Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ntuserlitelist [Closed]


  • This topic is locked This topic is locked

#1
dadlessemo

dadlessemo

    New Member

  • Member
  • Pip
  • 4 posts

i need help. if there is a worst state for ntuserlitelist i have it.


  • 0

Advertisements


#2
Joeicam

Joeicam

    GeekU Senior

  • GeekU Senior
  • 1,051 posts

Hello dadlessemo, and welcome to logo.png
 
My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.
 
Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem. 
 
If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.
 
Before we begin, please familiarize yourself with the following:
  • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
  • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
  • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
  • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
 
Finally
  • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
  • You must reply to this post within four days, if you do not, then the topic will be closed.
  • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.
 
If I have not responded to your post within 24 hours, then send me a private message (PM).
Otherwise, all communication is done in the forums.
 
Let's get to work! :)
 
____________________________________________________________________________________________________
 
The fixes presented are specific to your problem and should only be used for the issue on this machine!
____________________________________________________________________________________________________
 
Step 1 of 1: FRST Scan
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is ran from.
  • Please copy and paste the logs back here.
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the FRST.txt and Addition.txt logs
 
 

 


  • 0

#3
dadlessemo

dadlessemo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by TheBlackOne666 (administrator) on CUNTLORD (28-10-2017 14:04:26)
Running from C:\Users\TheBlackOne666\Downloads
Loaded Profiles: TheBlackOne666 (Available Profiles: defaultuser0 & TheBlackOne666)
Platform: Windows 10 Home Version 1607 14393.1715 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\syswow64\PnkBstrA.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxEM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Windows\System32\msvspkd.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\reanimator.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Discord Inc.) C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\Discord.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\graphics\New folder\Steam.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Discord Inc.) C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\Discord.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\TheBlackOne666\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\TheBlackOne666\AppData\Roaming\Spotify\Spotify.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Spotify Ltd) C:\Users\TheBlackOne666\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\TheBlackOne666\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\TheBlackOne666\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\TheBlackOne666\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Twitch Interactive, Inc.) C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Twitch.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmavefo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Twitch Interactive, Inc.) C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Twitch Interactive, Inc.) C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Twitch Interactive, Inc.) C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.105.329.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.105.329.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.105.329.0\OverwolfHelper64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\IntelCpHeciSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\TheBlackOne666\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Config.Msi\90fa9.rbf
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1561_none_7ef6e89821f9a6be\TiWorker.exe
() C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmaybkd.exe
() C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmaybkd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\TheBlackOne666\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [694528 2015-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16482040 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-09-22] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [894376 2017-07-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [245088 2017-04-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-07-25] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [vmavefo] => C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmavefo.exe [936960 2017-10-26] () <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\RunOnceEx\@UnHackMe: [1] => C:\PROGRA~2\UnHackMe\UnHackMe.exe /p Partizan
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Run: [Discord] => C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\graphics\New folder\steam.exe [3102496 2017-10-25] (Valve Corporation)
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Run: [Spotify] => C:\Users\TheBlackOne666\AppData\Roaming\Spotify\Spotify.exe [21093488 2017-10-25] (Spotify Ltd)
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-07-25] ()
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Run: [Spotify Web Helper] => C:\Users\TheBlackOne666\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-25] (Spotify Ltd)
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\MountPoints2: {fc8692e3-733b-11e7-af4b-e4a4714b87ae} - "K:\setup.exe" 
Startup: C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-08-11]
ShortcutTarget: MEGAsync.lnk -> C:\Users\TheBlackOne666\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-06-04]
ShortcutTarget: Twitch.lnk -> C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
BootExecute: autocheck autochk * C:\WINDOWS\system32\eamclean.exe \??\C:\WINDOWS\system32\eamclean.dat eamcleanPartizan
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-4145652378-410873519-1374146128-1001] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{78bd54dc-687b-4ee6-a3ba-49f25bbd5ab7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131470432295606810&GUID=2E1EB36F-C809-4CDC-A38C-CCCECC47AEFD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131470432295620237&GUID=2E1EB36F-C809-4CDC-A38C-CCCECC47AEFD
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131470430872037976&GUID=2E1EB36F-C809-4CDC-A38C-CCCECC47AEFD
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKLM -> DefaultScope {35D014BD-409B-4146-A82C-F20B8962253D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {35D014BD-409B-4146-A82C-F20B8962253D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {35D014BD-409B-4146-A82C-F20B8962253D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {35D014BD-409B-4146-A82C-F20B8962253D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-04] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> table tennis
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default [2017-10-28]
CHR Extension: (Slides) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Fruits Slice) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpkaagbcebgebfcangeibbcjangpgd [2017-06-04]
CHR Extension: (BetterTTV) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-06-04]
CHR Extension: (From Dust) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2017-06-04]
CHR Extension: (Game of Bombs) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhaijdjccblkojlobkibmoajnababok [2017-06-04]
CHR Extension: (Docs) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-04]
CHR Extension: (gorescript classic) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlinegjlacogbjchanihbiiboabcp [2017-06-04]
CHR Extension: (So Many Me - Demo) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2017-06-04]
CHR Extension: (YouTube) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-04]
CHR Extension: (Gun Blood) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2017-06-04]
CHR Extension: (roTopo) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbocomkmdghdbgbolajpeipnjdjngilm [2017-06-04]
CHR Extension: (The Legend of Equip Pants) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\deapnbacjblgohibnbjjceoikngpepcp [2017-06-04]
CHR Extension: (Netflix) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-06-04]
CHR Extension: (Heroes of Loot) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehdkhggfndjofleapioemjkkbng [2017-06-04]
CHR Extension: (3D Table Tennis) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceoimpjbncjmhghmhfpmbkkkgkkchen [2017-06-04]
CHR Extension: (Get On Top) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\eneknldaapenifpkcefgopfgeppjelbp [2017-06-04]
CHR Extension: (Mechanic Watermelon) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbecpajdliognangadmllfadblgimefn [2017-08-12]
CHR Extension: (Sheets) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Causality Games) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2017-06-04]
CHR Extension: (AirConsole) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcemmcchdnfglceoahefndkebdciajhi [2017-10-18]
CHR Extension: (Stickman Fighter : Epic Battle) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\gckdifkadmdmcaajneidiajkoiokcnca [2017-06-04]
CHR Extension: (Chess) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcoafacoamancaniegeddbpojbjkfgbc [2017-06-04]
CHR Extension: (Manyland) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\geieilhcelplmpfhepdoggckhmfaanmp [2017-06-04]
CHR Extension: (Google Docs Offline) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-07]
CHR Extension: (AdBlock) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-20]
CHR Extension: (Treasure Arena) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hedpcboianohjgdhoblpcpgapknkoojm [2017-06-04]
CHR Extension: (Kickoff) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\heelhmibbjlnankkkmcdgbmcepajmddl [2017-06-04]
CHR Extension: (Slither.io Mods,Plus & friends & Skins) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hficpeaiodbodebnnlimbagpfajmbdln [2017-06-04]
CHR Extension: (AllCast Receiver) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2017-10-17]
CHR Extension: (summer - watermelon) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlipakopaoanbeapfiipflgglibjfgan [2017-06-04]
CHR Extension: (Roms43 for Chrome) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hodglkaodhnbkakchphcmbgdinlgcfgc [2017-06-04]
CHR Extension: (WGT Baseball: MLB) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpbjopfokekaencoephlgdbnljhcflhm [2017-06-04]
CHR Extension: (Save The Dummy - Fun Physics Game!) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\hppcocfibkhojpneojpbpdeaeoodegad [2017-06-04]
CHR Extension: (Web Quake) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkbfanmkmadbbgggonficloplenbefh [2017-06-04]
CHR Extension: (Cut the Rope) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2017-06-04]
CHR Extension: (Cartoon Strike: Lite) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfemhhabidncpdojhkecgbjpfmhgddmh [2017-09-08]
CHR Extension: (WTFOSAURUS Agar.io) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\johefdgflphlkclaiokmmfjkkpnhhdkb [2017-06-04]
CHR Extension: (KingsRoad) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2017-06-04]
CHR Extension: (Happy Wheels) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\kchfcgbdfhchpdkajdgbbhbgjlngeopi [2017-06-04]
CHR Extension: (Replay Poker - Texas Holdem Poker) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfcdggllbpfgmjiofncgckbjnfenhgo [2017-06-04]
CHR Extension: (TANX) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\khalolpadgppinfmjajjbdgljhcameji [2017-06-04]
CHR Extension: (Ping Pong) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigoagcbbjipchabojifbbjaablmgkep [2017-06-04]
CHR Extension: (Little Alchemy) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2017-06-04]
CHR Extension: (Google Play) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-06-04]
CHR Extension: (Nethack) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladkaalcnedlcimjgaldjoeahnklilnk [2017-06-04]
CHR Extension: (Crash Bandicoot Online) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhepooipcedldanchhblpepiijkpihmo [2017-06-04]
CHR Extension: (Fairy Tail - o4games.com) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiapjiccanfjgcgmgonhhfabeofgjph [2017-06-04]
CHR Extension: (Gun Blood) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\lobfheekldioobmljhdnpafbbilngdpa [2017-06-04]
CHR Extension: (AdventureQuest Worlds) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\magpbjiklafkjfjjgokcdbhjbbcdhakl [2017-06-04]
