Malware ads , cant delete

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Malware ads , cant delete

Postby Dfernt » Mon Jun 05, 2017 5:35 am

Idk whats wrong, but if i delete them. They will comeback again. This effect my starting and my search engine then i cant change it.
Image

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by intel (05-06-2017 12:30:10)
Running from C:\Users\intel\Downloads\Programs
Windows 10 Pro Version 1607 (X64) (2017-02-15 22:41:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2771708593-4264864108-2896380240-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2771708593-4264864108-2896380240-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2771708593-4264864108-2896380240-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2771708593-4264864108-2896380240-501 - Limited - Enabled)
intel (S-1-5-21-2771708593-4264864108-2896380240-1001 - Administrator - Enabled) => C:\Users\intel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1886, 14.02.2017 - AIMP DevTeam)
Ansel (Version: 381.89 - NVIDIA Corporation) Hidden
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z MSI 1.77 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.77 - CPUID, Inc.)
Discord (HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Dragon Eye(x64) (HKLM-x32\...\Installshield_{B746827A-3219-4EF8-8053-CEA5AEC12D33}) (Version: 0.0.2.3 - MICRO-STAR INT'L,.LTD.)
Dragon Eye(x64) (Version: 0.0.2.3 - MSI) Hidden
Fallout 4 1.1.3.1 (HKLM-x32\...\Fallout 4_is1) (Version: 1.1.3.1 - )
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version: - Free Pascal Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Inno3D TunelT OC Utility version V1.0.0.014 (HKLM-x32\...\Inno3D TunelT OC Utility_is1) (Version: V1.0.0.014 - )
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Network Connections 21.1.29.0 (HKLM\...\PROSetDX) (Version: 21.1.29.0 - Intel)
Intel® Software Guard Extensions Platform Software (HKLM\...\{2DF17C75-9627-4213-8612-17955E92F782}) (Version: 1.6.101.32869 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mirror's Edge™ Catalyst (HKLM-x32\...\{12228a0d-f6ad-4691-82af-d2c643424468}) (Version: 1.0.3.47248 - Electronic Arts)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.07 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.1.0.09 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI)
MSI Smart Tool (HKLM-x32\...\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1) (Version: 1.0.0.03 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.09 - MSI)
MSI X Boost (HKLM-x32\...\{515143BB-7A11-4D85-B941-D520AAAA099C}_is1) (Version: 1.0.0.12 - MSI)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.21.0) (Version: 4.0.21.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.21.0 - Locktime Software) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{31d41048-dd29-41d9-b41c-361548a1ed08}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7977 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Spotify) (Version: 1.0.55.487.g256699aa - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.10.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.10.1 - SteelSeries ApS)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version: - Kristjan Skutta)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0825E1FF-D8C9-4217-B850-93F7A02E3413} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {1CA08D7B-8E8F-4BCB-BAF5-8A2FD58FD6F8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {1DEE5F53-B2C9-46BB-A40C-DD7A0232CAFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {2EFD5C19-C563-4A94-9BD1-CD1449BD3C0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {343F57D0-DCB2-4DC4-85C6-D9FC1BB6F419} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-04] (AVAST Software)
Task: {3932BBFD-47D2-41A7-9531-90BC83DFF610} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {40AEBD69-C25D-4746-B9FF-43D8E6028FAB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation)
Task: {622A8248-23CE-424B-8331-DE7614484A7B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation)
Task: {64238561-A23D-4552-B035-0CECD4AFA7F1} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {655E5D9B-CC19-42B7-921B-8A3ADFBFAA65} - System32\Tasks\SafeZone scheduled Autoupdate 1496456185 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {73916938-CDC4-46B0-AD5F-565358F5C443} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {73B2A1A4-1135-409A-BCCC-3FBA1F2A33AA} - \KMSAutoNet -> No File <==== ATTENTION
Task: {7D87D6A3-962E-4F83-B0AF-76B4C17AFDB6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation)
Task: {8AAE98A9-2202-4AC3-8F5F-4E9488C54169} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation)
Task: {8DACE0E5-9BEB-4EA8-8AF3-2E2C7FF94AB7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {901A267B-6ADA-4600-A8B2-778E303514F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {91BD5E82-64A3-49E8-B180-71628CB5F837} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {924468C5-E58B-4DDD-9EA4-7E5DB96803F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {98C4B85A-26B3-4C5A-B292-21FE801148FD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)
Task: {9CFC6F27-17A2-43B1-8558-1D8AC0CEDFB8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {9D6C10D6-0B95-4B88-9D1A-B5B4AB9CE7D6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {A17F2C94-F43A-40C4-9FBC-1B6FF8F05FAE} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {A2B4E3BF-9DB9-476F-AE61-D47D961D7CD7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {AD2A7DA4-D735-452E-93EE-CFC2A46F73F6} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {B6C3D454-29CB-49E4-800D-3415667A16C8} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2016-11-09] (Micro-Star INT'L CO., LTD.)
Task: {B9C73993-6451-448D-BEFF-D02471278AFF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {BC96B0F0-23EB-40C5-881D-DDDCF6DEF258} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {BEA11731-28D0-4BBB-99F2-0A5466AACF5D} - System32\Tasks\update-S-1-5-21-2771708593-4264864108-2896380240-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {C46B2E9C-E611-4D6D-A6A7-0D572B0A4F64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E4157932-5EF3-481E-88E4-C1B7AF20501E} - \Clequcertain -> No File <==== ATTENTION
Task: {E5F496B3-8E4F-480A-A901-1076DE706217} - System32\Tasks\{E0AA477F-D2A3-456B-884E-08A4EE50B94E} => pcalua.exe -a C:\Fraps\uninstall.exe
Task: {F2BF4DE3-45A5-4974-AC2F-6EB1AEC3DA1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2771708593-4264864108-2896380240-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-15 14:14 - 2017-05-04 03:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-19 20:26 - 2017-02-19 20:26 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-02-16 19:49 - 2017-05-26 21:37 - 00337408 _____ () D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2017-06-03 14:11 - 2017-05-26 23:04 - 01245184 _____ () D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
2017-02-15 14:09 - 2016-11-09 20:07 - 00018360 _____ () C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
2017-02-15 14:09 - 2016-11-09 18:26 - 00025016 _____ () C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
2017-02-16 05:43 - 2017-02-16 05:43 - 00959168 _____ () C:\Users\intel\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2017-02-15 14:08 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-18 18:57 - 2017-01-18 18:57 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-15 21:27 - 2017-02-15 21:48 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-15 21:27 - 2017-02-15 21:48 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-15 21:27 - 2017-02-15 21:48 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-15 21:27 - 2017-02-15 21:48 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-05-27 22:59 - 2017-05-27 23:01 - 04110280 _____ () C:\Users\intel\Downloads\Programs\AdwCleaner.exe
2017-06-02 15:17 - 2017-05-09 16:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-06-02 15:17 - 2017-05-09 16:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-02-19 17:26 - 2017-03-14 20:55 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-04-01 18:27 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-02-15 14:14 - 2017-05-04 03:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-15 14:08 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-04 03:10 - 2017-06-04 03:10 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-16 16:15 - 2017-05-17 08:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-02-16 16:15 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-02-16 16:15 - 2017-06-02 02:50 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2017-02-16 16:15 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-02-16 16:15 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-02-16 16:15 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-02-16 16:15 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-02-16 16:15 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-02-16 16:15 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-02-16 16:15 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-02-16 16:15 - 2017-06-02 02:50 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-02-16 16:15 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-02-15 14:14 - 2017-05-04 03:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-16 16:31 - 2017-05-09 02:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-02-16 16:15 - 2017-06-02 02:50 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-09-14 20:25 - 2016-09-14 20:25 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-02-16 16:15 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-06-05 00:50 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\intel\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-06-05 00:50 - 2017-06-05 00:50 - 01082880 _____ () \\?\C:\Users\intel\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-06-05 00:50 - 2017-06-05 00:50 - 03750400 _____ () \\?\C:\Users\intel\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-06-05 00:50 - 2017-06-05 00:50 - 00914432 _____ () \\?\C:\Users\intel\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-06-05 00:50 - 2017-06-05 00:50 - 01127424 _____ () \\?\C:\Users\intel\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-06-05 00:50 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\intel\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-06-05 00:50 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\intel\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-06-05 11:50 - 2017-06-05 11:50 - 00148992 _____ () \\?\C:\Users\intel\AppData\Local\Temp\D965.tmp.node
