25 - 2016-04-09 00:37 - 000000000 ____D C:\Users\jodie\AppData\Local\CrashDumps
2018-08-07 18:22 - 2016-05-14 10:29 - 000000000 ____D C:\Users\jodie\AppData\Local\Spotify
2018-08-07 17:30 - 2016-05-14 10:28 - 000000000 ____D C:\Users\jodie\AppData\Roaming\Spotify
2018-08-05 17:14 - 2013-08-22 22:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-03 18:40 - 2016-06-09 21:55 - 000000000 ____D C:\Users\jodie\AppData\Roaming\vlc
2018-08-03 00:44 - 2018-05-15 19:19 - 000000000 ____D C:\Users\jodie\AppData\LocalLow\uTorrent
2018-07-31 18:41 - 2013-08-22 22:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-26 22:08 - 2016-04-09 00:28 - 000000000 ____D C:\Users\jodie\AppData\Local\Ubisoft Game Launcher
2018-07-13 12:29 - 2015-11-16 01:21 - 000000000 ____D C:\Users\jodie\AppData\Local\Packages
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-02 22:06
 
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by jodie (11-08-2018 13:04:50)
Running from C:\Users\jodie\Downloads
Windows 8.1 Pro (Update) (X64) (2016-04-07 14:17:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1350832179-4232057107-3812676931-500 - Administrator - Disabled)
Guest (S-1-5-21-1350832179-4232057107-3812676931-501 - Limited - Disabled)
jodie (S-1-5-21-1350832179-4232057107-3812676931-1001 - Administrator - Enabled) => C:\Users\jodie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\...\uTorrent) (Version: 3.5.3.44416 - BitTorrent Inc.)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avira (HKLM-x32\...\{3EF074FE-D7BB-4237-A254-5E9D36C8DACA}) (Version: 1.2.118.18106 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{890aaa3c-e398-43d7-bbe0-f109738dd071}) (Version: 1.2.118.18106 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.15.1.19812 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{FC75CF0A-54F5-4599-8169-AB1E443A0951}) (Version: 2.0.6.1378 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.12.0.7662 - Avira Operations GmbH & Co. KG)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.12.3 public beta - GOG.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\...\HearthstoneDeckTracker) (Version: 1.5.5 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
iTunes (HKLM\...\{C9355099-E68D-4802-ABB2-03757A1AB4BD}) (Version: 12.7.2.58 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Logitech Gaming Software 8.92 (HKLM\...\Logitech Gaming Software) (Version: 8.92.67 - Logitech Inc.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.027 - MSI)
NovaRO (HKLM-x32\...\NovaRO_is1) (Version: 1.1.0 - NovaRO)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 398.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.19.61985 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pokémon Trading Card Game Online (HKLM-x32\...\{0FCE7A2B-DF03-4861-BEBF-42FDAFCEA224}) (Version: 2.35.0 - The Pokémon Company International)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.9.0 - Popcorn Time) <==== ATTENTION
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{1A77E21C-C032-43D5-BF9D-E5D8DDC9E4D6}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{6349EBF1-DC7A-4AF9-8BCC-7DF0C3EF1B34}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.49.1068 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{FC2CA280-7EF3-41C9-AD8D-E4CEC4726E5D}) (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SealOnline Blades of Destiny (HKLM-x32\...\SealOnlinePlusUSA) (Version:  - )
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 5.7.4730.0 - Hi-Rez Studios)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.07 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\...\Spotify) (Version: 1.0.86.337.ga8d5cef9 - Spotify AB)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.0.30.51 - EnigmaSoft Limited)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.0.15.42049 - Electronic Arts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
SteelSeries Engine 3.12.6 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.6 - SteelSeries ApS)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04A745F2-3953-4C3D-BF6D-AE31B286893C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-10] (Google Inc.)
Task: {19B57511-1D66-4F07-8080-9CC841FA611F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {33B6644A-818C-46DE-86DA-D0746BB9B5BC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {3566BBB4-D224-4AE3-A594-3F3B221A56FD} - System32\Tasks\{9A1D0F08-BFF9-4885-94BB-BAE690FCD3BB} => C:\WINDOWS\system32\pcalua.exe -a E:\Games\LRO\uninstall.exe -c "/U:E:\Games\LRO\Uninstall\uninstall.xml"
Task: {41123D7D-EDEB-4CA5-B5BB-2C1B7FD0142B} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-07-04] (Avira Operations GmbH & Co. KG)
Task: {49C33020-4A5D-471C-938C-4E9A7B06F39B} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-08-10] (Avira Operations GmbH & Co. KG )