CHR Extension: (Official Rush Team free fps multiplayer) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpllbgeoicofimajfkdkimmjkhlholl [2017-06-04]
CHR Extension: (Gunslugs 2) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghifijegjeeookaojcmbfdbomfbmahh [2017-06-04]
CHR Extension: (Spelunky HTML5) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2017-06-04]
CHR Extension: (Checkers) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnpfjokaplnkafjlidmjpkkcihedgcek [2017-06-04]
CHR Extension: (Don't GiveUp) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngiipijonfhhbegmhmhljopmgifpbnoh [2017-06-04]
CHR Extension: (4x4 Soccer - Play Soccer with SUVs!) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpgdegnmkfpnfecaidmakahpoaaepoo [2017-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Portal 2D) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\noeojpcnabfdkncikfpepcpcldcfmpeb [2017-06-04]
CHR Extension: (Genesis MUD) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabmmemhfmafbmepbblbgkmgfmeefmaa [2017-06-04]
CHR Extension: (Dead Valley) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpobnfcbnekieacdboembagacanipim [2017-06-04]
CHR Extension: (Gmail) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-04]
CHR Extension: (Cube Slam) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcoeeddamedegogbcmdbadnoifmfipn [2017-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]
CHR Profile: C:\Users\TheBlackOne666\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-09]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4145652378-410873519-1374146128-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9151744 2017-09-29] (Emsisoft Ltd)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [80176 2015-08-25] (Alps Electric Co., Ltd.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-13] ()
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-09-16] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2016-01-25] (Lenovo)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [82088 2015-08-04] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\WINDOWS\SysWOW64\drivers\o2flash.exe [82088 2015-08-04] (BayHubTech/O2Micro International)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-25] (Overwolf LTD)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-10-23] (Power Admin LLC)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2017-07-28] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2017-10-26] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
S2 13ba1d2cf640ae14d02774261598e1e6; "C:\Program Files\13ba1d2cf640ae14d02774261598e1e6\ac3dc7bb7a3db700b8a8d5f359cb89d9.exe" [X]
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
S3 EasyAntiCheat; C:\WINDOWS\system32\EasyAntiCheat.exe [X]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]
S2 RuntimeBroker; C:\WINDOWS\cuntlord\RuntimeBroker.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-10-26] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-10-26] ()
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-02-27] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-06-20] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [130816 2015-11-24] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-12] (Malwarebytes)
S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-04-03] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-03-31] (McAfee, Inc.)
S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2017-04-03] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\bhtscpcrx64.sys [202776 2015-08-04] (BayHubTech/O2Micro )
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-10-08] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-16] (Zemana Ltd.)
S1 CLVirtualDrive; \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-28 14:01 - 2017-10-28 14:01 - 002403328 _____ (Farbar) C:\Users\TheBlackOne666\Downloads\FRST64 (2).exe
2017-10-28 13:54 - 2017-10-28 13:54 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (10).zip
2017-10-26 12:52 - 2017-10-26 12:52 - 000071825 _____ C:\Users\TheBlackOne666\Downloads\Addition.txt
2017-10-26 12:51 - 2017-10-28 14:04 - 000036197 _____ C:\Users\TheBlackOne666\Downloads\FRST.txt
2017-10-26 12:33 - 2017-10-26 12:34 - 002403328 _____ (Farbar) C:\Users\TheBlackOne666\Downloads\FRST64 (1).exe
2017-10-26 12:19 - 2017-10-26 12:28 - 462033496 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\388.00-notebook-win10-64bit-international-whql (3).exe
2017-10-26 12:19 - 2017-10-26 12:27 - 462033496 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\388.00-notebook-win10-64bit-international-whql (2).exe
2017-10-26 11:42 - 2017-10-26 11:42 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (9).zip
2017-10-26 11:35 - 2017-10-26 11:38 - 000709313 _____ C:\Users\TheBlackOne666\Desktop\regrunlog.txt
2017-10-26 11:35 - 2017-10-26 11:35 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist
2017-10-26 11:20 - 2017-10-26 11:20 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (8).zip
2017-10-26 10:37 - 2017-10-26 10:37 - 000022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2017-10-26 10:37 - 2017-10-26 10:37 - 000003450 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2017-10-26 10:37 - 2017-10-26 10:37 - 000001139 _____ C:\Users\TheBlackOne666\Desktop\SpyHunter.lnk
2017-10-26 10:37 - 2017-10-26 10:37 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-10-26 10:37 - 2017-10-26 10:37 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Enigma Software Group
2017-10-26 10:37 - 2017-10-26 10:37 - 000000000 ____D C:\sh4ldr
2017-10-26 10:34 - 2017-10-26 10:34 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\TheBlackOne666\Downloads\SpyHunter-Installer.exe
2017-10-26 10:31 - 2017-10-26 10:31 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (7).zip
2017-10-26 10:20 - 2017-10-26 10:20 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (6).zip
2017-10-26 09:41 - 2017-10-26 09:41 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (5).zip
2017-10-25 14:54 - 2017-10-25 14:54 - 001091756 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (4).zip
2017-10-24 14:49 - 2017-10-24 14:49 - 001093883 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (3).zip
2017-10-23 17:37 - 2017-10-23 17:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-10-23 17:35 - 2017-10-23 17:35 - 000002142 _____ C:\Users\Public\Desktop\OneKey Recovery.lnk
2017-10-23 17:35 - 2012-06-13 17:10 - 000102376 _____ ("CyberLink) C:\WINDOWS\system32\Drivers\wsvd.sys
2017-10-23 17:34 - 2017-10-23 17:34 - 000003126 _____ C:\WINDOWS\System32\Tasks\NerveCenterUpdate
2017-10-23 17:34 - 2017-10-23 17:34 - 000001240 _____ C:\Users\Public\Desktop\Lenovo Nerve Sense.lnk
2017-10-23 17:34 - 2017-04-28 19:00 - 000046576 _____ (Lenovo(beijing) Limited) C:\WINDOWS\system32\Drivers\FBNetFlt.sys
2017-10-23 17:24 - 2017-10-23 17:24 - 002715432 _____ (Lenovo ) C:\Users\TheBlackOne666\Downloads\LSBSetup (1).exe
2017-10-23 17:23 - 2017-10-23 17:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-10-23 17:23 - 2017-10-23 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-10-23 17:22 - 2017-10-23 17:22 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\LenovoServiceBridge
2017-10-23 17:20 - 2017-10-23 17:20 - 002715432 _____ (Lenovo ) C:\Users\TheBlackOne666\Downloads\LSBSetup.exe
2017-10-23 17:20 - 2017-10-23 17:20 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-10-23 16:55 - 2017-10-23 16:55 - 000000000 ____D C:\NVIDIA
2017-10-23 16:53 - 2017-10-23 16:53 - 000000000 ____D C:\WINDOWS\system32config
2017-10-23 16:32 - 2017-10-23 16:30 - 000189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-10-23 16:29 - 2017-10-23 16:30 - 000000000 ____D C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (2)
2017-10-23 16:29 - 2017-10-23 16:29 - 001093883 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (2).zip
2017-10-23 16:21 - 2017-10-23 16:21 - 001093883 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU (1).zip
2017-10-23 16:21 - 2017-10-23 16:21 - 000000020 ___SH C:\Users\TheBlackOne666\ntuser.ini
2017-10-23 16:19 - 2017-10-23 16:19 - 001093883 _____ C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU.zip
2017-10-23 16:19 - 2017-10-23 16:19 - 000000000 ____D C:\Users\TheBlackOne666\Downloads\[Guru3D.com]-DDU
2017-10-23 15:54 - 2017-10-23 16:01 - 462033496 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\388.00-notebook-win10-64bit-international-whql (1).exe
2017-10-23 15:44 - 2017-10-23 15:44 - 001533172 _____ C:\Users\TheBlackOne666\skrrrt.nfo
2017-10-23 15:38 - 2017-10-23 15:38 - 001533256 _____ C:\Users\TheBlackOne666\yeet.nfo
2017-10-23 15:15 - 2017-10-23 15:15 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-10-23 15:15 - 2017-10-23 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-23 15:14 - 2017-10-23 15:14 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-23 15:12 - 2017-10-23 15:14 - 001852992 _____ (Oracle Corporation) C:\Users\TheBlackOne666\Downloads\JavaSetup8u151.exe
2017-10-23 15:06 - 2017-10-23 15:09 - 028882064 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\PhysX-9.17.0524-SystemSoftware.exe
2017-10-23 14:55 - 2017-10-23 14:59 - 462033496 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\388.00-notebook-win10-64bit-international-whql.exe
2017-10-22 18:48 - 2017-10-22 18:48 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\The Escapists 2.url
2017-10-22 00:56 - 2017-10-22 18:48 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Stick Fight The Game.url
2017-10-21 22:13 - 2017-10-21 22:13 - 000005031 _____ C:\Users\TheBlackOne666\Downloads\FL5tud1o1242licencekeyCrackclgsy.zip
2017-10-21 16:26 - 2017-10-21 16:26 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\FiraxisLive
2017-10-21 14:36 - 2017-10-22 21:04 - 000001238 _____ C:\Users\TheBlackOne666\.lmmsrc.xml
2017-10-21 14:35 - 2017-10-21 14:35 - 000000000 ____D C:\Users\TheBlackOne666\lmms
2017-10-21 14:35 - 2017-10-21 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 1.1.3
2017-10-21 14:35 - 2017-10-21 14:35 - 000000000 ____D C:\Program Files\LMMS
2017-10-21 14:03 - 2017-10-21 14:34 - 031973879 _____ C:\Users\TheBlackOne666\Downloads\lmms-1.1.3-win64.exe
2017-10-21 13:56 - 2017-10-21 13:56 - 012637768 _____ C:\Users\TheBlackOne666\Downloads\Unconfirmed 180014.crdownload
2017-10-21 13:46 - 2017-10-21 13:46 - 079404072 _____ C:\Users\TheBlackOne666\Downloads\Unconfirmed 777125.crdownload
2017-10-20 21:50 - 2017-10-20 21:50 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\com.bluemanchu.CardHunter
2017-10-20 21:46 - 2017-10-20 21:46 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Card Hunter.url
2017-10-20 21:25 - 2017-10-20 21:25 - 000000000 ____D C:\Users\TheBlackOne666\Documents\Brawl of Ages
2017-10-19 18:29 - 2017-10-19 18:29 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Sid Meier's Civilization VI Demo.url
2017-10-19 15:40 - 2017-10-19 15:40 - 000000135 _____ C:\Users\TheBlackOne666\Desktop\Sid Meier's Civilization III Complete.url
2017-10-16 19:53 - 2017-10-26 11:29 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\NTUSERLITELIST.del
2017-10-15 11:53 - 2017-10-15 11:53 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\My Games
2017-10-14 12:01 - 2017-10-14 12:01 - 000001137 _____ C:\Users\TheBlackOne666\Desktop\[PREMIUM]_pact_with_a_witch_v00.05.08-pc - Shortcut.lnk
2017-10-13 15:04 - 2017-10-13 15:04 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-09 12:10 - 2017-10-09 12:10 - 000329384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-09 12:08 - 2017-10-09 12:10 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.ZZ..ZZZZZ.Z
2017-10-09 11:59 - 2017-10-09 12:08 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZ...Z.ZZ..ZZ.ZZ
2017-10-09 11:59 - 2017-10-09 11:59 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Supraball.url
2017-10-09 11:50 - 2017-10-09 11:59 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z.Z..ZZZ.Z.Z
2017-10-09 11:44 - 2017-10-09 11:44 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\LogMeIn
2017-10-09 03:05 - 2017-10-09 03:05 - 000601776 _____ (Microsoft Corporation) C:\Users\TheBlackOne666\Downloads\WMIDiag (4).exe
2017-10-09 02:51 - 2017-10-09 11:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-10-09 02:03 - 2017-10-09 02:03 - 019012622 _____ C:\Users\TheBlackOne666\Downloads\unhackme (1).zip
2017-10-09 02:03 - 2017-10-09 02:03 - 000601776 _____ (Microsoft Corporation) C:\Users\TheBlackOne666\Downloads\WMIDiag (3).exe
2017-10-08 23:29 - 2017-10-08 23:29 - 005717099 _____ C:\Users\TheBlackOne666\Downloads\Unconfirmed 204518.crdownload
2017-10-08 19:56 - 2017-10-08 19:56 - 000000000 ____D C:\Users\TheBlackOne666\AppData\LocalLow\Landfall West
2017-10-08 16:01 - 2017-10-08 16:01 - 000601776 _____ (Microsoft Corporation) C:\Users\TheBlackOne666\Downloads\WMIDiag (2).exe