2017-06-05 00:50 - 2017-06-05 00:55 - 02658296 _____ () \\?\C:\Users\intel\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-06-05 00:57 - 2017-06-05 00:57 - 02665976 _____ () \\?\C:\Users\intel\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\intel\Downloads\rkill.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 18:47 - 2017-06-02 23:10 - 00009211 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 ads1.msn.com
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.rad.msn.com
0.0.0.0 live.rads.msn.com
0.0.0.0 rad.msn.com
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 http://www.googleadservices.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 spclient.wg.spotify.com
0.0.0.0 audio2.spotify.com
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 http://www.googleadservices.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 spclient.wg.spotify.com
0.0.0.0 audio2.spotify.com
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 http://www.googleadservices.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 spclient.wg.spotify.com
0.0.0.0 audio2.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\intel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c7c5fad5-e9d7-4b33-9ace-36491325a9a2}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1E2B286D-C839-4038-9736-36F8F6AB7936}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9C14028B-B349-44D0-B900-39616D70F982}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{09CE45FA-657D-497B-9CC9-6A8AD74B947E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A11F3143-E017-4022-ABA4-F3C485378D8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B3D143BA-41CC-4E19-AFAF-0590B96173E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{74E96238-4CBE-4D19-A244-D75F9B755D01}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E16CEE93-82B4-433D-9700-A78DF4DBDD44}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A38F973-0151-4320-AB0A-B9BB58FBD602}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A0266968-FE59-4430-AAC5-D82BB36BA177}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D040AAF5-E1E5-4B63-A80A-BFFB46405EDC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1183323C-BE22-4F80-A241-B60D0FC60591}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4E39D86-47D4-4504-87F6-C6950C21CA8E}] => (Allow) LPort=3935
FirewallRules: [{E30858CD-F7D6-45B8-A12D-B116A12F937A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{97B60E18-E0C1-470B-9ABD-608571030FAF}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ED80A42D-FB35-4197-929E-26FA5F725B11}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{B73CB8D9-6FD2-4E1E-A366-CC77FD098C1B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{41FFCF98-0DAF-4AC2-82D3-E47925376FF4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC864342-96A7-4AE4-8855-B76331E57774}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0791ADE3-2105-4D6A-A86E-00183CC353CE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A933A81C-2630-4545-A05E-572205744431}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{27CC8C64-51A0-4F35-A3D1-AB884A3ED085}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F5C9B3D7-2B63-497B-8F45-F99C05DB07B1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DAAF47E0-5682-4590-9ED8-17898F647F0E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A590F2D0-9950-400A-B4AD-7B796F1D6340}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1B0AB3B6-196D-46A6-9A93-BF4E1E39E4EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{37D3A0F1-8C87-46E2-A9D4-72E040DB9B9D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D943EABB-4A80-4072-A9A6-87B44D53D9EA}] => (Allow) D:\Games\Origin\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{40E1A99B-8495-49B4-A927-A7688A4124B7}] => (Allow) D:\Games\Origin\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{6CF0E17B-EE15-46C0-B6E4-646A8B3A84D9}] => (Allow) D:\Games\Origin\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{2B8943BA-D241-4577-B3FF-712B4BE86636}] => (Allow) D:\Games\Origin\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{BBF8F0DB-EBC0-427B-A260-2B10957F7B8C}D:\games\origin\battlefield 4\bf4.exe] => (Allow) D:\games\origin\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{B4C85C24-B2E3-45EE-961A-5841A884E6B8}D:\games\origin\battlefield 4\bf4.exe] => (Allow) D:\games\origin\battlefield 4\bf4.exe
FirewallRules: [{4763B286-0802-472D-87EA-BE46432AC6F9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D99EF220-9B44-4AF5-AD7F-61519310778B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE78BC1E-03DA-4081-B7D7-DA8964E247EE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D4BF9EE0-766B-4F95-BBE6-F783C7623B30}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99FBF6FD-FC88-41A4-BC15-72AA6BF752E7}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6E9655F-65F9-40B5-B206-FD533EAE67F2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C7A6E8A-DE28-401B-95DC-2984950B858C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69F01397-F74B-481B-AE3A-54F5454B1B34}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{A07A30F1-F3F7-45F8-9F95-6DF9C67D84B5}C:\users\intel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\intel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ACFC7733-E2D6-4B36-8E84-DD17E9AC696A}C:\users\intel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\intel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{639E6C14-0968-4F03-A0AB-A10C614B54AB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A69A467D-392C-4873-B8E8-E3F08F7B1F0A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA34C022-7843-4A76-B09D-CBF51C99105C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{698ADFE5-5D9F-4C67-BF12-27B7638E76BB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E4F2815-BAAA-417E-B727-F658844C7D78}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68607880-63A7-4D8F-BA7B-6F9411EAF98B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB7225A1-8C76-4A1F-B27E-E7488FF60032}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA88800F-1569-494F-8A90-3522EC822330}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CB7DEBD8-9185-4BD3-B86D-EED9C83D5A7F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{434E68AB-4830-41A8-BFFD-88DFC3CEE3E0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86126E99-A624-4E2E-8D8C-ECA16899C3A5}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{8D8B5334-D3DE-4E4B-B0A6-C76653286359}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{D5082DCF-A506-4FB5-8223-BC8E7EDEE733}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F8888E8-DC85-452D-9C2F-DD6F3B96A713}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8C0E2E27-69F6-4B63-81E6-791F8E796F15}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26B9A4FE-484C-4F4C-B037-7FAD409E1476}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{063AC65A-A2FB-4C1C-A0E7-66792E6A6A92}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07972B81-52F7-4A8E-AAEC-856B71B228F2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D19F506F-BB86-4AF6-9DF1-4BA1401C49FC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAD3EEB1-9DF6-433E-879C-B28FF556AD81}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03D14C22-723A-468C-A219-74960B34C8BB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EA28CDF6-32A3-4F58-B781-2BFDAA9820AF}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{259E9872-43C1-40EC-A6B5-943033949B1F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0618CA8D-9569-4AC9-8E24-318E28B5515B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CC1DE74-CABF-46A9-9DD7-2617275076CD}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E340266-B9FD-48D9-A15A-BE5306A26EC4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E1A24F5-B9A0-4BA7-B32F-1DBCE817545F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C59EA450-8312-4E58-BA3A-323DAB1AA531}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E87E633D-2EAF-4A00-A17F-387A4E7CB161}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00F41D9D-74F0-4DC1-BD81-EEFEB7A2E4A1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{020BC31F-F041-44E9-AD4A-426F17E36EF5}] => (Allow) LPort=26789