Task: {540C57AA-35C8-4786-9AA2-B81F2D0EF7BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {660DEB2C-ED9B-4CC2-903B-7DEC66BEAE1F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {84DBB69C-CA28-47D2-9275-9B29D880475A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {A7CAECF8-6601-4BA4-8C8C-ABE62CD52FA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {A7EB58CE-6AD8-459C-805E-2C13358C898D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {AE4155EE-B203-49E9-848E-27149E147345} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {BA38A93D-D8C1-4AFA-9805-F3F1C2A3B366} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {BB02C59E-18E9-40FE-B22B-A8193720E7D0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {C0BE1750-60BC-4610-8616-EC063B8299AB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {C15BF9D8-3625-493D-B01D-0DD08F9339AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D07112C0-A7B3-4330-8C1A-124BECA365B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D5CD7D26-4050-45C5-BAB1-0E3B0390F22F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {E6008ABE-2742-4700-A126-FE46D6320CB1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {E86D569A-856A-424A-BACF-98FB9ADAE4DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-10] (Google Inc.)
Task: {F217CF1F-0307-4A9D-A842-826EDD5D87BF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {F74D1855-E502-42A3-B615-9308C86DF3EF} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-04-08] ()
Task: {F938A88B-1189-4596-B892-4CE115DA9691} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\jodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimitRO\LimitROReplayer.lnk -> E:\Games\LRO\LimitROReplayer.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000209712 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 000057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000037168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2017-02-16 10:00 - 2018-03-14 20:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-11-05 07:11 - 2015-11-05 07:12 - 000188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-10-01 20:34 - 2012-10-01 20:34 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-07 07:07 - 2015-03-07 07:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-04-06 06:05 - 2017-04-06 06:05 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 07:07 - 2015-03-07 07:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-04-06 06:05 - 2017-04-06 06:05 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-12-05 15:43 - 2017-12-05 15:43 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-05 15:43 - 2017-12-05 15:43 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2014-12-10 22:44 - 2014-12-10 22:44 - 000330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-06-15 09:39 - 2016-06-15 09:39 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2018-08-10 01:40 - 2018-08-08 07:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 01:40 - 2018-08-08 07:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-08-11 12:54 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-11 12:54 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-16 10:00 - 2018-03-14 20:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-21 17:43 - 2016-07-21 17:43 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-05-26 17:37 - 2015-10-07 02:26 - 050656768 _____ () C:\Users\jodie\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-05-26 17:37 - 2015-10-07 02:26 - 001874944 _____ () C:\Users\jodie\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-05-26 17:37 - 2015-10-07 02:26 - 000075264 _____ () C:\Users\jodie\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2017-02-16 10:00 - 2018-03-14 20:04 - 081563584 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-03-21 11:58 - 2018-03-14 20:04 - 002478016 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-03-21 11:58 - 2018-03-14 20:04 - 000125376 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2014-11-10 12:12 - 2014-11-10 12:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\jodie\AppData\Local\Temp:$DATA [34]