2017-10-08 15:53 - 2017-10-28 13:52 - 000019570 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-10-08 15:28 - 2017-10-26 11:29 - 000000000 ____D C:\@RestoreQuarantine
2017-10-08 15:15 - 2017-10-28 13:55 - 000000000 ____D C:\ProgramData\RegRun
2017-10-08 15:14 - 2017-10-26 14:03 - 000000000 ____D C:\Users\TheBlackOne666\Documents\RegRun2
2017-10-08 15:14 - 2017-10-26 11:35 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-10-08 15:14 - 2017-10-26 11:22 - 000003424 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-10-08 15:14 - 2017-10-08 15:17 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-10-08 15:14 - 2017-10-08 15:14 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-10-08 15:14 - 2017-10-08 15:14 - 000001083 _____ C:\Users\TheBlackOne666\Desktop\UnHackMe.lnk
2017-10-08 15:14 - 2017-10-08 15:14 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2017-10-08 15:14 - 2017-10-08 15:14 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-10-08 15:14 - 2017-10-08 15:14 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-10-08 15:14 - 2017-10-08 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-10-08 15:14 - 2017-10-05 13:22 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2017-10-08 15:14 - 2017-09-16 00:52 - 000002026 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2017-10-08 15:14 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2017-10-08 15:13 - 2017-10-08 15:14 - 019012622 _____ C:\Users\TheBlackOne666\Downloads\unhackme.zip
2017-10-08 15:12 - 2017-10-08 15:12 - 000601776 _____ (Microsoft Corporation) C:\Users\TheBlackOne666\Downloads\WMIDiag (1).exe
2017-10-08 15:06 - 2017-10-08 15:09 - 456765712 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\385.69-notebook-win10-64bit-international-whql.exe
2017-10-08 14:57 - 2017-10-08 14:59 - 083757104 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\GeForce_Experience_v3.9.0.97 (6).exe
2017-10-08 14:44 - 2017-10-08 14:44 - 006238714 _____ C:\WMIDiag.vbs
2017-10-08 14:44 - 2017-10-08 14:44 - 000601776 _____ (Microsoft Corporation) C:\Users\TheBlackOne666\Downloads\WMIDiag.exe
2017-10-08 14:29 - 2017-10-08 14:30 - 083757104 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\GeForce_Experience_v3.9.0.97 (3).exe
2017-10-08 14:21 - 2017-10-08 14:22 - 083757104 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\GeForce_Experience_v3.9.0.97 (2).exe
2017-10-08 13:06 - 2017-10-08 15:52 - 000000000 ____D C:\Program Files\EASEWARE.del
2017-10-08 13:06 - 2017-10-08 13:06 - 004027152 _____ (Easeware ) C:\Users\TheBlackOne666\Downloads\DriverEasy_Setup.exe
2017-10-08 13:06 - 2017-10-08 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2017-10-07 21:55 - 2017-10-07 21:55 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Castle Crashers.url
2017-10-07 21:54 - 2017-10-07 21:54 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Doki Doki Literature Club.url
2017-10-07 17:38 - 2017-10-07 17:38 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\76561198351505146
2017-10-07 17:37 - 2017-10-07 17:37 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-10-07 17:37 - 2017-10-07 17:37 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-10-07 17:37 - 2017-10-07 17:37 - 000122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-10-07 17:37 - 2017-10-07 17:37 - 000109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-10-07 17:37 - 2017-10-07 17:37 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-10-07 17:33 - 2017-10-07 17:33 - 000000000 ____D C:\9b69bd12ec25e9c340230a20
2017-10-07 15:26 - 2017-10-07 15:28 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\EasyAntiCheat
2017-10-06 19:36 - 2017-10-06 19:36 - 083757104 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\GeForce_Experience_v3.9.0.97 (1).exe
2017-10-06 19:23 - 2017-10-06 19:25 - 083757104 _____ (NVIDIA Corporation) C:\Users\TheBlackOne666\Downloads\GeForce_Experience_v3.9.0.97.exe
2017-10-06 18:41 - 2017-10-06 18:41 - 000001631 _____ C:\Users\TheBlackOne666\Downloads\typingsound.plugin.js
2017-10-06 02:21 - 2017-10-06 02:21 - 000000000 ___HD C:\$SysReset
2017-10-06 02:21 - 2017-10-06 02:21 - 000000000 ____D C:\$WINDOWS.~BT
2017-10-05 21:34 - 2017-10-05 21:34 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\TheBlackOne666\Downloads\rkill (11).exe
2017-10-01 18:04 - 2017-10-01 18:05 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2017-10-01 17:37 - 2017-10-01 17:37 - 000000242 _____ C:\Users\TheBlackOne666\Desktop\Rust.url
2017-10-01 14:20 - 2017-10-01 14:20 - 000463059 _____ C:\Users\TheBlackOne666\Downloads\Sumotori_Full___Setup.exe
2017-10-01 14:20 - 2017-10-01 14:20 - 000002271 _____ C:\Users\TheBlackOne666\Desktop\sumofull.lnk
2017-10-01 14:20 - 2017-10-01 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Full Version
2017-10-01 14:20 - 2017-10-01 14:20 - 000000000 ____D C:\Program Files (x86)\gravitysensation.com
2017-09-30 12:16 - 2017-09-30 12:16 - 000000000 ____D C:\WINDOWS\Panther
2017-09-30 02:36 - 2017-09-30 02:36 - 000945684 _____ C:\Users\TheBlackOne666\Downloads\ScriptHookV_1.0.1180.2.zip
2017-09-30 00:20 - 2017-09-30 00:20 - 000132609 _____ (Alexander Blade) C:\Users\TheBlackOne666\Downloads\dsound (1).dll
2017-09-29 23:59 - 2017-09-29 23:59 - 000132609 _____ (Alexander Blade) C:\Users\TheBlackOne666\Downloads\dsound.dll
2017-09-29 23:57 - 2017-09-29 23:57 - 008604592 _____ (Yousician ) C:\Users\TheBlackOne666\Downloads\YousicianSetup (7).exe
2017-09-29 19:41 - 2017-09-29 19:41 - 008604592 _____ (Yousician ) C:\Users\TheBlackOne666\Downloads\YousicianSetup (6).exe
2017-09-29 17:21 - 2017-09-29 17:21 - 008604592 _____ (Yousician ) C:\Users\TheBlackOne666\Downloads\YousicianSetup (5).exe
2017-09-29 17:14 - 2017-09-29 17:14 - 008604592 _____ (Yousician ) C:\Users\TheBlackOne666\Downloads\YousicianSetup (4).exe
2017-09-29 17:04 - 2017-09-29 17:04 - 008604592 _____ (Yousician ) C:\Users\TheBlackOne666\Downloads\YousicianSetup (3).exe
2017-09-29 15:16 - 2017-10-28 14:02 - 000000000 ____D C:\Program Files\rempl
2017-09-29 15:12 - 2017-09-29 15:13 - 008604592 _____ (Yousician ) C:\Users\TheBlackOne666\Downloads\YousicianSetup (2).exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-28 14:04 - 2017-09-16 16:03 - 000000000 ____D C:\FRST
2017-10-28 14:04 - 2017-06-16 04:36 - 000091053 _____ C:\WINDOWS\ZAM.krnl.trace
2017-10-28 14:04 - 2017-06-16 04:36 - 000061274 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-28 14:03 - 2017-09-16 15:28 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-10-28 13:58 - 2017-06-04 05:20 - 000222864 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-10-28 13:58 - 2015-11-03 15:28 - 000005806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-28 13:55 - 2017-07-28 12:11 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\LogMeIn Hamachi
2017-10-28 13:53 - 2017-08-04 17:30 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\Overwolf
2017-10-28 13:53 - 2017-07-25 18:30 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\discord
2017-10-28 13:53 - 2017-06-04 17:33 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Twitch
2017-10-28 13:53 - 2017-06-04 05:31 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-28 13:53 - 2017-06-04 02:33 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Spotify
2017-10-28 13:53 - 2017-06-04 02:33 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\Spotify
2017-10-28 13:53 - 2017-01-07 00:36 - 000000000 __SHD C:\Users\TheBlackOne666\IntelGraphicsProfiles
2017-10-28 13:52 - 2017-06-04 01:49 - 000000000 ____D C:\Users\TheBlackOne666
2017-10-28 13:52 - 2017-06-04 01:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-28 13:52 - 2017-06-04 01:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-26 11:30 - 2017-09-23 20:49 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\BetterDiscord
2017-10-26 11:29 - 2017-06-04 05:26 - 020447232 _____ C:\WINDOWS\system32\config\HARDWARE
2017-10-26 11:29 - 2017-06-04 05:26 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-26 11:13 - 2017-06-04 05:31 - 000000000 ____D C:\WINDOWS\rescache
2017-10-26 10:37 - 2017-06-13 23:32 - 000000000 ____D C:\Program Files\Enigma Software Group
2017-10-25 14:59 - 2017-06-04 05:31 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-23 17:37 - 2017-06-04 05:30 - 000000000 ____D C:\WINDOWS\INF
2017-10-23 17:37 - 2017-06-04 01:39 - 000000000 ____D C:\Program Files\Intel
2017-10-23 17:35 - 2016-07-12 16:18 - 000000000 ____D C:\Program Files\Lenovo
2017-10-23 17:35 - 2016-07-12 16:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-10-23 17:34 - 2016-07-12 16:27 - 000000000 ____D C:\ProgramData\Lenovo
2017-10-23 17:34 - 2016-07-12 16:09 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-23 17:23 - 2017-06-05 22:55 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\CrashDumps
2017-10-23 17:23 - 2017-06-04 04:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-10-23 17:23 - 2016-07-12 16:10 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-10-23 16:20 - 2017-06-04 05:31 - 000000000 ____D C:\WINDOWS\Help
2017-10-23 16:20 - 2017-06-04 02:28 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\NVIDIA Corporation
2017-10-23 15:47 - 2017-06-17 14:07 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\Ubisoft Game Launcher
2017-10-23 15:15 - 2017-06-04 04:14 - 000000000 ____D C:\ProgramData\Oracle
2017-10-23 14:44 - 2017-06-28 06:54 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-23 14:44 - 2017-01-09 23:19 - 001523969 ____N C:\WINDOWS\Minidump\102317-6687-01.dmp
2017-10-22 18:48 - 2017-06-04 04:11 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-10-22 15:05 - 2017-01-09 23:19 - 001546441 ____N C:\WINDOWS\Minidump\102217-7078-01.dmp
2017-10-21 16:26 - 2017-01-07 12:53 - 000000000 ____D C:\Users\TheBlackOne666\Documents\My Games
2017-10-21 11:26 - 2017-01-09 23:19 - 001529601 ____N C:\WINDOWS\Minidump\102117-5937-01.dmp
2017-10-20 17:38 - 2017-01-09 23:19 - 001548489 ____N C:\WINDOWS\Minidump\102017-5828-01.dmp
2017-10-18 21:32 - 2017-06-04 02:28 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Local\Packages
2017-10-18 19:24 - 2017-06-04 05:27 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-10-17 14:55 - 2017-06-04 05:26 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-17 14:52 - 2017-01-09 23:19 - 001540353 ____N C:\WINDOWS\Minidump\101717-5640-01.dmp
2017-10-16 14:58 - 2017-01-09 23:19 - 001533129 ____N C:\WINDOWS\Minidump\101617-6484-01.dmp
2017-10-15 13:44 - 2017-06-04 17:54 - 000001298 _____ C:\Users\TheBlackOne666\Desktop\nativelog.txt
2017-10-15 13:43 - 2017-06-04 05:41 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\.minecraft
2017-10-15 10:31 - 2017-06-04 05:31 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-13 15:07 - 2017-06-04 04:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-13 15:04 - 2017-06-04 04:59 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-12 18:27 - 2017-06-04 05:32 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 18:27 - 2017-06-04 05:32 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-08 15:53 - 2017-08-12 16:21 - 000000000 ____D C:\Program Files (x86)\ANONYMIZERGADGET.del
2017-10-08 15:53 - 2017-06-04 01:50 - 000000000 ____D C:\Users\defaultuser0
2017-10-08 15:52 - 2017-09-16 12:50 - 000000000 ____D C:\Program Files\REIMAGE.del
2017-10-08 15:52 - 2017-09-02 18:30 - 000000000 ____D C:\Program Files (x86)\NCH SOFTWARE.del
2017-10-08 15:52 - 2017-08-12 16:23 - 000000000 ____D C:\Program Files (x86)\MICROLEAVES.del
2017-10-08 15:52 - 2017-08-12 16:20 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\AGData
2017-10-08 15:46 - 2017-08-25 15:19 - 000000000 ____D C:\Users\TheBlackOne666\Compiler
2017-10-08 15:27 - 2017-09-16 12:50 - 000000131 _____ C:\WINDOWS\REIMAGE.del
2017-10-08 15:01 - 2017-06-22 18:30 - 019607440 _____ (Rockstar Games.) C:\Users\TheBlackOne666\Downloads\GTA_V_Launcher_1_0_877_1.exe
2017-10-07 17:38 - 2017-02-18 21:33 - 000000000 ____D C:\Users\TheBlackOne666\Documents\Square Enix
2017-10-07 11:41 - 2017-07-28 14:06 - 000000000 ____D C:\Users\TheBlackOne666\Desktop\Starbound.v1.3.2.Cracked-3DM
2017-10-07 11:37 - 2017-09-16 12:50 - 000001991 _____ C:\Users\Public\Desktop\PCSCAN~1.del
2017-10-06 19:31 - 2017-09-16 19:43 - 016563352 _____ (Malwarebytes Corp.) C:\Users\TheBlackOne666\Downloads\mbar-1.09.3.1001 (1).exe
2017-10-06 17:07 - 2017-09-26 18:22 - 000000000 ____D C:\Users\TheBlackOne666\AppData\Roaming\Yousician Launcher
2017-10-06 02:26 - 2017-06-04 05:31 - 000000000 ____D C:\WINDOWS\System
2017-10-05 21:35 - 2017-06-16 04:20 - 000004392 _____ C:\Users\TheBlackOne666\Desktop\Rkill.txt
2017-10-03 15:50 - 2017-07-29 01:34 - 000000000 ____D C:\Program Files\Dying Light The Following  Enhanced Edition
2017-09-30 15:59 - 2017-09-26 18:05 - 000000000 ____D C:\Users\TheBlackOne666\Desktop\csgo
2017-09-29 22:21 - 2017-08-12 17:33 - 000000000 ____D C:\Users\TheBlackOne666\Documents\KillerVoices
 