FirewallRules: [{D4A5E262-B1B6-4009-AC6D-223560EA6B67}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0C28525E-E94F-4540-A6FC-BBEEBA81F52B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84C863D4-082F-4F6D-B8B1-A289B8342095}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC4FC095-E97C-4131-98BA-38774317FDD2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C3075B1-B558-4F97-B056-013CBB0134CB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3454B321-AD24-4412-B9D6-46CD73C8D93E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF648BC2-662D-4D08-926D-30F6E4F33944}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3059844-5677-4D31-A705-A6C98EA7B5DB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{294E627D-8EEF-4A48-A6C1-994C8D2AE658}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC3BB1EE-F2E9-4B90-8602-524CEFA7C067}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8109F109-DA18-42A9-A476-F9444E4313D8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D643C67-1564-43FC-8E2F-74E0BF4C301B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA753B7C-844B-463E-B77E-1DF55B85A4BA}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B68C8739-14F5-4591-97CE-B93A44BB1AEE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{361D4C28-6A15-44D0-8400-83752759B9F9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61BF93A9-FDCD-4F8B-A2A2-88629CAD5FF0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D097BD9E-3BDF-404C-9CBA-3B67F24D5C41}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F50BD171-73FC-411D-B2BF-8077F46DE9FC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F2FF87B-954E-4DB2-8AEA-0C3744FB6244}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{834D86F3-2A1D-4B77-BEB1-57088DD4C979}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11DEE07A-EADD-46A1-816C-8568E5F11A58}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F0E8714-E3C4-4DA3-B822-5B876715C960}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CACD991B-14BE-416F-9431-651A892A055B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{41B372CF-CC9D-4686-AD5A-5940AE1D1B76}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB7FCEEF-689B-42D0-A0AC-3975E3333386}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{60B84D7C-E6AF-42BD-9FA8-95522919D373}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{50268ADF-0609-426A-A00C-AA1F74F4ED07}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{045659CB-FA75-4C94-8BBF-C093DA8D5B53}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F7D32EA-96A8-4639-890E-8605D1C2591F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F5D3D16B-FE1E-4901-9584-5C28225C25A1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71E169F1-5ED4-4E3B-A8E5-2FD1B2D6667C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{851BE421-4E18-4EBC-AF8D-2E063F4A8ADE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{91D86793-F42D-4B68-BEAB-0A23A9638371}] => (Allow) D:\Games\Uplay\Tom Clancy's Ghost Recon Wildlands\GRW.exe
FirewallRules: [{D5FDD846-0C22-4958-824E-802C8E6011C7}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{256F8A6B-22EA-498A-8063-2AF2A4E79CE2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1FD91AAA-F8C9-46CB-8A9B-38811B0509B1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22C2A80A-2438-4EAC-B0C0-0E6B9A65862C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3CC5392-8BF5-46D4-AB92-9FBA6D75715D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70CBC9C7-6237-45BF-A055-833E909A3D58}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5F218974-222A-43DC-B319-C4B07D4E8DE9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2F25BA59-7ACF-4F36-A1FE-74F3537B790D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C06F203C-EA48-4B07-AF35-A943354B78E4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0440D868-9608-4B0F-89F1-3DCBFB02F027}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1598D29A-7637-47A5-8A21-98DFCE9B0FCD}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5A8EA2EE-A0D3-49A4-8273-5B798C43FF55}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A9E0268D-5352-43FF-9677-B109840C6DA4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2642946-A756-4573-902E-25FB763A90FA}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E011763-247F-4586-8D87-6C265D31C8ED}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF1E2351-B2E4-4124-B18E-D4B59F099486}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B41BC77D-CBF1-465C-9901-7CF0C92E191F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5F08311C-C79D-4766-9D3C-04A9CA1DD229}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3846AC1-FED9-4841-8AE2-F10884D05A06}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E80234B-CC56-49F2-85AE-E0E3BB681AD4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{08691F95-A804-4D6D-AAAC-492CB0345D09}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CEE8F753-6228-42A0-969B-4E8AE1DFCA3B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5BAE206-7AE1-45D6-B331-CA682238390E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4723EC58-023A-41DD-B57F-4DF9F74BD3D4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC11B550-82F6-40F4-8836-3452FC338242}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D58692D4-9407-4992-BD86-30A362876401}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79853DC1-82F3-41BD-A266-525151690F7A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A87A3811-6F5C-498A-897A-B156E2EBBBE6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{05EAE00F-F2A3-4AD9-9C18-2EB3D3BE302F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2BEA502B-A793-4EBE-BD50-656314F90610}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1CB6E93-F77B-4FDA-8FF1-A7103E5D654A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7ACC00A-C65A-4343-A2E2-43D78EB4BFB1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B231C69-93F1-4360-9F61-E1700CD088D8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4795C5A6-F50B-4085-9A00-663E78FA39A4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11CDC5CF-E7F0-4095-8203-F329AF908C5B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA85C7FE-F0EF-41DB-B642-9B45AA999C0C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{190DBB0F-68C0-44BE-BCA2-1C6FB146A3EC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95DAEEDF-3009-4F42-A468-5DE380B76786}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A336D8E-5BE4-4C5B-AD47-B7111290951A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DEEED0AD-66CA-4B8F-93DB-48D72618BBF8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{56C1B1C6-F7A0-475E-8A20-46E4A7757F94}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{46B90FCC-3B28-47FB-85A2-4FD512CAAAFE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB0B95EE-210E-45C7-A840-DE637CEF54C2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09FCFF60-1A3E-41BA-A5F9-7A5DF9140D1A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CA9CFE6B-FEE7-44A6-83FF-E1991167FD5B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{574B54EA-6F24-4726-B2AC-D1F1908C5C68}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4995CC07-9820-4634-803D-CDF1F1F467D3}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{649EC2C6-400A-4243-8259-02AB694FC5E5}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{211F3110-5B9C-43B5-A7DA-5BC3375FE497}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21F6BBBE-1A48-47D2-B6A5-B025598784E8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{411B8785-47B8-4DA1-8FA1-9A77CFA16FD3}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5F18DA6F-A0D7-4044-8D18-F5972A03B45C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E7AADAA-D4C6-488F-B3D6-F61DF439BA9D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A0AC3CD-80D4-433C-8530-B0E2FA9004A0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0376A915-9B1F-4C41-B1F2-970D3266E6F1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3CAB5E8-44E4-4667-985C-6EF813B9FAEC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{477CF873-5CA3-4BF4-9C55-B3196DD4F3B0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D8C21F9-4BA3-440C-A193-2017E7C71B95}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D198A698-0153-4AA7-9F29-F2CD885C4812}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A3862BF-4148-4537-9FB4-387A491D37DF}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{91FD991A-61FC-4ECB-989D-19E001A0C773}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{748FD703-FA96-45C3-A32E-A560B8DCB3F8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F91641A6-9D0D-474E-9953-1945DD11117C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{52DE02D9-6871-4C9A-BE42-624520D4D61D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4ACECC21-DC79-446C-B13C-F778BF3630D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{000661C6-922B-440C-899E-F5DCC5341210}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3377A452-7285-48CE-9115-949ACBE46244}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AD88B251-21F8-4B72-AFFA-86D36096D048}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6C309B0A-CC98-49B2-A3F8-EB3647C200B9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{701AD572-55F6-4DF0-B139-89E0C54658FC}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9558E2B8-56F4-4331-BA74-A4BE70EE9E96}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{681F4772-F9FF-4723-8693-84DEA7BE676C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5353EE23-9D04-4776-BD18-AB865F82235E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B144A2A-351B-4872-8979-096C4692D734}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4124771A-FE1F-4A2B-8D8E-2A57323D0673}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D6D5794-FE44-4736-B280-B7EC7B5D6D90}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0AA09500-0BE7-49E3-B959-2187FDB46E52}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE7BF06B-9C26-4C1D-A703-FEC172DC27A0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5BDC4D87-80B6-48FF-BFB2-A6F460D913A4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{662B9CAB-584B-477F-AD71-0A429A3B093F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CBFB0CC4-E48D-4245-B759-E9F45A1902DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0F811892-69DC-4113-8F62-EAD65EAD32FE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E590A899-49F4-44F4-884E-868266337A28}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFF34DCD-2DF5-4836-B339-6698C83FDFC4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC1789B4-A5B5-4957-A901-61822637BDC2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4267B89E-1632-4564-A8F5-2624C3B1DD0B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{C5B11C7F-4B18-4474-807C-0FB3A74A1547}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607_0\SZBrowser.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2017 03:44:19 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/05/2017 03:41:29 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/05/2017 03:41:29 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/05/2017 03:41:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DAFFA-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (06/05/2017 03:41:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DAFFA-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (06/05/2017 03:41:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DAFFA-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (06/05/2017 03:41:20 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\intel\ntuser.dat