AlternateDataStreams: C:\Users\jodie\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 20:25 - 2013-08-22 20:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jodie\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 61.247.0.133 - 202.73.99.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-1350832179-4232057107-3812676931-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{076AA3B3-2B40-4A65-9ED0-8621F419A4F7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AE2A7DF2-D724-4C97-9851-00D29E37B64A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7C7E34D-9706-480C-B4B4-7187A2661278}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FE5877D3-4D93-46A2-BBB3-B2D91B0A4B04}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C17D6F18-987F-41C2-A5C5-67771444EC2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AE9C4C96-64F2-4D95-ADF1-ADD2EDC227E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EEF1E5C1-DBE0-4742-AB44-AA2D3E65EC63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{0DDC4FC4-68F3-4201-A05F-51201351446D}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C508B1B2-40B5-4720-803E-10C197B762DE}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{E76BBBE7-3DCE-4F7A-996A-72EEEE7DD168}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{6F4CF359-CFFC-4C73-A35B-DC7B08ED7C8F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [TCP Query User{E791F4BE-006E-44ED-9845-C78A494A20BA}E:\battle.net\diablo iii\diablo iii.exe] => (Allow) E:\battle.net\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{36EFCE2F-C669-4E34-AB9B-467151E06B3A}E:\battle.net\diablo iii\diablo iii.exe] => (Allow) E:\battle.net\diablo iii\diablo iii.exe
FirewallRules: [{F86F3C45-3E49-4E62-8E8E-CDDBE2C37F46}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4B328CD6-3AE0-4C03-9E4D-FB1D55C95E31}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2BBDD9B5-C004-4A8F-B800-91EFBB488B09}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F9D18B77-B7B7-4240-B2A0-70CBAE3E5296}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{AD901D12-F53B-4C6A-BE46-6EA44A587D7F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{8762BCFD-16D0-4C1B-B7C5-9320D65AE4EE}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{98C26C60-064B-4428-8E05-944FDB4A30F2}E:\battle.net\overwatch\overwatch.exe] => (Allow) E:\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{BD8197D6-6215-4352-BFCE-10DFE1477D45}E:\battle.net\overwatch\overwatch.exe] => (Allow) E:\battle.net\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7A48F955-AEC5-43ED-8C67-9F43BF32ABE9}C:\users\jodie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jodie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BF064349-4E3A-406D-BC18-643E84A96B41}C:\users\jodie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jodie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{25AF35C2-2314-4A34-819E-77F206B8395E}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF637418-EC54-4071-B144-51808754DDB2}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10BB6011-72E2-4A26-9AEB-6E0DB80849BD}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAC0EF0D-FE96-4894-BDFF-A9357411E2E1}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{68EDDCD1-59FF-49AD-9246-4A8F95417AA6}G:\osu!\texture\bro\porntime\porntime.exe] => (Allow) G:\osu!\texture\bro\porntime\porntime.exe
FirewallRules: [UDP Query User{33E54B4B-FE63-4CC9-B938-BA16804D7302}G:\osu!\texture\bro\porntime\porntime.exe] => (Allow) G:\osu!\texture\bro\porntime\porntime.exe
FirewallRules: [{B2792F95-DD6E-4765-A815-223D5E4CB811}] => (Allow) C:\Users\jodie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{75DF0DC3-1664-47D9-BC88-1C68205EFA5B}] => (Allow) C:\Users\jodie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D725533F-554B-444A-801B-048525C3F26D}] => (Allow) C:\Users\jodie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24203C7E-82D1-4B2B-9A0E-E4CF7886CCE8}] => (Allow) C:\Users\jodie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3FFDB98-16E5-4DB3-ADB1-91D129198B61}] => (Allow) C:\Users\jodie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{523362CA-61CE-42FE-B755-1103652F5B1B}] => (Allow) C:\Users\jodie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C386F0A-DE36-4E7F-B968-7793F77F8B2F}C:\users\jodie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jodie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{60299CB3-240F-4CD1-844C-255CC0E0E91D}C:\users\jodie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jodie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2AF391FC-00B6-427C-AFBD-4B6F6B6E4051}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{16601FB9-AAC6-4628-BA7B-475B8443D02A}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{203F2B98-325D-441B-9B2E-8D16DD63AD1C}E:\battle.net\diablo iii\x64\diablo iii64.exe] => (Allow) E:\battle.net\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{BF4027B0-7634-48BB-95F5-495813102F03}E:\battle.net\diablo iii\x64\diablo iii64.exe] => (Allow) E:\battle.net\diablo iii\x64\diablo iii64.exe