==================== Files in the root of some directories =======
 
2017-06-04 04:19 - 2017-06-04 04:19 - 007649280 _____ () C:\Program Files (x86)\GUTE702.tmp
2017-07-27 22:26 - 2017-09-08 17:21 - 000000267 _____ () C:\Users\TheBlackOne666\AppData\Roaming\WB.CFG
2017-06-04 01:40 - 2017-06-04 01:40 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-04 01:40 - 2017-06-04 01:40 - 000000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-07-29 11:40 - 2017-07-29 11:40 - 000000016 _____ () C:\ProgramData\mntemp
 
Files to move or delete:
====================
C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmavefo.exe
C:\Users\TheBlackOne666\AU3_Spy.exe
C:\Users\TheBlackOne666\AutoHotkeyA32.exe
C:\Users\TheBlackOne666\AutoHotkeyU32.exe
C:\Users\TheBlackOne666\AutoHotkeyU64.exe
C:\Users\TheBlackOne666\setup.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\mouyhgqk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-10-26 10:56
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by TheBlackOne666 (28-10-2017 14:05:06)
Running from C:\Users\TheBlackOne666\Downloads
Windows 10 Home Version 1607 14393.1715 (X64) (2017-06-04 05:57:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4145652378-410873519-1374146128-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4145652378-410873519-1374146128-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4145652378-410873519-1374146128-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4145652378-410873519-1374146128-501 - Limited - Disabled)
TheBlackOne666 (S-1-5-21-4145652378-410873519-1374146128-1001 - Administrator - Enabled) => C:\Users\TheBlackOne666
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Disabled - Out of date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.252 - Alps Electric)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 0.0.150995208.39331752 - Audible, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Chromium (HKLM-x32\...\{F2AF1A6F-A22F-CBEF-13AF-BB6FC32F68EF}) (Version:  - )
Discord (HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.2.30 - Dolby Laboratories, Inc.)
Driver Easy 5.5.3 (HKLM\...\DriverEasy_is1) (Version: 5.5.3 - Easeware)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.8 - Emsisoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4364 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7830A022-4C4C-4776-B1BA-220D75FCB9D4}) (Version: 18.1.1538.2273 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
KB4023057 (HKLM\...\{B977A833-7734-41A5-B820-1F23D81DC87B}) (Version: 2.6.0.0 - Microsoft Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.7 - Lenovo)
Lenovo Solution Center (HKLM\...\{E442BFFD-8406-4C6D-BE7E-0CF6E61EE363}) (Version: 3.2.004.00 - Lenovo)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{AFAB079C-C258-4308-AF8A-C541FE38D7DE}) (Version: 3.3.00.158 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{AFAB079C-C258-4308-AF8A-C541FE38D7DE}) (Version: 3.3.00.158 - O2Micro International LTD.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.329.0 - Overwolf Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7780 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
Spotify (HKU\S-1-5-21-4145652378-410873519-1374146128-1001\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.28.5.4848 - Enigma Software Group, LLC)
Stagelight (HKLM\...\Stagelight) (Version: 2.0.0.5045 - Open Labs, LLC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 4.08 - NCH Software)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
UnHackMe 9.30 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Uplay (HKLM-x32\...\Uplay) (Version: 36.0 - Ubisoft)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.12 - NCH Software)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Yousician Launcher version 1.0 (HKLM-x32\...\{EF45EAE9-523E-47C3-8634-A81923B11DD5}_is1) (Version: 1.0 - Yousician)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4145652378-410873519-1374146128-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\TheBlackOne666\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145652378-410873519-1374146128-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\TheBlackOne666\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145652378-410873519-1374146128-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\TheBlackOne666\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-16] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\TheBlackOne666\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxDTCM.dll [2017-01-04] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-16] ()
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06EB2667-E952-4C10-9AB7-539FFEC4D505} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-10-05] (Greatis Software)
Task: {07B64F1F-E2DC-4A69-AF3A-049B0A1456FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {084114A3-D0B6-41ED-A1B6-C1EB7EF77418} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {0D83DFDC-331C-402E-92D4-1AE981AA0EEE} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-4145652378-410873519-1374146128-1001 => C:\Users\TheBlackOne666\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-10-10] (Lenovo Group Limited)
Task: {15AB444E-B9E5-41FD-95DE-4EEF0FCB0786} - System32\Tasks\13ba1d2cf640ae14d02774261598e1e6 => sc start 13ba1d2cf640ae14d02774261598e1e6 <==== ATTENTION
Task: {1AB13739-C201-4737-9F3D-AEB6F9FBC630} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {1B83B24B-2DB5-47D4-B784-045FBCDA8A3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {1E81B459-3D01-4E44-8B0D-73C7B67C7C3E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {39351AF8-76AA-4622-94B8-F49F632C5DB4} - \Lenovo\REACHit Agent Update -> No File <==== ATTENTION
Task: {4350AAD5-E794-4AA8-AF67-03B97E7DAEF6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-25] (Overwolf LTD)
Task: {476B86DD-39FD-47DD-ACCA-15E94783811B} - \PDVDServ12 Task -> No File <==== ATTENTION
Task: {4E3B44C3-FD6A-4568-B371-6A0A480B3C80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {4F0F7FCE-F92D-43F9-83F3-021A46FC6C48} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8d152dab-8fcf-447a-a946-2d83b4ebeb38 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {4FB4F08F-C738-4238-AF9B-D6A2E5B923A7} - \Lenovo\REACHit Agent Startup -> No File <==== ATTENTION
Task: {58ABEB59-07D8-4926-9A58-7D94602F92A2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {81C366A0-2EE5-47E9-9018-CD471C6E8411} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {87B59BD6-D2D4-42C5-8883-4888D673C942} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {87D4AC01-DE5F-4466-9C2E-994F0BD30D93} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [2017-04-28] (Lenovo(beijing) Limited)
Task: {89F81EB6-0EAC-48F4-ABEF-CF5D1327286A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-10-26] (Enigma Software Group USA, LLC.)
Task: {A28899B9-82D8-4132-A1D4-7EF9EB2718EA} - \Lenovo\LSC\Lenovo Solution Center Notifications -> No File <==== ATTENTION
Task: {B517AE31-735B-4B35-A744-40A17CB87546} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask -> No File <==== ATTENTION
Task: {BC124A6B-0BA7-4ABC-9D43-6B5E93F91A2F} - \Lenovo\Lenovo Solution Center Launcher -> No File <==== ATTENTION
Task: {C2A78559-234C-44FF-9418-7A1A7A837DD5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dbfda208-d45c-4d7d-b62a-224a4b45e30c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {C5A3A84D-968E-418C-9433-4EE8DCB2A1EF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\15b39c11-576f-4fa2-84e7-67c11335ecff => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {D0EEDEE0-0AC9-4AB8-A44A-988D12CF4E1A} - System32\Tasks\3000a257a5c69611f6ca0280dbcc4d1f => sc start 3000a257a5c69611f6ca0280dbcc4d1f <==== ATTENTION
Task: {D27E819B-783A-4F42-9B29-21BA48CE9B65} - \Lenovo\LSC\LSCHardwareScan -> No File <==== ATTENTION
Task: {D9E2A62A-3817-4385-83C6-E6ED1A57F1D4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dba42a63-f828-4300-a5ee-2348e27dfd2b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {DA626806-D30F-44BA-A8B1-60D53CF9D933} - \Microsoft\Windows\PLA\LSC Memory -> No File <==== ATTENTION
Task: {E8B7969D-EFB5-4C44-8389-4F60551F6B62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-04] (Google Inc.)
Task: {EAB14CBA-82B5-4F08-A256-F665F507E2F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-04] (Google Inc.)
Task: {FA5DE99B-01C5-4E32-A875-D9756E7CEEAB} - \Lenovo\Lenovo Customer Feedback Program 64 35 -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\TheBlackOne666\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
 