Error: (06/03/2017 04:32:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.14393.0, time stamp: 0x5789907f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a06b6
Faulting process id: 0x18d4
Faulting application start time: 0x01d2dc4c5c52b265
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: b0390b5c-8bbd-4aef-8360-1701051d9cc3
Faulting package full name:
Faulting package-relative application ID:

Error: (06/03/2017 04:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.14393.0, time stamp: 0x5789907f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a06b6
Faulting process id: 0x2764
Faulting application start time: 0x01d2dc4c56b7ec93
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 3e3e43d3-6207-4489-857a-047d3bafb260
Faulting package full name:
Faulting package-relative application ID:

Error: (06/03/2017 04:32:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.14393.0, time stamp: 0x5789907f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a06b6
Faulting process id: 0x2870
Faulting application start time: 0x01d2dc4c55cc9be8
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: unknown
Report Id: 80092896-1336-4515-b8dd-d1dfdbc2acbc
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/05/2017 07:55:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/05/2017 07:42:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/05/2017 07:24:13 AM) (Source: DCOM) (EventID: 10016) (User: DAFFA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DAFFA-PC\intel SID (S-1-5-21-2771708593-4264864108-2896380240-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

Error: (06/05/2017 03:44:19 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The process cannot access the file because it is being used by another process.

Error: (06/05/2017 03:43:30 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The process cannot access the file because it is being used by another process.

Error: (06/05/2017 03:43:29 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The process cannot access the file because it is being used by another process.

Error: (06/05/2017 03:43:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/05/2017 03:42:30 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The process cannot access the file because it is being used by another process.

Error: (06/05/2017 03:41:56 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
The process cannot access the file because it is being used by another process.