FirewallRules: [{5FE1FF97-E551-492F-A66B-787BBF2AD163}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{087753B4-7E71-41D2-B610-2B250BC9ACBD}E:\hi-rez\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hi-rez\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{547DF4E2-26BC-46DD-A5D4-BC47A09E7601}E:\hi-rez\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hi-rez\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{ECF560F8-169C-4F31-80F6-8C096CC81C76}] => (Allow) E:\Steam\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{AD26E6D3-F1C8-48DB-A5C6-046EFB62DD20}] => (Allow) E:\Steam\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [TCP Query User{7C540EF8-F1E0-41B3-A744-7F35B3FFACF6}E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{AA005632-6FEC-4B77-A024-EAD4A1F349D9}E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{F198657D-E46A-4DE2-8F04-0F48A5E2AB82}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{13AE2C9D-2CC4-4873-836E-FCF29CC17592}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1555D997-8DC5-4423-A85E-B4F6ABD67A6A}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{608C742A-C7A2-44B3-9BDC-F195D06B5254}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{675E265B-0E0B-4E76-94C0-8A26A3FFCFB4}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{FC1E7E43-10AD-4A8A-9BC5-96041FD8F8E9}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{48A39AF2-1D8B-41FA-8EB6-CEF863A23256}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3AC8BA2D-6C24-4FD5-9571-6DFDF603E1BD}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4515FC0A-78D2-48A4-9E20-F49576DF3A24}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{524794FA-E00F-4AB1-AF3C-4D42C38F39EE}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{38B3A639-E64C-4F13-849D-A01F792088F9}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F95A1D0A-48A1-4D9A-8BDE-EC18FB80983A}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{00A008DF-3778-4754-BD4C-85CB9F82322B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{0E1425BF-E6DB-4CA8-A386-A47948D3B66B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{81D7B4C2-4893-4BF0-A202-6567D52EED7C}] => (Allow) E:\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{43854B71-39BF-48B0-A7AF-D51F09E4679F}] => (Allow) E:\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [TCP Query User{E36671ED-E840-44A7-9C49-A55CB4BC1E4F}E:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{462C0AD7-7D21-4973-BAA7-00484072CF13}E:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{55F6BE56-8B96-46E7-BDDF-6D4DF8E90788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8D9A2D1C-3020-464A-B7AB-D8972C3012E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{74AA1DCB-19D6-41BA-8A0D-A4C24764309F}E:\battle.net\destiny 2\destiny2.exe] => (Allow) E:\battle.net\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{BFF85051-E544-49D7-A8E4-993D9321B781}E:\battle.net\destiny 2\destiny2.exe] => (Allow) E:\battle.net\destiny 2\destiny2.exe
FirewallRules: [{628986CC-E0AA-4C9E-9806-F73E615733D4}] => (Allow) E:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{B684CBA5-B478-449C-8153-5DCFE09AE9CD}] => (Allow) E:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{06422625-4E9D-45B6-825D-AE2B19B46681}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D8D07A64-DD29-47FB-A588-1211A4B76748}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{CE9397CE-2C66-489A-9632-FAC82847FCF5}] => (Allow) E:\Steam\steamapps\common\Dead Cells\deadcells_gl.exe
FirewallRules: [{757BE762-9CAB-4CDE-939D-67EF5935D873}] => (Allow) E:\Steam\steamapps\common\Dead Cells\deadcells_gl.exe
FirewallRules: [TCP Query User{F5134FB8-54B3-4966-9D01-66742912EB90}E:\battle.net\destiny 2\destiny2.exe] => (Allow) E:\battle.net\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{1061DA61-C3AF-4F44-8D5E-DA7FE7E609A7}E:\battle.net\destiny 2\destiny2.exe] => (Allow) E:\battle.net\destiny 2\destiny2.exe
FirewallRules: [TCP Query User{23D3EF37-F931-4131-917A-277773D16342}E:\battle.net\starcraft ii\support64\sc2editor_x64.exe] => (Block) E:\battle.net\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{D0240B7A-D164-4A62-9855-0BDE8404FF15}E:\battle.net\starcraft ii\support64\sc2editor_x64.exe] => (Block) E:\battle.net\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{FD581143-6C9A-4F11-890A-DA2D298568BF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{392EA027-A44A-4A3F-A599-1C771D7C3F33}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DFE4422-D60D-412B-B42D-7546701273ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15073943-BD1F-4B6D-A794-B9E818EB6AD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E65DE988-4E07-4C2F-8014-D16A3AFF760B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34944564-3D92-4EEF-839C-BE40C57382BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DB83FBA6-6DC7-4864-B10A-7A732271B6A5}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{50093586-2B80-4FCA-A6AE-FDE07468030B}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{0EBE944F-AAB9-468B-9B36-09660B6BCC5A}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{F79668FE-29D7-4180-A3A2-EEAA5D61C786}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{3D22E415-9249-4D07-A38E-D3A6B4162B64}] => (Allow) E:\Steam\steamapps\common\Football Manager 2018\fm.exe
FirewallRules: [{A20169EE-5714-4CD0-BF03-F4DD13EB2B0E}] => (Allow) E:\Steam\steamapps\common\Football Manager 2018\fm.exe
FirewallRules: [TCP Query User{92EBD978-AE8C-45D5-84A2-A76FFB13974E}E:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{30D971B9-8126-4716-AF6E-FBDF16E9144E}E:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{119402A8-CF7B-4E62-848C-44058C848B93}E:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{797B54C1-9DCC-439E-A31E-9EADAC004F78}E:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{7BE008C8-20C1-44F9-86C4-E15B12D170B5}E:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{E8A16A63-3505-4F66-A0B7-302312FFE525}E:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{0F7D860A-B2D7-464C-9869-085F9EECBE5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4CBCAA8E-B664-4CCF-A1B5-2B3A85C13947}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{969F6EFB-F5C6-4E83-A7D7-BEBC1B8537B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{54AD0D68-F39A-433F-BD7D-F6ACFD1EAF24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{26C8E39E-9272-4259-B87B-96B305025BA8}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{32958034-D103-4A35-BCC4-4D14D90CFE39}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{AC3F4148-B331-47DF-BAA2-BCED1E7F247F}] => (Allow) E:\Uplay\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{2F459FBC-B89C-4DE5-96FC-5CBA92BA692B}] => (Allow) E:\Uplay\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{327E10B3-72A5-47EA-AF04-E185AA8005EA}] => (Allow) E:\Uplay\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{A71D68AD-C25B-4FC0-84AE-07448BE07A69}] => (Allow) E:\Uplay\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [TCP Query User{648D3B96-7E1C-42C4-B7C3-D3BE23BC4EB8}E:\uplay\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) E:\uplay\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{2D702945-98ED-4D25-A954-6EB9D0CC0F7A}E:\uplay\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) E:\uplay\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [{1B38D6CA-92D6-48A5-9005-9428A11111EE}] => (Allow) E:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{1E75F300-FA70-4C05-9CDA-064482A51DF8}] => (Allow) E:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{DDC7FDF1-AB78-4552-A464-9B94F97693A8}E:\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) E:\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{09AA05D5-63DA-428F-927F-B3ACFAC2861F}E:\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) E:\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [{FEB4C102-8256-4555-8166-07966CBC323A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{70171DA0-3707-4F1F-8380-05DB058E3E35}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1CDBA3AD-9BD2-478A-9655-9237C022FC65}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{14B17FF7-7776-4AC1-BB7D-2E2780FB6D3A}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{57DCBB64-AC4D-44F7-8982-EFCBE1F99C24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{33CAAD43-9195-4440-8638-77CBA07A5759}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{91C23FB5-1CFF-4DF3-8C7B-765B5BF22C92}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{50053976-BDC7-4314-A208-6AD656106607}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2018 11:53:50 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (08/10/2018 10:53:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (08/10/2018 03:40:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/10/2018 01:25:34 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex (4536) WebCacheLocal: An attempt to open the file "C:\Users\jodie\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/07/2018 07:41:43 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/06/2018 07:19:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/04/2018 12:20:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/03/2018 12:42:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.36.207, time stamp: 0x5b292867
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process ID: 0x774
Faulting application start time: 0x01d42a0f4ab53008
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: C:\Program Files (x86)\Avira\Antivirus\MSVCR120.dll
Report ID: 6d17a2d3-967b-11e8-850d-d8cb8a719ca6
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/10/2018 07:01:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/10/2018 11:58:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
Access is denied.
 