ShortcutWithArgument: C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AirConsole.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gcemmcchdnfglceoahefndkebdciajhi
ShortcutWithArgument: C:\Users\TheBlackOne666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AllCast Receiver.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hjbljnpdahefgnopeohlaeohgkiidnoe
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-14 21:49 - 2017-09-07 02:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-28 11:52 - 2017-07-28 11:53 - 000075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-01-27 05:04 - 2016-01-27 05:04 - 000163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-10-23 17:34 - 2017-04-28 19:08 - 000141664 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\Xmlparser.dll
2017-09-16 15:54 - 2017-09-16 15:54 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-08-12 16:23 - 2017-08-12 16:23 - 002793472 ____N () C:\WINDOWS\SYSTEM32\MSVSPKD.EXE
2017-01-02 02:43 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 15:07 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 15:08 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 15:08 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 15:08 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-09-14 22:00 - 2017-09-07 00:53 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-09-14 21:49 - 2017-09-07 00:53 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-14 21:49 - 2017-09-07 00:59 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-25 14:51 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 14:51 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2015-09-22 23:40 - 2015-09-22 23:40 - 000628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2017-10-23 17:34 - 2017-04-28 19:08 - 000755040 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\resPic.dll
2017-10-26 11:35 - 2017-10-26 11:35 - 000936960 _____ () C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmavefo.exe
2017-05-09 18:51 - 2017-05-09 18:51 - 000028016 _____ () C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
2017-08-22 14:58 - 2017-08-22 14:58 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 14:58 - 2017-08-22 14:58 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 14:58 - 2017-08-22 14:58 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 14:58 - 2017-08-22 14:58 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-03-31 18:53 - 2016-03-31 18:53 - 000158776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2017-10-26 11:35 - 2017-10-26 11:35 - 001087488 _____ () C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\vmaybkd.exe
2017-08-11 17:26 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-12 14:43 - 2017-08-12 14:43 - 001577976 _____ () \\?\C:\Users\TheBlackOne666\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-09-23 23:16 - 2017-09-23 23:16 - 001403384 _____ () \\?\C:\Users\TheBlackOne666\AppData\Roaming\discord\0.0.298\modules\discord_overlay\discord_overlay.node
2017-07-15 00:58 - 2017-09-09 15:25 - 000688416 _____ () C:\Program Files (x86)\Steam\graphics\New folder\SDL2.dll
2017-07-15 00:57 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\graphics\New folder\v8.dll
2017-07-15 00:57 - 2017-10-25 01:00 - 002546976 _____ () C:\Program Files (x86)\Steam\graphics\New folder\video.dll
2017-07-15 00:57 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\graphics\New folder\icui18n.dll
2017-07-15 00:57 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\graphics\New folder\icuuc.dll
2017-07-15 00:57 - 2016-01-27 03:49 - 002549760 _____ () C:\Program Files (x86)\Steam\graphics\New folder\libavcodec-56.dll
2017-07-15 00:57 - 2016-01-27 03:49 - 000491008 _____ () C:\Program Files (x86)\Steam\graphics\New folder\libavformat-56.dll
2017-07-15 00:57 - 2016-01-27 03:49 - 000332800 _____ () C:\Program Files (x86)\Steam\graphics\New folder\libavresample-2.dll
2017-07-15 00:57 - 2016-01-27 03:49 - 000442880 _____ () C:\Program Files (x86)\Steam\graphics\New folder\libavutil-54.dll
2017-07-15 00:57 - 2016-01-27 03:49 - 000485888 _____ () C:\Program Files (x86)\Steam\graphics\New folder\libswscale-3.dll
2017-07-15 00:58 - 2017-10-25 01:00 - 000901408 _____ () C:\Program Files (x86)\Steam\graphics\New folder\bin\chromehtml.DLL
2017-07-15 00:57 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\graphics\New folder\openvr_api.dll
2017-08-11 17:26 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-11 17:26 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-07-15 00:58 - 2017-08-16 18:28 - 073130272 _____ () C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\libcef.dll
2017-07-15 00:58 - 2017-09-06 22:04 - 000678400 _____ () C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\SDL2.dll
2017-07-15 00:57 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\graphics\New folder\winh264.dll
2017-08-12 14:43 - 2017-10-05 21:21 - 009722360 _____ () \\?\C:\Users\TheBlackOne666\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-12 14:43 - 2017-08-12 14:43 - 001440248 _____ () \\?\C:\Users\TheBlackOne666\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-23 20:49 - 2017-09-23 20:49 - 000148992 _____ () \\?\C:\Users\TheBlackOne666\AppData\Local\Discord\app-0.0.298\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-08-12 14:43 - 2017-08-12 14:43 - 002658296 _____ () \\?\C:\Users\TheBlackOne666\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-12 14:44 - 2017-08-12 14:44 - 002673656 _____ () \\?\C:\Users\TheBlackOne666\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-06-04 02:33 - 2017-10-25 14:52 - 068211824 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Spotify\libcef.dll
2017-06-04 02:33 - 2017-10-25 14:52 - 003110512 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Spotify\libglesv2.dll
2017-06-04 02:33 - 2017-10-25 14:52 - 000087152 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Spotify\libegl.dll
2017-07-25 14:48 - 2017-07-25 14:48 - 068887880 _____ () C:\Program Files (x86)\Overwolf\0.105.329.0\libcef.DLL
2016-04-05 11:57 - 2016-04-05 11:57 - 000393608 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\opus.dll
2017-06-01 21:31 - 2017-10-16 14:59 - 000535872 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Curse.Presto.Interface.dll
2017-04-10 16:08 - 2017-04-10 16:08 - 001950528 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\ffmpeg.dll
2017-04-10 16:08 - 2017-04-10 16:08 - 002270528 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\libglesv2.dll
2017-04-10 16:08 - 2017-04-10 16:08 - 000088384 _____ () C:\Users\TheBlackOne666\AppData\Roaming\Twitch\Bin\Electron\libegl.dll
2016-07-12 16:18 - 2015-02-12 19:02 - 000224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2017-10-26 11:35 - 2017-10-26 11:35 - 053460480 _____ () C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\libcef.dll
2017-10-26 11:35 - 2017-10-26 11:35 - 001976832 _____ () C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\libglesv2.dll
2017-10-26 11:35 - 2017-10-26 11:35 - 000075264 _____ () C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\libegl.dll
2017-10-26 11:35 - 2017-10-26 11:35 - 017599640 _____ () C:\Users\TheBlackOne666\AppData\Local\ntuserlitelist\vmavefo\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z.Z..ZZZ.Z.Z:1 [898]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.ZZ..ZZZZZ.Z:1 [898]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ...Z.ZZ..ZZ.ZZ:1 [898]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2017-10-26 11:21 - 000003586 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 hao123.com
0.0.0.0 internetquickaccess.com
0.0.0.0 mypcbackup.com
0.0.0.0 12kotov.ru
0.0.0.0 hao.169x.cn
0.0.0.0 launchpage.org
0.0.0.0 onclkds.com
0.0.0.0 pcopysy.ru
0.0.0.0 ucozucoznet.ucoz.net
0.0.0.0 workno.ru
0.0.0.0 xvidvideocodecs.com
0.0.0.0 traffic-media.co
0.0.0.0 ladomainadeserver.com
0.0.0.0 laserveradedomaina.com
0.0.0.0 roastfiles2017.com
0.0.0.0 adsrvr.org
0.0.0.0 advertising.com
0.0.0.0 asedownloadgate.com
0.0.0.0 backupcdn.com
0.0.0.0 d3jx96othz2l8y.cloudfront.net
0.0.0.0 directdownloader.com
0.0.0.0 exelator.com
0.0.0.0 krxd.net
0.0.0.0 notatolol2.com
0.0.0.0 reimageplus.com
0.0.0.0 systemhealerhost.net
0.0.0.0 technologievimy.com
0.0.0.0 tremorhub.com
0.0.0.0 yeawindows.com
0.0.0.0 altocloudmedia.com
 