Error: (06/05/2017 03:41:52 AM) (Source: DCOM) (EventID: 10016) (User: DAFFA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
and APPID
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
to the user DAFFA-PC\intel SID (S-1-5-21-2771708593-4264864108-2896380240-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-06-05 07:24:14.144
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-02 17:09:36.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 15:39:58.293
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-02 15:39:55.229
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-02 15:00:29.527
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 12:45:07.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-02 12:44:58.002
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-02 12:08:07.563
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 09:55:36.492
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-01 12:07:53.133
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 8158.54 MB
Available physical RAM: 3977.2 MB
Total Virtual: 8670.54 MB
Available Virtual: 3205.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.69 GB) (Free:46.59 GB) NTFS
Drive d: () (Fixed) (Total:931.49 GB) (Free:546.89 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:462.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Dfernt
 
Posts: 2
Joined: Mon Jun 05, 2017 12:53 am

Re: Malware ads , cant delete

Postby patrik » Wed Jun 07, 2017 2:00 am

Hello, welcome to the Myantispyware forums.

Run Notepad, copy/paste the text in the code box below into notepad:
Code: Select all
CreateRestorePoint:
Task: {E4157932-5EF3-481E-88E4-C1B7AF20501E} - \Clequcertain -> No File <==== ATTENTION
Task: {E5F496B3-8E4F-480A-A901-1076DE706217} - System32\Tasks\{E0AA477F-D2A3-456B-884E-08A4EE50B94E} => pcalua.exe -a C:\Fraps\uninstall.exe
AlternateDataStreams: C:\Users\intel\Downloads\rkill.exe:BDU [0]
EmptyTemp:
Reboot:

Name the Notepad file as fixlist and Save it to a folder where FRST is located.
Run FRST and press the Fix button. When the tool is finished, it will produce a report for you.

Post back with the fix log + new "scan" logs (Run FRST, click Scan).
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: Malware ads , cant delete

Postby Dfernt » Wed Jun 07, 2017 11:04 am

patrik wrote:Hello, welcome to the Myantispyware forums.

Run Notepad, copy/paste the text in the code box below into notepad:
Code: Select all
CreateRestorePoint:
Task: {E4157932-5EF3-481E-88E4-C1B7AF20501E} - \Clequcertain -> No File <==== ATTENTION
Task: {E5F496B3-8E4F-480A-A901-1076DE706217} - System32\Tasks\{E0AA477F-D2A3-456B-884E-08A4EE50B94E} => pcalua.exe -a C:\Fraps\uninstall.exe
AlternateDataStreams: C:\Users\intel\Downloads\rkill.exe:BDU [0]
EmptyTemp:
Reboot:

Name the Notepad file as fixlist and Save it to a folder where FRST is located.
Run FRST and press the Fix button. When the tool is finished, it will produce a report for you.

Post back with the fix log + new "scan" logs (Run FRST, click Scan).


Fix log

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by intel (07-06-2017 17:53:08) Run:1
Running from C:\Users\intel\Downloads\Programs\FRST-OlderVersion
Loaded Profiles: intel (Available Profiles: defaultuser0 & intel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {E4157932-5EF3-481E-88E4-C1B7AF20501E} - \Clequcertain -> No File <==== ATTENTION
Task: {E5F496B3-8E4F-480A-A901-1076DE706217} - System32\Tasks\{E0AA477F-D2A3-456B-884E-08A4EE50B94E} => pcalua.exe -a C:\Fraps\uninstall.exe
AlternateDataStreams: C:\Users\intel\Downloads\rkill.exe:BDU [0]
EmptyTemp:
Reboot:
*****************

Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4157932-5EF3-481E-88E4-C1B7AF20501E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4157932-5EF3-481E-88E4-C1B7AF20501E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clequcertain => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5F496B3-8E4F-480A-A901-1076DE706217} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5F496B3-8E4F-480A-A901-1076DE706217} => key removed successfully
C:\Windows\System32\Tasks\{E0AA477F-D2A3-456B-884E-08A4EE50B94E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0AA477F-D2A3-456B-884E-08A4EE50B94E} => key removed successfully
C:\Users\intel\Downloads\rkill.exe => ":BDU" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 2259574 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84993847 B
Java, Flash, Steam htmlcache => 145755996 B
Windows/system/drivers => 10080776 B
Edge => 4317184 B
Chrome => 459878159 B
Firefox => 1553543 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 2217030 B
LocalService => 58222 B
NetworkService => 939212928 B
defaultuser0 => 128 B
intel => 34422905 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:53:19 ====

Frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
Ran by intel (administrator) on DAFFA-PC (07-06-2017 17:58:16)
Running from C:\Users\intel\Downloads\Programs\FRST-OlderVersion
Loaded Profiles: intel (Available Profiles: defaultuser0 & intel)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
() C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
() C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
() D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.6.2.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\intel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe
(InnoVISION Multimedia Ltd.) C:\Program Files (x86)\Inno3D\Inno3D.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\intel\Downloads\Programs\FRST-OlderVersion\FRST64_2.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9050632 2016-11-07] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-01-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-04] (AVAST Software)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1022928 2016-11-09] (MSI)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [831584 2016-11-07] (MSI)
HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4211128 2016-11-17] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15371216 2017-03-07] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\Inno3D\Inno3D.exe [18286592 2016-12-22] (InnoVISION Multimedia Ltd.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-02] (Valve Corporation)
HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-02-14] (Tonec Inc.)
HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Run: [Spotify Web Helper] => C:\Users\intel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-06] (Spotify Ltd)
HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [56368 2016-09-05] (Locktime Software)
HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-05-09]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c09a5a25-47cc-4107-9d16-7d3827176fcb}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c33dbe40-1d84-4503-87f9-c295b4e4eaab}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2771708593-4264864108-2896380240-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: r32cqu3s.default
FF ProfilePath: C:\Users\intel\AppData\Roaming\Mozilla\Firefox\Profiles\r32cqu3s.default [2017-06-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r32cqu3s.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r32cqu3s.default -> youndoo
FF HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\intel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\intel\AppData\Roaming\IDM\idmmzcc5 [2017-06-07] [not signed]
FF HKU\S-1-5-21-2771708593-4264864108-2896380240-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> file:///F:/Data%20Game/025.swf
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1495449558&z=2f96ffa10de8743f5c0a19agbz7t8w3z0z7t3w6q4e&from=che0812&uid=PatriotXSpark_5A66076A1FFC00020877"
CHR NewTab: Default -> Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default [2017-06-07]
CHR Extension: (Google Slides) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-02]
CHR Extension: (Google Docs) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-02]
CHR Extension: (Google Drive) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-02]
CHR Extension: (YouTube) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-02]
CHR Extension: (Google Sheets) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-02]
CHR Extension: (Google Docs Offline) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-02]
CHR Extension: (AdBlock) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-02]
CHR Extension: (Avast Online Security) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-03]
CHR Extension: (Momentum) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-06-07]
CHR Extension: (IDM Integration Module) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-02]
CHR Extension: (Gmail) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3759752 2016-05-18] (Intel Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-04] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-06-04] (AVAST Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [409128 2017-04-11] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2016-11-02] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-14] (Hi-Rez Studios) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [2169440 2016-10-21] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2204768 2016-09-29] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162656 2016-09-29] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014816 2016-11-15] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2327648 2016-09-29] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-09-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [607160 2016-09-29] (MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [78776 2016-11-17] (Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2286032 2017-03-06] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163792 2016-11-09] (MSI)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [323632 2016-09-05] (Locktime Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-04] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-04] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-02] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-14] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-14] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-02-19] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-02-19] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-01-18] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 Wallpaper Engine Service; D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [337408 2017-05-26] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-06-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-06-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-06-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-06-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-06-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-06-04] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-06-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-06-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-06-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-06-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-06-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-06-04] (AVAST Software)
S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [53904 2017-03-03] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-06-04] (AVAST Software)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [543184 2016-07-26] (Intel Corporation)
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [140256 2016-09-05] (Locktime Software)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MB; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [13808 2014-03-13] (MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-03] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-04] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-05-04] (NVIDIA Corporation)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46440 2017-04-06] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [45928 2017-03-30] (SteelSeries ApS)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-25] (Zemana Ltd.)
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
U2 snare; no ImagePath
U2 terana; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-07 17:55 - 2017-06-07 17:55 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-07 17:49 - 2017-06-07 17:49 - 00030833 _____ C:\ProgramData\agent.update.1496832578.bdinstall.bin
2017-06-07 11:14 - 2017-06-07 11:14 - 00061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-06-05 12:26 - 2017-06-05 17:59 - 00000406 _____ C:\Windows\Tasks\update-sys.job
2017-06-05 12:26 - 2017-06-05 17:59 - 00000406 _____ C:\Windows\Tasks\update-S-1-5-21-2771708593-4264864108-2896380240-1001.job
2017-06-05 12:26 - 2017-06-05 12:26 - 00003396 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2771708593-4264864108-2896380240-1001
2017-06-05 12:26 - 2017-06-05 12:26 - 00003332 _____ C:\Windows\System32\Tasks\update-sys
2017-06-05 12:26 - 2017-06-05 12:26 - 00000425 _____ C:\Users\intel\AppData\Local\UserProducts.xml
2017-06-05 12:26 - 2017-06-05 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-06-05 12:26 - 2017-06-05 12:26 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-06-05 03:50 - 2017-06-05 03:50 - 00003276 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-05 03:41 - 2017-06-05 03:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Origin
2017-06-05 03:41 - 2017-06-05 03:41 - 00000000 ____D C:\Users\Default\AppData\Local\Origin
2017-06-05 03:41 - 2017-06-05 03:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Origin
2017-06-05 03:41 - 2017-06-05 03:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Origin
2017-06-05 01:05 - 2017-06-05 03:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-05 00:50 - 2017-06-05 01:02 - 00000000 ____D C:\Users\intel\AppData\Roaming\discord
2017-06-05 00:50 - 2017-06-05 00:50 - 00000000 ____D C:\Users\intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-05 00:49 - 2017-06-05 00:50 - 00000000 ____D C:\Users\intel\AppData\Local\SquirrelTemp
2017-06-05 00:49 - 2017-06-05 00:50 - 00000000 ____D C:\Users\intel\AppData\Local\Discord
2017-06-04 03:10 - 2017-06-04 03:10 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-04 01:59 - 2017-06-04 01:59 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\5BB5177D.sys
2017-06-03 16:29 - 2017-06-03 16:32 - 03625080 _____ (Google) C:\Users\intel\Downloads\chrome_cleanup_tool.exe
2017-06-03 09:16 - 2017-06-05 04:10 - 00004008 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1496456185
2017-06-03 09:16 - 2017-06-05 04:10 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-03 09:16 - 2017-06-03 09:16 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2017-06-03 09:16 - 2017-06-03 09:16 - 00000000 ____D C:\Users\intel\AppData\Roaming\AVAST Software
2017-06-03 09:15 - 2017-06-04 03:10 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00507928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.149652064662502
2017-06-03 09:15 - 2017-06-04 03:10 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-03 09:15 - 2017-06-04 03:10 - 00003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-03 09:15 - 2017-06-03 09:15 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-03 00:05 - 2017-06-03 00:05 - 00213537 _____ C:\ProgramData\cl.1496423018.bdinstall.bin
2017-06-03 00:03 - 2017-06-03 00:03 - 00035895 _____ C:\ProgramData\dm.uninstall.1496422984.bdinstall.bin
2017-06-03 00:03 - 2017-06-03 00:03 - 00021280 _____ C:\ProgramData\agent.uninstall.1496423009.bdinstall.bin
2017-06-02 15:22 - 2017-06-02 15:22 - 00000000 ____D C:\Users\intel\AppData\Roaming\Google
2017-06-02 15:17 - 2017-06-02 15:17 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-02 15:02 - 2017-06-03 16:32 - 00000000 ____D C:\Users\intel\AppData\Local\Google
2017-06-02 15:02 - 2017-06-02 16:27 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-02 15:02 - 2017-06-02 16:27 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-02 15:02 - 2017-06-02 15:17 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-02 13:00 - 2017-06-02 13:00 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\intel\Downloads\rkill.exe
2017-06-02 12:58 - 2017-06-07 17:58 - 00000000 ____D C:\FRST
2017-05-31 17:55 - 2017-05-31 17:55 - 25766539 _____ C:\Users\intel\Downloads\[Se-No] K-On!! Ura-On!! 07.mkv
2017-05-31 17:55 - 2017-05-31 17:55 - 19402019 _____ C:\Users\intel\Downloads\[Se-No] K-On!! Ura-On!! 06.mkv
2017-05-30 13:12 - 2017-05-30 13:12 - 00075933 _____ C:\Users\intel\Downloads\Misc Cartoons - K-On - My Love Is A Stapler (guitar pro).gp5
2017-05-28 19:17 - 2017-05-28 19:17 - 15557138 _____ C:\Users\intel\Downloads\[Se-No] K-On!! Ura-On!! 04.mkv
2017-05-28 19:06 - 2017-05-28 19:06 - 13046745 _____ C:\Users\intel\Downloads\[Se-No] K-On!! Ura-On!! 03.mkv
2017-05-28 18:52 - 2017-05-28 18:52 - 18649039 _____ C:\Users\intel\Downloads\[Se-No] K-On!! Ura-On!! 02.mkv
2017-05-28 18:44 - 2017-05-28 18:44 - 22485157 _____ C:\Users\intel\Downloads\[Se-No] K-On!! Ura-On!! 01.mkv
2017-05-27 23:10 - 2017-05-27 23:10 - 00000000 ____D C:\Users\intel\AppData\Local\NPE
2017-05-27 23:10 - 2017-05-27 23:10 - 00000000 ____D C:\ProgramData\Norton
2017-05-27 23:01 - 2017-06-05 12:12 - 00000000 ____D C:\AdwCleaner
2017-05-27 13:20 - 2017-05-27 13:20 - 00085401 _____ C:\Users\intel\Downloads\Misc Cartoons - K-On - Samidare 20 Love (guitar pro).gp5
2017-05-26 01:22 - 2017-05-30 17:34 - 01612648 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys.upd
2017-05-26 01:22 - 2017-05-30 17:33 - 00879600 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys.upd
2017-05-26 01:20 - 2017-05-26 01:20 - 00305120 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys.upd
2017-05-26 01:07 - 2017-05-26 01:07 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys.upd
2017-05-25 22:32 - 2017-06-07 17:58 - 00035908 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-25 22:32 - 2017-05-26 08:52 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-25 22:32 - 2017-05-26 01:13 - 00077610 _____ C:\Windows\ZAM.krnl.trace
2017-05-25 22:32 - 2017-05-25 22:32 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-05-25 22:32 - 2017-05-25 22:32 - 00000000 ____D C:\Users\intel\AppData\Local\Zemana
2017-05-25 10:07 - 2017-05-25 10:07 - 00000000 ____D C:\Users\intel\AppData\Local\TeamViewer
2017-05-25 10:06 - 2017-05-25 10:06 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-25 10:06 - 2017-05-25 10:06 - 00000000 ____D C:\Users\intel\AppData\Roaming\TeamViewer
2017-05-25 10:06 - 2017-05-25 10:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-24 11:25 - 2017-05-24 11:25 - 00123713 _____ C:\Users\intel\Downloads\Misc Cartoons - K-On - Honey Sweet Tea Time (guitar pro).gp5
2017-05-24 11:25 - 2017-05-24 11:25 - 00110787 _____ C:\Users\intel\Downloads\Misc Cartoons - K-On - Fuwa Fuwa Time (guitar pro).gp5
2017-05-22 18:00 - 2017-05-22 18:00 - 00182944 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys.upd
2017-05-21 11:51 - 2017-05-21 11:51 - 00000000 ____D C:\Users\intel\Downloads\Image
2017-05-21 09:31 - 2017-05-21 09:31 - 00040457 _____ C:\ProgramData\dm.update.1495333853.bdinstall.bin
2017-05-20 22:20 - 2017-05-20 22:20 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-05-20 21:42 - 2017-05-20 21:43 - 00008884 _____ C:\Windows\system32\Drivers\etc\hosts.backup
2017-05-20 17:46 - 2017-05-20 17:46 - 00056911 _____ C:\ProgramData\dm.1495277189.bdinstall.bin
2017-05-20 17:46 - 2017-05-20 17:46 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-05-19 23:18 - 2017-06-03 00:04 - 00028277 _____ C:\bdlog.txt
2017-05-19 23:07 - 2017-06-03 00:05 - 00000000 ____D C:\Users\intel\AppData\Roaming\Bitdefender
2017-05-19 23:07 - 2017-05-19 23:07 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2017-05-19 23:07 - 2017-05-19 23:07 - 00000000 ____D C:\ProgramData\BDLogging
2017-05-19 23:07 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2017-05-19 23:06 - 2017-05-19 23:06 - 00003794 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-05-19 23:05 - 2017-06-03 00:05 - 00000000 ____D C:\ProgramData\Bitdefender
2017-05-19 23:04 - 2017-06-07 17:56 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-05-19 23:04 - 2017-05-19 23:04 - 00044459 _____ C:\ProgramData\1495209846.bdinstall.bin
2017-05-19 23:04 - 2017-05-19 23:04 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-05-19 22:57 - 2017-05-19 22:57 - 00000000 ____D C:\Users\intel\AppData\Roaming\QuickScan
2017-05-19 16:20 - 2017-06-03 00:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-05-17 15:14 - 2017-05-17 15:14 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-17 12:02 - 2017-05-17 20:53 - 00000000 ____D C:\Windows\Minidump
2017-05-17 11:28 - 2017-05-17 15:17 - 00000000 ____D C:\Windows\pss
2017-05-16 22:48 - 2017-05-16 22:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-16 22:48 - 2017-03-11 04:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-05-16 22:48 - 2017-03-11 04:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-05-16 22:48 - 2017-03-11 04:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-05-16 22:48 - 2017-03-11 04:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-05-16 22:44 - 2017-05-02 05:38 - 40201848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 35388864 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 35281528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 28623480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 11056456 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 11024384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 10547440 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 09245744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 09014792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 08805232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 03792320 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 03247736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 01988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438205.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438205.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 01278528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 01276128 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 01054144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00993872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00991168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00960960 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00911992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00821184 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00776048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00651200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00618744 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00612088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-05-16 22:44 - 2017-05-02 05:38 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-05-16 19:15 - 2017-05-18 18:15 - 00004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-16 19:15 - 2017-05-04 03:21 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-12 23:21 - 2017-05-12 23:21 - 00000749 _____ C:\Users\intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-05-09 17:55 - 2017-06-02 15:17 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-09 17:35 - 2017-05-09 17:35 - 00000000 _____ C:\Windows\SysWOW64\3333
2017-05-09 17:35 - 2017-05-09 17:35 - 00000000 _____ C:\Windows\SysWOW64\2222
2017-05-09 17:35 - 2017-05-09 17:35 - 00000000 _____ C:\Windows\SysWOW64\1111