Error: (08/10/2018 04:48:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (08/10/2018 04:48:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (08/10/2018 04:45:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (08/10/2018 04:45:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (08/10/2018 04:41:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (08/10/2018 04:41:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
 
Windows Defender:
===================================
Date: 2016-04-07 21:17:51.032
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Virus:DOS/Hurri
ID: 2147492021
Severity: Severe
Category: Virus
Path: boot:_\Device\Harddisk1\DR1\(MBR)\(MBR)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0
Engine Version: AM: 1.1.9700.0, NIS: 2.1.9700.0
 
Date: 2016-04-07 21:17:44.469
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Virus:DOS/Hurri
ID: 2147492021
Severity: Severe
Category: Virus
Path: boot:_\Device\Harddisk1\DR1;boot:_\Device\Harddisk1\DR1\(MBR)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\RelPost.exe
Signature Version: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0
Engine Version: AM: 1.1.9700.0, NIS: 2.1.9700.0
 
Date: 2016-04-07 21:17:27.780
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Virus:DOS/Hurri
ID: 2147492021
Severity: Severe
Category: Virus
Path: boot:_\Device\Harddisk1\DR1;boot:_\Device\Harddisk1\DR1\(MBR)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\System32\oobe\msoobe.exe
Signature Version: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0
Engine Version: AM: 1.1.9700.0, NIS: 2.1.9700.0
 
Date: 2016-04-07 21:17:16.014
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Virus:DOS/Hurri
ID: 2147492021
Severity: Severe
Category: Virus
Path: boot:_\Device\Harddisk1\DR1;boot:_\Device\Harddisk1\DR1\(MBR)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\$WINDOWS.~BT\Sources\ResetEngInterfaces.exe
Signature Version: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0
Engine Version: AM: 1.1.9700.0, NIS: 2.1.9700.0
 
Date: 2016-04-07 21:17:15.623
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Virus:DOS/Hurri
ID: 2147492021
Severity: Severe
Category: Virus
Path: boot:_\Device\Harddisk1\DR1\(MBR)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0
Engine Version: AM: 1.1.9700.0, NIS: 2.1.9700.0
 
Date: 2017-03-21 16:08:23.606
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
 
Date: 2016-04-08 10:48:28.997
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2016-04-08 10:32:30.465
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
Date: 2016-04-08 10:24:18.576
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
Date: 2016-04-08 10:21:50.716
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 29%
Total physical RAM: 16335.64 MB
Available physical RAM: 11526.28 MB
Total Virtual: 16615.64 MB
Available Virtual: 10611.63 MB
 
==================== Drives ================================
 
Drive c: (SSD-Win8) (Fixed) (Total:121.73 GB) (Free:11.91 GB) NTFS
Drive d: (SSD-Games) (Fixed) (Total:87.52 GB) (Free:87.43 GB) NTFS
Drive e: (S1TB-DATA) (Fixed) (Total:931.51 GB) (Free:284.03 GB) NTFS
Drive f: (WD640-BACKUP) (Fixed) (Total:596.17 GB) (Free:596 GB) NTFS
 
\\?\Volume{617dadd7-8bc5-11e5-824e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 0DDC2A79)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=121.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=87.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 010E0E70)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: FA545148)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 11 August 2018 - 08:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Task: {F74D1855-E502-42A3-B615-9308C86DF3EF} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-04-08] ()
AlternateDataStreams: C:\Users\jodie\AppData\Local\Temp:$DATA [34]
AlternateDataStreams: C:\Users\jodie\AppData\Local\Temp:$DATA? [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
C:\WINDOWS\AutoKMS

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The problem you have described could be caused by a Syncing issue?

Are you Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Restart the computer normally and wait until all is well to re-sync your devices.
<<<>>>

Please post the logs and let me know if the problem persists.

Edited by nasdaq, 11 August 2018 - 01:15 PM.