There are 79 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4145652378-410873519-1374146128-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TheBlackOne666\Pictures\rick_and_morty_by_brunoces-dashqtj.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E1537222-2FA7-441F-9C77-70E557830512}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{09DB918E-7242-4707-983F-F889AE58E381}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{146A05A6-D037-4A76-9B9F-DF75A16849EF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{69E93197-975D-4F57-8E81-085426438D72}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4D17B9FB-3307-4A95-8640-E1188BB69006}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{BC796134-5598-474F-ACD8-908A4773FBF3}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{4A6A0A8E-C204-41E3-A804-91B22D36AE9F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A9F0E76A-B459-4C10-B484-DBB23422EB69}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CA4C3097-7C8F-4DD9-8EF8-4D8FDED448F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{52EFE5FC-8BEA-4DA5-83E2-75D7B80CEE1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{AE479282-45A8-4EA1-B580-FB1AA523C68E}C:\users\theblackone666\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\theblackone666\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1161D85C-76E7-4095-904F-B5967E32CB06}C:\users\theblackone666\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\theblackone666\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4FCE313B-8778-471E-87E7-C72F4BA1B797}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{6DC3AA4D-E0E6-4785-BF5E-58BCEDADF9EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{DC7E2C7B-A7FF-42EC-BC62-C652AB0F9219}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7B4444E9-C26D-4410-8FBB-14814986ECC4}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{AB53E410-33B3-42DF-863E-D0C4AFF7E6D6}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{93523B0E-3D6C-421A-A321-67271E72946D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{30C26300-5C76-48DD-BFF2-1F4DA66E8AB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{8782D419-853A-4B68-BF0B-8F235FC6D44B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{57D05F6D-16D6-4A45-9A96-54FD75B64507}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{A2485729-9746-4D81-AA89-E9CAE1F444C6}C:\users\theblackone666\desktop\orwell.v1.0.6180.31751\orwell.exe] => (Allow) C:\users\theblackone666\desktop\orwell.v1.0.6180.31751\orwell.exe
FirewallRules: [UDP Query User{7492D2C0-ACF4-498B-9192-5F3D8E21FDA5}C:\users\theblackone666\desktop\orwell.v1.0.6180.31751\orwell.exe] => (Allow) C:\users\theblackone666\desktop\orwell.v1.0.6180.31751\orwell.exe
FirewallRules: [TCP Query User{6B40C448-C89D-449F-AEA2-7BC5980FB872}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{59F260C0-D617-412B-99B2-5047816A8662}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{81551C5F-FE62-46B0-8664-12C0094D0C2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{77B0D478-4599-42F3-AF2D-B6E1C681B93B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [TCP Query User{F662E302-7B80-4309-A4E1-3F26B6F63362}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{78D38ADA-D9FD-4666-A63A-0FE2FA222710}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{67574448-AC34-4C18-A3D7-7B526247FCA9}C:\users\theblackone666\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\theblackone666\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{096D73FD-5243-4A0F-AEB0-324248FB0843}C:\users\theblackone666\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\theblackone666\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63724410-0BF1-461D-891E-C33AF90D17C8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7D5439B9-1005-42E9-8402-71DC7FA032A6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A6DDFB41-1DD4-4E74-AD52-D3335CFBB1C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2EBE2AEE-12D7-499C-AD4E-9B5309BE8D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EBD25FB5-4DC7-48C3-ABE5-C59FC425C0B5}] => (Allow) D:\gayyyy\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F351AA6E-8FBE-401B-8B87-B0064A07929B}] => (Allow) D:\gayyyy\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{23192C0B-595D-41F2-8A6F-4CCA06B4DAD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4E56D32A-C757-40C4-B5A5-877EDE927A56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{B45E12B1-5850-4C15-A98F-C98BB2E68B81}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{B027A09E-EDFC-4BC4-9158-544EA19BF2CF}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C3BA2954-C6E1-4DC1-8E33-299B15CF1561}] => (Allow) E:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{79A77A71-15A0-4D20-B610-55AD7CFB829C}] => (Allow) E:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{E76B2F68-700F-4D32-911B-70FC051FB568}] => (Allow) C:\Users\TheBlackOne666\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EEAD9525-64A7-497F-B21E-BA3645B78A94}] => (Allow) C:\Users\TheBlackOne666\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F25C89AB-5DB8-40C1-A718-F81343614FEA}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{705CD6EA-659D-49F4-8377-9375A7BE872D}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{BDE01A2A-4E65-4855-93DD-91D8376FD057}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{91C4581A-C8C9-4CA2-BC3F-8B39FA75B8D6}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{E94C2A68-7EFE-46DD-940A-FF453C854AE3}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\Steam.exe
FirewallRules: [{A7B01B2B-77F3-49E7-A6B6-3415FFB0C9BF}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\Steam.exe
FirewallRules: [{CCB24D99-6639-495F-836D-1F3CE7506CF9}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E8FB7653-2FB5-41D7-B8A8-8924ED21603C}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{E6A60FBA-2AE3-4513-98BD-179E8501F512}D:\gayyyy\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\gayyyy\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{5CF70E02-3DD5-432C-B2D8-CE82D990F619}D:\gayyyy\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\gayyyy\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{6F7A224F-428C-4954-AF43-AE661B5F7810}C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{1F62D3B7-9ADC-4B68-AA79-8034AC9F5795}C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C16511EA-EC7A-46CD-BA4D-C1AB55385D24}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FF8C0508-C373-4803-8545-7B17BBAA389C}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CF901509-A210-4293-84E0-18632F0B3717}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{8F832E6B-1FE0-4850-9198-7CDCDB20628B}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{BCD4862A-48FC-4B2E-A07B-24208503FF8A}C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{2B7E0AA5-FA77-4EA9-837C-0D84F61A86E0}C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{66DCC8E8-7051-4621-A223-8DFA10067171}C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{2A3C82B5-C7D0-4683-AD7B-484BA0FCE795}C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{51A36799-1CB4-46A9-BF5D-78A19E02DEA6}C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{B6C96233-F87F-4F6D-9FC6-A15929B4E1E6}C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{F7DC7D98-20BA-4669-8835-9258F599F581}C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{CE27F398-B0AA-42F8-A71C-9D823BF7EB9A}C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{03F09FFB-94D1-4142-A496-6EECEB3658D4}] => (Allow) C:\Users\TheBlackOne666\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{D3763B5C-565A-4EB9-8135-B88EC3BE0B08}C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{5932EB68-E1F5-4F35-B309-2BBEB12B6EFF}C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{598589BF-37FF-4867-990A-19B3453322BD}C:\program files (x86)\steam\graphics\new folder\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{7CD6AEAF-8936-41D2-9ACB-D011FB6054A7}C:\program files (x86)\steam\graphics\new folder\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{4AE9C8AC-CA2F-4EB7-B67D-FA90501FB7E0}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E605E3A8-E851-4474-86C4-85D7CA76BF2E}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{8AF0B154-38EA-42FC-8CC2-3759FDC29076}C:\program files (x86)\starbound\win32\starbound.exe] => (Allow) C:\program files (x86)\starbound\win32\starbound.exe
FirewallRules: [UDP Query User{0BB1C854-93E9-43A8-A7B2-211B67246145}C:\program files (x86)\starbound\win32\starbound.exe] => (Allow) C:\program files (x86)\starbound\win32\starbound.exe
FirewallRules: [TCP Query User{1A1DB33A-0824-4397-A989-1AB7BEF175C5}C:\users\theblackone666\desktop\starbound\win32\starbound.exe] => (Allow) C:\users\theblackone666\desktop\starbound\win32\starbound.exe
FirewallRules: [UDP Query User{B402F293-F208-4BA7-9F3B-7BAA620BD5A5}C:\users\theblackone666\desktop\starbound\win32\starbound.exe] => (Allow) C:\users\theblackone666\desktop\starbound\win32\starbound.exe