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-07 17:55 - 2017-02-15 20:06 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-07 17:55 - 2017-02-15 14:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-07 17:54 - 2017-02-18 23:10 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-06-07 17:54 - 2017-02-16 05:42 - 00000000 ____D C:\Users\intel
2017-06-07 17:54 - 2017-02-16 05:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-07 17:53 - 2017-02-16 22:36 - 00000000 ____D C:\Users\intel\AppData\Roaming\DMCache
2017-06-07 17:53 - 2017-02-15 20:18 - 00000000 ____D C:\Users\intel\AppData\LocalLow\Temp
2017-06-07 17:53 - 2016-07-16 13:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-06-07 11:10 - 2017-02-26 11:41 - 00000000 ____D C:\Users\intel\AppData\Local\Spotify
2017-06-07 11:10 - 2017-02-26 11:30 - 00000000 ____D C:\Users\intel\AppData\Roaming\Spotify
2017-06-07 00:59 - 2017-02-16 22:36 - 00000000 ____D C:\Users\intel\Downloads\Video
2017-06-06 18:55 - 2017-02-16 05:40 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-06 13:20 - 2017-02-16 22:36 - 00000000 ____D C:\Users\intel\Downloads\Compressed
2017-06-05 03:49 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\AppReadiness
2017-06-05 01:19 - 2017-02-16 23:31 - 00000085 _____ C:\Windows\wininit.ini
2017-06-05 01:19 - 2017-02-16 23:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-05 00:39 - 2017-03-15 16:54 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-03 16:32 - 2017-02-17 13:11 - 00000000 ____D C:\Users\intel\AppData\Local\CrashDumps
2017-06-03 09:39 - 2017-02-15 14:03 - 00000000 ____D C:\Program Files (x86)\MSI
2017-06-03 09:39 - 2017-02-15 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-06-03 09:39 - 2017-02-15 13:56 - 00000000 ____D C:\MSI
2017-06-03 09:15 - 2017-02-28 21:43 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-03 00:06 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\ELAMBKUP
2017-06-03 00:04 - 2016-07-16 18:45 - 00000000 ____D C:\Windows\INF
2017-06-02 18:14 - 2016-07-16 13:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-06-02 15:48 - 2016-07-16 18:47 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-06-02 15:48 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\Offline Web Pages
2017-06-02 13:08 - 2017-02-20 20:58 - 00000000 ____D C:\Users\intel\AppData\Local\Reozatherstihos
2017-05-30 23:35 - 2017-05-03 16:35 - 00000000 ____D C:\Users\intel\Documents\Sound recordings
2017-05-28 21:15 - 2017-02-17 19:49 - 00000000 ____D C:\Users\intel\AppData\Roaming\AIMP
2017-05-28 02:06 - 2017-02-16 22:36 - 00000000 ____D C:\Users\intel\AppData\Roaming\IDM
2017-05-28 01:39 - 2017-02-15 19:26 - 00000000 ____D C:\Users\intel\AppData\Roaming\MPC-HC
2017-05-27 23:00 - 2017-02-19 17:52 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2017-05-26 01:05 - 2017-02-16 05:45 - 02505274 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-25 22:48 - 2017-02-15 14:19 - 00000000 ____D C:\ProgramData\KMSAutoS
2017-05-25 16:07 - 2017-02-16 05:40 - 04956856 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-23 18:41 - 2017-02-15 14:14 - 00000000 ____D C:\Users\intel\AppData\Local\NVIDIA Corporation
2017-05-20 22:21 - 2017-02-15 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-20 22:21 - 2017-02-15 14:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-19 22:55 - 2017-03-03 00:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-19 22:54 - 2017-02-16 22:36 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-05-18 22:00 - 2017-04-07 12:38 - 00000000 ____D C:\Program Files\MK
2017-05-18 21:58 - 2017-03-07 21:58 - 00034328 _____ (Sysinternals - http://www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-05-18 18:15 - 2017-02-19 12:14 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:14 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:14 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:14 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:14 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:14 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:14 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 18:15 - 2017-02-15 14:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-18 18:15 - 2017-02-15 14:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-17 15:45 - 2017-02-15 14:19 - 00000000 ____D C:\Users\intel\AppData\Local\MSfree Inc
2017-05-17 12:59 - 2017-02-19 16:30 - 00001922 __RSH C:\ProgramData\ntuser.pol
2017-05-17 10:44 - 2017-02-15 20:51 - 00000000 ____D C:\Users\intel\AppData\Roaming\steelseries-engine-3-client
2017-05-16 18:23 - 2017-02-15 14:23 - 00000000 ____D C:\Users\intel\AppData\LocalLow\Mozilla
2017-05-16 18:22 - 2017-04-14 13:31 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-16 11:01 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\rescache
2017-05-14 10:06 - 2016-07-16 18:36 - 00000000 ____D C:\Windows\CbsTemp
2017-05-14 09:25 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-14 01:54 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\NDF
2017-05-11 23:03 - 2017-02-16 05:42 - 00000000 ____D C:\Users\intel\AppData\Local\Packages
2017-05-08 16:00 - 2017-02-15 14:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-05-08 16:00 - 2017-02-15 14:20 - 00000000 ____D C:\ProgramData\Adobe
2017-05-08 15:49 - 2017-02-15 13:57 - 00000000 ___HD C:\Program Files (x86)\Temp

==================== Files in the root of some directories =======

2017-03-23 23:16 - 2017-05-07 09:56 - 0000132 _____ () C:\Users\intel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-16 19:19 - 2017-02-17 11:54 - 0007600 _____ () C:\Users\intel\AppData\Local\Resmon.ResmonCfg
2017-06-05 12:26 - 2017-06-05 12:26 - 0000003 _____ () C:\Users\intel\AppData\Local\updater.log
2017-06-05 12:26 - 2017-06-05 12:26 - 0000425 _____ () C:\Users\intel\AppData\Local\UserProducts.xml
2017-05-19 23:04 - 2017-05-19 23:04 - 0044459 _____ () C:\ProgramData\1495209846.bdinstall.bin
2017-06-03 00:03 - 2017-06-03 00:03 - 0021280 _____ () C:\ProgramData\agent.uninstall.1496423009.bdinstall.bin
2017-06-07 17:49 - 2017-06-07 17:49 - 0030833 _____ () C:\ProgramData\agent.update.1496832578.bdinstall.bin
2017-06-03 00:05 - 2017-06-03 00:05 - 0213537 _____ () C:\ProgramData\cl.1496423018.bdinstall.bin
2017-05-20 17:46 - 2017-05-20 17:46 - 0056911 _____ () C:\ProgramData\dm.1495277189.bdinstall.bin
2017-06-03 00:03 - 2017-06-03 00:03 - 0035895 _____ () C:\ProgramData\dm.uninstall.1496422984.bdinstall.bin
2017-05-21 09:31 - 2017-05-21 09:31 - 0040457 _____ () C:\ProgramData\dm.update.1495333853.bdinstall.bin
2017-02-15 14:01 - 2017-02-15 14:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-01 08:42

==================== End of FRST.txt ============================
Dfernt
 
Posts: 2
Joined: Mon Jun 05, 2017 12:53 am


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 5 guests

cron