#3 jksagita

jksagita
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 August 2018 - 09:11 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by jodie (11-08-2018 20:49:22) Run:1
Running from C:\Users\jodie\Downloads
Loaded Profiles: jodie (Available Profiles: jodie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
Task: {F74D1855-E502-42A3-B615-9308C86DF3EF} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-04-08] ()
AlternateDataStreams: C:\Users\jodie\AppData\Local\Temp:$DATA [34]
AlternateDataStreams: C:\Users\jodie\AppData\Local\Temp:$DATA? [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [476]
C:\WINDOWS\AutoKMS
 
Reboot:
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F74D1855-E502-42A3-B615-9308C86DF3EF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F74D1855-E502-42A3-B615-9308C86DF3EF}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
C:\Users\jodie\AppData\Local\Temp => ":$DATA" ADS removed successfully
C:\Users\jodie\AppData\Local\Temp => ":$DATA?" ADS could not remove.
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\WINDOWS\AutoKMS => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 20:49:27 ====
 
 
So i did try the reseting the sync re scan using malware and re boot. The re scan came out clean Malwarebytes didn't detect anything and then i still re boot just in case. I open chrome after re booting did all the signing in and re syncing process. To finally tried turning off the safesearch but it still seems to be infected(?) i cant switch it off even after saving the settings to off it forces chrome to switch it on
 
Then again i still have this threats from the first scan of Malwarebytes on quarantine does that effect things? should i permanently remove them from the quarantine? 

Edited by jksagita, 11 August 2018 - 09:18 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 11 August 2018 - 01:21 PM

Hi,

Your copy of Chrome has been compromised

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
<<<>>>

#5 jksagita

jksagita
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 August 2018 - 03:31 PM

So im going to try to make it as brief as possible.

 

First and foremost I did all the steps 1 to 6 and STILL i can't change my settings.

 

Now after browsing through local forums and news - Not sure if there's enough concrete/reliable evidence - there are cases like this and news saying that LOCALLY(For future references) Indonesia's ISP are now force to have SafeSearch On all the time.

 

Me trying to connect the dots here, I personally doesn't believe the news the reasoning is that Malwarebytes found a malware in my Chrome in the first place and on top of that there has been many cases like these internationally (https://productforums.google.com/forum/#!topic/websearch/QKVKcDhCdWA/discussion).

 

I don't know how it works but i think that the ISP couldn't(?) have plant a Virus/Malware to everyone using their service for legal purposes right?

 

But with that said even after re installment of Chrome my Malwarebyte scans clean, Your opinion?


Edited by jksagita, 11 August 2018 - 03:37 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 12 August 2018 - 06:55 AM

Hi,

Read these articles.

https://productforums.google.com/forum/#!msg/websearch/AOUY-witfqo/jKHcwxEQAQAJ

https://productforums.google.com/forum/#!topic/websearch/v35zClLmWGw/discussion

===

Check with your Internet Service Provider.
What are they saying?

===

Let see what we can find in the registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
SafeSearch
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

#7 jksagita

jksagita
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 12 August 2018 - 12:42 PM

So i check with my ISP and asking them whether or not there's been recent changes implemented, according to them they haven't change anything and that they already have a "Healthy Internet" system implemented long time ago.

 

I'm well aware of their healthy internet system and it never forces me to have SafeSearch on. Those articles are quite recent as well, i'm starting to believe that it might be the governments doing. Here are the scan result for "SafeSearch"

 

Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by jodie (13-08-2018 00:40:57)
Running from C:\Users\jodie\Downloads
Boot Mode: Normal
 
================== Search Registry: "SafeSearch" ===========
 
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"="Filter adult content out of search results"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"="explicit"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"="Filter adult content out of search results"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"="child children;content contents;family families;moderate;off;safe safer;safesearch;safety;strict"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"="explicit"
 
====== End of Search ======


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 13 August 2018 - 10:17 AM

Hi,

This will remove the references to SafeSearch

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\79642d40]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Description}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/HighKeywords}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"=-
[HKEY_USERS\S-1-5-21-1350832179-4232057107-3812676931-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d005f1a5e8c78a\f013bd07]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/LowKeywords}"=-


Restart the computer when completed.

Let me know if the problem persists.

You can delete the fixme.reg file when done.

#9 jksagita

jksagita
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 13 August 2018 - 12:07 PM

Update: Incognito Chrome SafeSearch can now be switch on and off, but normal Chrome SafeSearch still cant be switched



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 13 August 2018 - 01:02 PM

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users