FirewallRules: [{F4DCBD5C-0D1E-4B5F-BFD3-ACF959DD0E42}] => (Allow) D:\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{4FF3EC2D-726D-4668-B900-3B77E0C4BE59}] => (Allow) D:\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{C401CD5B-511E-4B44-A27B-518F5FA13880}] => (Allow) D:\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{9FACB8B4-3D54-4DA8-99D4-4FA65DD80E52}] => (Allow) D:\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{4FACA77D-05C4-4AB7-965B-8DEB5DF7E25F}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{C120FAFE-C1F2-4C81-A08D-7AFF5AA6CCFE}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{AA5AE08C-6527-4485-A53E-9BA64BB6B06F}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{CD7204A0-EA69-45D1-AB2F-0F9CBEBCD6DB}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [TCP Query User{D3DC067F-EDE8-4D27-B241-059BFD5A3272}C:\users\theblackone666\desktop\starbound\win64\starbound_server.exe] => (Allow) C:\users\theblackone666\desktop\starbound\win64\starbound_server.exe
FirewallRules: [UDP Query User{544BAA12-3990-4CFB-AA2F-23CD779D3845}C:\users\theblackone666\desktop\starbound\win64\starbound_server.exe] => (Allow) C:\users\theblackone666\desktop\starbound\win64\starbound_server.exe
FirewallRules: [TCP Query User{218F8E11-8F0E-4E8A-B6B1-C2F512FB9D48}C:\users\theblackone666\desktop\wagamama.high.spec\skidrowgamesreloaded.com\wagamamahighspec.exe] => (Block) C:\users\theblackone666\desktop\wagamama.high.spec\skidrowgamesreloaded.com\wagamamahighspec.exe
FirewallRules: [UDP Query User{98DEC759-A83F-4035-8ED9-BFDECD99D2D8}C:\users\theblackone666\desktop\wagamama.high.spec\skidrowgamesreloaded.com\wagamamahighspec.exe] => (Block) C:\users\theblackone666\desktop\wagamama.high.spec\skidrowgamesreloaded.com\wagamamahighspec.exe
FirewallRules: [TCP Query User{51DAB03A-A63D-45C3-906A-46A8CC6CD8F8}C:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe
FirewallRules: [UDP Query User{5DCD5191-D0B8-404F-A7C7-059C69D5B55B}C:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe
FirewallRules: [TCP Query User{83AC3CE3-DC90-436A-BD79-F794EE822974}C:\users\theblackone666\desktop\starbound.v1.3.2.cracked-3dm\skidrowgamesreloaded.com\win64\starbound.exe] => (Allow) C:\users\theblackone666\desktop\starbound.v1.3.2.cracked-3dm\skidrowgamesreloaded.com\win64\starbound.exe
FirewallRules: [UDP Query User{11783BAA-CC94-4A60-AE1F-F63DA8D1BC89}C:\users\theblackone666\desktop\starbound.v1.3.2.cracked-3dm\skidrowgamesreloaded.com\win64\starbound.exe] => (Allow) C:\users\theblackone666\desktop\starbound.v1.3.2.cracked-3dm\skidrowgamesreloaded.com\win64\starbound.exe
FirewallRules: [{64E577A0-9E03-4E98-890A-CD48C123DE34}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{D3FA62F0-F801-487F-9DCE-763FDA68A3D8}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{CF6F8AC7-43A4-4640-B209-2ADD614C8ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0C78FFE5-120E-4788-A446-C4C8945EED9A}] => (Allow) E:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{AEB8B238-077D-4F8A-B732-EA393B3A5A27}] => (Allow) E:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{E252F0E7-8C84-4FCB-BA46-675B7C599B71}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{BF372B8E-2AEB-44B8-BD62-3923CC0DC3E4}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{44934048-3FB6-4B38-A7F8-BFA138160F32}] => (Allow) D:\gayyyy\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{C6154E4D-A278-477C-88AE-C01EEDF87EB4}] => (Allow) D:\gayyyy\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [TCP Query User{6ADFE33C-6F3A-4A15-AE55-B3DD1F618618}D:\gamejoltclient\node_modules\client-voodoo\bin\joltron_win32.exe] => (Allow) D:\gamejoltclient\node_modules\client-voodoo\bin\joltron_win32.exe
FirewallRules: [UDP Query User{AFCC1077-0553-4157-8A0D-A20FA94A7ACB}D:\gamejoltclient\node_modules\client-voodoo\bin\joltron_win32.exe] => (Allow) D:\gamejoltclient\node_modules\client-voodoo\bin\joltron_win32.exe
FirewallRules: [{D485ADB7-1D2D-4DFE-AE37-5FEDD3CE892E}] => (Block) D:\gamejoltclient\node_modules\client-voodoo\bin\joltron_win32.exe
FirewallRules: [{7A28890B-047E-42B8-894B-3520AB1B9CC3}] => (Block) D:\gamejoltclient\node_modules\client-voodoo\bin\joltron_win32.exe
FirewallRules: [{12D055BF-C049-42C6-B6FF-C60AF35C8CC7}] => (Allow) E:\SteamLibrary\steamapps\common\Stayin' Alive Demo\StayinAlive.exe
FirewallRules: [{4AC7BB48-BC0D-4AE6-81E9-B226142DE4D9}] => (Allow) E:\SteamLibrary\steamapps\common\Stayin' Alive Demo\StayinAlive.exe
FirewallRules: [TCP Query User{AA32B947-0367-4029-897C-206C03256F0B}C:\users\theblackone666\desktop\the.letter.horror.visual.novel\skidrowgamesreloaded.com\the letter.exe] => (Allow) C:\users\theblackone666\desktop\the.letter.horror.visual.novel\skidrowgamesreloaded.com\the letter.exe
FirewallRules: [UDP Query User{DDB2C622-61EE-43F2-95AF-1D1FB4C6AEA8}C:\users\theblackone666\desktop\the.letter.horror.visual.novel\skidrowgamesreloaded.com\the letter.exe] => (Allow) C:\users\theblackone666\desktop\the.letter.horror.visual.novel\skidrowgamesreloaded.com\the letter.exe
FirewallRules: [{D5ED2E1B-B9F1-4644-BB88-1263F8658117}] => (Block) C:\users\theblackone666\desktop\the.letter.horror.visual.novel\skidrowgamesreloaded.com\the letter.exe
FirewallRules: [{F41F54B3-EBDF-4A9A-852D-890D79B672C5}] => (Block) C:\users\theblackone666\desktop\the.letter.horror.visual.novel\skidrowgamesreloaded.com\the letter.exe
FirewallRules: [TCP Query User{0F2BEFB5-41A0-4B18-81CB-9548CFD76912}C:\program files (x86)\steam\graphics\new folder\steamapps\common\assassin's creed unity\acu.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\assassin's creed unity\acu.exe
FirewallRules: [UDP Query User{BA69980F-A529-4FD9-BE3E-5A63A4960FFC}C:\program files (x86)\steam\graphics\new folder\steamapps\common\assassin's creed unity\acu.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\assassin's creed unity\acu.exe
FirewallRules: [{CA554DA3-D8CD-40AA-9B78-9A4C989B97AE}] => (Block) C:\program files (x86)\steam\graphics\new folder\steamapps\common\assassin's creed unity\acu.exe
FirewallRules: [{5EC39B59-CF73-4EE1-B0D6-437F93F1C713}] => (Block) C:\program files (x86)\steam\graphics\new folder\steamapps\common\assassin's creed unity\acu.exe
FirewallRules: [TCP Query User{4CD75203-7893-4D84-BF11-1D6508A3FA48}C:\program files (x86)\steam\graphics\new folder\steamapps\common\raiders of the broken planet\bin\raiders.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\raiders of the broken planet\bin\raiders.exe
FirewallRules: [UDP Query User{9BF3E2ED-073D-4DDC-AF99-86A22CC7EB46}C:\program files (x86)\steam\graphics\new folder\steamapps\common\raiders of the broken planet\bin\raiders.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\raiders of the broken planet\bin\raiders.exe
FirewallRules: [{D1175D77-5292-4646-B27E-6C9B6E070AE1}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\XXZ\game.exe
FirewallRules: [{F42DAA7E-305E-4BE7-B18A-3C04945227FC}] => (Allow) C:\Program Files (x86)\Steam\graphics\New folder\steamapps\common\XXZ\game.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{4372B7CA-DCA7-423E-B5EF-B09107B04702}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{272C7586-B457-4BB9-8894-7F46393433AD}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{0AD922E9-D643-4945-8D79-119C10E0D84B}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{7C596BC5-8E4D-48DD-ACA4-9C3AF77ABF81}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [TCP Query User{AF7C5A68-1F47-4143-99F5-6779633CF352}C:\program files (x86)\steam\graphics\new folder\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{30807BFE-E19B-4D2C-AB1B-C05AF65C47CB}C:\program files (x86)\steam\graphics\new folder\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) C:\program files (x86)\steam\graphics\new folder\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [TCP Query User{D5973572-A502-40B9-8AF0-A1074322EC8D}D:\gayyyy\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) D:\gayyyy\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{8BD1FBD8-BD45-4E37-89A8-F70C632C21E6}D:\gayyyy\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) D:\gayyyy\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{8AF6C997-8A4F-4DAE-8571-01F54CF66A02}] => (Allow) E:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{79A584C5-1101-45EE-A6DA-5AD7CA0B708C}] => (Allow) E:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{F0F154B4-CCFD-49CA-A7A2-07C41D6255D3}] => (Allow) D:\gayyyy\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{DF58157B-3070-45C0-92BF-B510ACB08533}] => (Allow) D:\gayyyy\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{F2C70BB4-A783-40E2-BD37-834D5F3D6D9D}] => (Allow) D:\gayyyy\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{99FFCBA5-F9AE-4569-84A6-3681F01915F1}] => (Allow) D:\gayyyy\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{B01617D6-3A7B-411F-839E-D7D04820AC45}] => (Allow) E:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{6798A201-28A2-4A25-987E-3C77B9777C51}] => (Allow) E:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
 
==================== Restore Points =========================
 
26-10-2017 13:54:14 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: 3D Video Controller
Description: 3D Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/26/2017 01:54:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/26/2017 12:30:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/26/2017 12:30:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (10/26/2017 12:30:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (10/26/2017 12:30:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/26/2017 12:30:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/26/2017 12:30:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/26/2017 12:30:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/26/2017 12:30:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (10/26/2017 12:30:54 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
 
System errors:
=============
Error: (10/28/2017 02:02:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.255.163.0).
 
Error: (10/28/2017 02:02:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (10/28/2017 02:02:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/28/2017 02:02:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/28/2017 02:02:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/28/2017 02:02:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/28/2017 02:02:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (10/28/2017 01:55:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (10/28/2017 01:54:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (10/28/2017 01:54:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
 
CodeIntegrity:
===================================
  Date: 2017-10-28 14:04:28.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-28 14:01:43.142
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1378_none_b46351ab81ef527e\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:01:43.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1378_none_b46351ab81ef527e\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:01:43.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1378_none_b46351ab81ef527e\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:01:42.999
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1378_none_b46351ab81ef527e\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:01:39.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1358_none_e9bec4a76c71edb7\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:01:39.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1358_none_e9bec4a76c71edb7\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:01:39.344
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1358_none_e9bec4a76c71edb7\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-28 14:00:02.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-10-28 13:59:10.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 87%
Total physical RAM: 8019.78 MB
Available physical RAM: 1030.75 MB
Total Virtual: 16039.56 MB
Available Virtual: 5568.13 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:188.47 GB) (Free:14.39 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:25 GB) (Free:4.37 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:22.78 GB) (Free:0.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 70D98F68)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
Joeicam

Joeicam

    GeekU Senior

  • GeekU Senior
  • 1,051 posts
Hi dadlessemo,
 
I apologize for the delayed response.
 
Please refer to this site's Terms of Use on illegal/cracked software, and information on the dangers of such software below.

goGMWSt.gifCracked Software
 
------------------------------
 
One or more of the identified issues may be a result of downloading cracked/pirated/illegal software. Participating in the use of such software is a security risk. We will NOT help anyone we suspect of having obtained their software or services illegally
 
Malware authors promote and release cracked software to spread malware. I strongly recommend you refrain from participating in this activity; your computer will be re-exposed to malware otherwise. Simply visiting a cracked software site often result in exposure to malware. In some instances malware may cause so much damage to your system that removal is not possible and the only option is to reformat your hard drive and reinstall your Operating System. Please refer to the following articles for more information.
 

 

 

 
That being said, please delete these two items, along with any other cracked software on your computer:
In your downloads folder: FL5tud1o1242licencekeyCrackclgsy.zip
On your desktop: Starbound.v1.3.2.Cracked-3DM
 
------------------------------
Additional clarification:
Do you currently pay for any of these programs?
- Emsisoft Anti-Malware
- Zemana AntiMalware
- UnHackMe
 
Are you aware that your proxy is enabled?
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-4145652378-410873519-1374146128-1001] => 127.0.0.1:8003

 

------------------------------
 
Step 1 of 1: XrDFflh.png CKScanner
 
  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the program.
  • Note: Please run this program only once.
  • Click Search For Files.
  • Upon completion, click Save List To File.
  • A message box will verify the file saved.
  • A log (ckfiles.txt) will be created on your DesktopCopy the contents of the log and paste in your next reply.
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • Confirmation that you removed the cracked software present on your computer
  • The answers to my questions

 


  • 0

#5
dadlessemo

dadlessemo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I have deleted the cracked software well all that i could some of the files i own but don't have access too. I have no clue what a proxy is or how it affects me. Also i have not paid for any of those, I am broke...

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\graphics\new folder\steamapps\common\rocketleague\tagame\cookedpcconsole\antenna_nutcracker_sf.upk
c:\program files (x86)\steam\graphics\new folder\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_sf.upk
c:\program files (x86)\steam\graphics\new folder\steamapps\common\rocketleague\tagame\cookedpcconsole\playerbanner_crackedegg_sf.upk
c:\program files (x86)\steam\steamapps\workshop\content\48700\875202420\sounds\fire_small_crackle.ogg
c:\program files (x86)\steam\steamapps\workshop\content\48700\919988428\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\workshop\content\48700\921970604\textures\soil_cracked3-edit.dds
c:\program files (x86)\steam\steamapps\workshop\content\48700\921970604\textures\soil_cracked3-edit.norm.dds
c:\users\theblackone666\downloads\crack fix.rar
c:\users\theblackone666\downloads\starbound.v1.3.2.cracked-3dm.rar
scanner sequence 3.ED.11.UTNAPZ
 ----- EOF ----- 

  • 0

#6
Joeicam

Joeicam

    GeekU Senior

  • GeekU Senior
  • 1,051 posts
Hi dadlessemo,
 
Thanks for your response and for deleting those programs. Nice work   :).
 
We will be addressing the proxy in future directions.
 
Additionally, please delete the following:
 
c:\users\theblackone666\downloads\crack fix.rar
c:\users\theblackone666\downloads\starbound.v1.3.2.cracked-3dm.rar
 
 
Let's continue...
 
You will need a flash drive for this next step.
 
Step 1 of 1: FRST - Recovery Environment Scan
 
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.
 
Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
 
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums. Once on the Advanced Options screen, click "Command Prompt"
  • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
 
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the FRST.txt log

 


  • 0

#7
Joeicam

Joeicam

    GeekU Senior

  • GeekU Senior
  • 1,051 posts

Hi dadlessemo, are you still with me? If you need more time to complete the instructions, no problem. Just let me know.

 

Thanks,

Joe


  • 0

#8
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,036 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP