Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Computer


  • Please log in to reply

#1
Betrayed

Betrayed

    Member

  • Member
  • PipPipPip
  • 119 posts

Recently my computer has been very slow and high ram usage. I think there may be some sort malware on it.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Jamie (administrator) on BETRAYED (19-03-2018 00:23:43)
Running from D:\Users\Jamie\Desktop
Loaded Profiles: Jamie (Available Profiles: Jamie)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Parental Advisor\bdparentalservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Parental Advisor\pcupdateservice.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) D:\x64\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Parental Advisor\bdparentalsystray.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\Discord.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\Jamie\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Discord Inc.) C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\Discord.exe
(Dassault Systèmes SolidWorks Corp.) D:\Program Files\SOLIDWORKS\sldworks_fs.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Rainmeter) D:\Program Files\Rainmeter\Rainmeter.exe
(Corsair Components, Inc.) D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Pidgin developer community) D:\Program Files (x86)\Pidgin\pidgin.exe
() D:\Program Files\Sublime Text 3\sublime_text.exe
() D:\Program Files\Sublime Text 3\plugin_host.exe
(Spotify Ltd) C:\Users\Jamie\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jamie\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jamie\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jamie\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (the data entry has 36 more characters).
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-25] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [SandboxieControl] => D:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Discord] => C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [EADM] => D:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-11] (Electronic Arts)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [NetBalancer] => D:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [1915256 2016-06-23] (SeriousBit)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Spotify] => C:\Users\Jamie\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-01] (Spotify Ltd)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Jamie\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2115656 2017-10-14] (Gaijin Entertainment)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Spotify Web Helper] => C:\Users\Jamie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-01] (Spotify Ltd)
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OBS Studio.lnk [2016-10-10]
ShortcutTarget: OBS Studio.lnk -> D:\Program Files (x86)\obs-studio\bin\32bit\obs32.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2017 Fast Start.lnk [2017-12-08]
ShortcutTarget: SOLIDWORKS 2017 Fast Start.lnk -> C:\Windows\Installer\{BB965FD0-077F-4CA4-BFD1-39FFEFF15770}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-02-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-07-09]
ShortcutTarget: Rainmeter.lnk -> D:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{BD584BD8-9D46-4F4B-B346-6A00849ED96C}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{DACC77B7-7177-45A0-8F40-D6D799727D5A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DACC77B7-7177-45A0-8F40-D6D799727D5A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ie/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: dvfgafen.default
FF ProfilePath: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\dvfgafen.default [2018-03-18]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> D:\Program Files\SOLIDWORKS Composer Player\Bin\npcomposerplayerwebplugin.dll [2017-02-03] (Dassault Systemes)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> D:\Program Files\SOLIDWORKS Composer Player\Bin\x86\npcomposerplayerwebplugin.dll [2017-02-03] (Dassault Systemes)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.ie/"
CHR Profile: C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Heartbeat) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [2017-01-24]
CHR Extension: (Slides) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (uBlock Origin) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-05]
CHR Extension: (Tampermonkey) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-22]
CHR Extension: (Sheets) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (LoungeDestroyer) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2018-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-21]
CHR Extension: (Iron Man-Material Design) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekeenfmlfhgoaojceionblcpbbjmnpk [2016-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 BdParental; C:\Program Files\Bitdefender\Bitdefender Parental Advisor\bdparentalservice.exe [121744 2018-02-08] (Bitdefender)
R2 BdParentalUpdate; C:\Program Files\Bitdefender\Bitdefender Parental Advisor\PCUpdateService.exe [65096 2018-02-08] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-19] ()
S3 CoordinatorServiceHost; D:\Program Files\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [81304 2017-02-04] (Dassault Systèmes SolidWorks Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 Hamachi2Svc; D:\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
S2 NetBalancerService; D:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [179064 2016-06-23] (SeriousBit)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [521608 2018-02-21] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [521608 2018-02-21] (NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-11] (Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-11] (Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-12-08] (SolidWorks) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bddevflt; C:\Windows\System32\DRIVERS\bddevflt.sys [91040 2015-08-03] (BitDefender LLC)
R1 bdfwfpf_pc; C:\Program Files\Bitdefender\Bitdefender Parental Advisor\bdfwfpf_pc.sys [144472 2018-02-08] (Bitdefender SRL)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [564216 2017-04-25] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
R1 MpKsl10e80055; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E8FACC-06EC-492E-B04A-D71CA1927557}\MpKsl10e80055.sys [58120 2018-03-18] (Microsoft Corporation)
R1 nbdrv; C:\Windows\system32\DRIVERS\nbdrv.sys [42128 2016-01-15] (SeriousBit)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31624 2018-02-21] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [54584 2018-02-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-10-11] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tapwindscribe0901; C:\Windows\system32\DRIVERS\tapwindscribe0901.sys [45560 2017-09-13] (The OpenVPN Project)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-10-31] (VIA Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 cpuz140; \??\C:\Users\Jamie\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
U0 gzflt; no ImagePath
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-14 15:08 - 2018-03-14 15:08 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsignbf936adc50daee9a
2018-03-11 17:39 - 2018-03-11 17:39 - 000000000 ____D C:\Users\Jamie\AppData\Local\Windscribe
2018-03-11 17:38 - 2018-03-11 17:53 - 000000000 ____D C:\Program Files (x86)\Windscribe
2018-03-11 17:38 - 2017-09-13 21:43 - 000045560 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2018-03-10 10:17 - 2018-03-18 11:13 - 000000000 ___RD C:\Users\Jamie\Creative Cloud Files
2018-03-04 13:22 - 2018-03-04 13:22 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\Synapse3
2018-03-04 13:22 - 2018-03-04 13:22 - 000000000 ____D C:\temp
2018-02-26 19:09 - 2018-02-26 19:09 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 19:09 - 2018-02-23 19:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-26 19:09 - 2017-12-08 22:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-26 19:09 - 2017-12-08 22:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-26 19:09 - 2017-12-08 22:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-26 19:09 - 2017-12-08 22:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-26 19:07 - 2018-02-25 05:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-26 19:07 - 2018-02-25 05:41 - 000054584 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2018-02-26 19:07 - 2018-02-25 05:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-26 19:07 - 2018-02-25 05:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-26 19:07 - 2018-02-25 05:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-26 19:07 - 2018-02-25 05:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-26 19:07 - 2018-02-25 05:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-26 19:07 - 2018-02-25 05:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-26 19:07 - 2018-02-25 05:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-26 19:07 - 2018-02-25 05:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-26 19:07 - 2018-02-25 05:37 - 000134688 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2018-02-26 19:07 - 2018-02-25 05:36 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-26 19:07 - 2018-02-25 05:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-26 19:07 - 2018-02-25 05:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-26 19:07 - 2018-02-25 05:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000912456 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-26 19:07 - 2018-02-25 05:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-26 19:07 - 2018-02-25 05:34 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-26 19:07 - 2018-02-25 05:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-26 19:07 - 2018-02-25 05:34 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-26 19:03 - 2018-02-26 19:03 - 000003922 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 18:27 - 2018-02-26 18:27 - 000008237 _____ C:\Users\Jamie\DELREY-Private.ovpn
2018-02-25 16:50 - 2018-02-25 16:50 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign3714680e21f2b7c7
2018-02-25 10:59 - 2018-02-25 10:59 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsignefbe6d44dab72fbd
2018-02-22 18:34 - 2018-02-22 18:34 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign093bc663a7261520
2018-02-22 18:03 - 2018-02-22 18:03 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsigna5e43ac1efd51ce5
2018-02-22 18:03 - 2018-02-22 18:03 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign77c1cfa1d9153e29
2018-02-22 18:02 - 2018-02-22 18:02 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign4af5fee33a697aa6
2018-02-22 17:24 - 2018-02-22 17:25 - 000000033 _____ C:\Users\Jamie\AppData\Roaming\AdobeWLCMCache.dat
2018-02-22 17:18 - 2018-02-22 17:18 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk
2018-02-22 17:14 - 2018-02-22 17:14 - 000001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-02-22 17:07 - 2018-02-22 17:07 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign824e9c641205e6a3
2018-02-20 19:04 - 2018-01-24 00:19 - 001976120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439077.dll
2018-02-20 19:04 - 2018-01-24 00:19 - 001673616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439077.dll
2018-02-19 19:21 - 2018-02-19 19:21 - 000000000 ____D C:\Users\Jamie\AppData\Local\CrashRpt
2018-02-17 22:46 - 2018-02-17 22:47 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-19 00:23 - 2017-06-27 14:18 - 000000000 ____D C:\FRST
2018-03-19 00:20 - 2016-07-09 10:13 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\TS3Client
2018-03-19 00:19 - 2016-10-09 20:54 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\obs-studio
2018-03-19 00:05 - 2016-07-09 12:09 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\Spotify
2018-03-18 23:47 - 2016-07-08 23:53 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5300C48B-BF93-4A18-917D-7F8F63F8C0CE}
2018-03-18 23:39 - 2016-07-09 12:51 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\vlc
2018-03-18 22:46 - 2017-11-26 20:02 - 000000000 ____D C:\Users\Jamie\AppData\Local\LogMeIn Hamachi
2018-03-18 22:46 - 2016-08-04 21:50 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\TeamViewer
2018-03-18 22:46 - 2016-07-16 13:05 - 000000000 ____D C:\Users\Jamie\AppData\Local\CrashDumps
2018-03-18 22:46 - 2016-07-09 16:28 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\.purple
2018-03-18 22:46 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\Inf
2018-03-18 21:54 - 2016-07-10 10:43 - 000000000 ____D C:\Users\Jamie\AppData\Local\Arma 3 Launcher
2018-03-18 21:52 - 2016-07-10 10:41 - 000000000 ____D C:\Users\Jamie\AppData\Local\Arma 3
2018-03-18 21:51 - 2016-07-09 00:32 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-18 14:44 - 2013-08-22 15:20 - 000000000 ____D C:\Windows\CbsTemp
2018-03-18 14:43 - 2016-07-10 04:15 - 000000000 ____D C:\Windows\system32\MRT
2018-03-18 14:40 - 2017-10-11 13:34 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-18 14:40 - 2016-07-10 04:15 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-18 12:21 - 2016-12-10 21:45 - 000000000 ____D C:\Users\Jamie\AppData\LocalLow\Mozilla
2018-03-18 11:13 - 2016-07-22 13:24 - 000000000 ____D C:\Users\Jamie\AppData\Local\Adobe
2018-03-17 18:57 - 2016-07-09 10:43 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\Skype
2018-03-16 16:22 - 2016-07-09 10:23 - 000000000 ____D C:\Users\Jamie\AppData\Local\Steam
2018-03-15 17:05 - 2016-07-09 12:11 - 000000000 ____D C:\Users\Jamie\AppData\Local\Spotify
2018-03-11 22:15 - 2016-07-09 10:54 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\MultiBit
2018-03-11 18:00 - 2016-07-08 23:56 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1719391309-1542172637-2612288240-1001
2018-03-11 12:50 - 2016-07-09 00:50 - 000000000 ____D C:\Users\Jamie\AppData\Local\NVIDIA
2018-03-11 02:34 - 2016-07-08 23:50 - 000000000 ____D C:\Users\Jamie
2018-03-10 14:18 - 2014-03-18 15:26 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-10 14:16 - 2016-07-22 15:50 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\discord
2018-03-10 14:12 - 2013-08-22 14:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-04 13:26 - 2016-07-09 10:15 - 000000000 ____D C:\ProgramData\Razer
2018-03-04 13:26 - 2016-07-09 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-03-04 13:26 - 2016-07-09 10:15 - 000000000 ____D C:\Program Files (x86)\Razer
2018-03-04 13:22 - 2016-07-09 10:16 - 000000000 ____D C:\Users\Jamie\AppData\Local\Razer
2018-03-04 10:51 - 2017-11-28 22:02 - 000000000 ____D C:\Windows\Minidump
2018-03-03 02:25 - 2016-07-09 00:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-03 02:24 - 2013-08-22 13:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-02-28 17:33 - 2016-07-17 12:38 - 000000000 ____D C:\Users\Jamie\.junique
2018-02-27 16:26 - 2016-07-09 09:58 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-26 19:09 - 2016-07-09 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 19:09 - 2016-07-09 00:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-26 19:03 - 2017-10-25 16:45 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2017-10-25 16:45 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2017-10-25 16:45 - 000001432 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-02-26 19:03 - 2017-10-25 16:44 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2017-10-25 16:44 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2017-10-25 16:44 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2017-10-25 16:44 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2017-10-25 16:44 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:03 - 2016-07-09 00:32 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-26 16:16 - 2013-08-22 14:44 - 000450280 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-25 05:40 - 2016-07-09 09:41 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2018-02-25 05:36 - 2016-10-21 15:59 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 05:36 - 2016-07-09 09:41 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 05:36 - 2016-07-09 09:41 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-25 05:34 - 2017-10-25 17:41 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-25 05:34 - 2016-07-09 09:41 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-25 05:34 - 2016-07-09 09:41 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-24 12:46 - 2015-11-10 00:13 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-24 12:41 - 2017-12-08 15:10 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\steelseries-engine-3-client
2018-02-23 20:01 - 2017-10-25 16:44 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-23 19:22 - 2016-07-09 09:42 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 19:22 - 2016-07-09 09:42 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 19:22 - 2016-07-09 00:32 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 19:22 - 2016-07-09 00:32 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 19:22 - 2016-07-09 00:32 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 19:22 - 2016-07-09 00:32 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 19:22 - 2016-07-09 00:32 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-22 18:01 - 2016-07-08 23:50 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\Adobe
2018-02-22 17:24 - 2017-07-19 22:44 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-02-22 17:18 - 2016-08-11 21:00 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-02-22 17:15 - 2016-08-11 20:59 - 000000000 ____D C:\Program Files\Adobe
2018-02-22 17:14 - 2016-08-11 20:59 - 000000000 __RHD C:\Users\Jamie\[email protected] Creative Cloud Files
2018-02-22 17:14 - 2016-07-22 13:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-22 17:14 - 2016-07-09 00:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-21 07:51 - 2017-10-25 16:45 - 002464656 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-02-21 07:51 - 2017-10-25 16:45 - 002121608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-02-21 07:51 - 2017-10-25 16:45 - 001310608 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-02-21 07:11 - 2016-12-23 20:15 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-02-19 19:30 - 2017-01-14 11:50 - 000000000 ____D C:\Program Files\Rockstar Games
2018-02-19 19:30 - 2017-01-14 11:50 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-02-19 19:30 - 2017-01-14 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2018-02-18 13:41 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\AppReadiness
2018-02-18 11:56 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-18 02:17 - 2016-07-30 20:14 - 000000000 ____D C:\Users\Jamie\AppData\Local\Ubisoft Game Launcher
2018-02-17 22:46 - 2017-08-17 11:58 - 000000000 ____D C:\Users\Jamie\AppData\Roaming\EasyAntiCheat
2018-02-17 21:57 - 2016-09-05 19:32 - 000000000 ____D C:\Users\Jamie\AppData\Local\UnrealEngine
 
==================== Files in the root of some directories =======
 
2018-02-22 17:24 - 2018-02-22 17:25 - 000000033 _____ () C:\Users\Jamie\AppData\Roaming\AdobeWLCMCache.dat
2016-10-20 20:22 - 2017-02-11 23:45 - 000000301 _____ () C:\Users\Jamie\AppData\Roaming\BreakingPoint_Login.ini
2016-07-09 18:08 - 2017-02-12 00:50 - 000001427 _____ () C:\Users\Jamie\AppData\Roaming\BreakingPoint_Options.ini
2016-11-07 23:45 - 2016-11-07 23:45 - 000000054 _____ () C:\Users\Jamie\AppData\Roaming\updater.cfg
2018-01-05 19:42 - 2018-01-05 19:42 - 000000600 _____ () C:\Users\Jamie\AppData\Roaming\winscp.rnd
2017-07-20 09:14 - 2017-09-28 17:36 - 000001456 _____ () C:\Users\Jamie\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-12-27 18:55 - 2017-12-27 18:55 - 000000600 _____ () C:\Users\Jamie\AppData\Local\PUTTY.RND
2016-07-09 20:05 - 2016-07-09 20:05 - 000007605 _____ () C:\Users\Jamie\AppData\Local\Resmon.ResmonCfg
2016-07-10 22:42 - 2016-07-10 22:42 - 000000003 _____ () C:\Users\Jamie\AppData\Local\updater.log
2016-07-10 22:42 - 2016-08-06 10:31 - 000000424 _____ () C:\Users\Jamie\AppData\Local\UserProducts.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-15 16:26
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Jamie (19-03-2018 00:24:14)
Running from D:\Users\Jamie\Desktop
Windows 8.1 (Update) (X64) (2016-07-08 23:50:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1719391309-1542172637-2612288240-500 - Administrator - Disabled)
Guest (S-1-5-21-1719391309-1542172637-2612288240-501 - Limited - Disabled)
Jamie (S-1-5-21-1719391309-1542172637-2612288240-1001 - Administrator - Enabled) => C:\Users\Jamie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_1) (Version: 14.2.1 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_1) (Version: 22.0.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
ArmA3Sync 1.5.80 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.80 - The [S.o.E] team)
AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.29.1517 - Bitdefender)
Bitdefender Parental Advisor (HKLM\...\Bitdefender Parental Advisor) (Version: 1.2.0.291 - Bitdefender)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{5f313643-63c9-4660-8dae-eb4a80196cb4}) (Version: 10.1.2.19 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.6 (HKLM-x32\...\{2B710CA5-99F0-4D29-962C-29A7CFF7A989}) (Version: 2.6.0.32 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.4.1186 - Intel Corporation)
Intel® Network Connections 21.0.504.0 (HKLM\...\PROSetDX) (Version: 21.0.504.0 - Intel)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Kodi) (Version:  - XBMC-Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Firefox 59.0.1 (x64 en-US) (HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
MultiBit Classic 0.5.19 (HKLM\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.0.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.0.85 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 391.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.0 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenVPN 2.3.11-I601  (HKLM\...\OpenVPN) (Version: 2.3.11-I601 - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 -  )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.11.0 - )
pidgin-otr 4.0.2 (HKLM-x32\...\pidgin-otr) (Version: 4.0.2 - Cypherpunks CA)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2613 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8279 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
SOLIDWORKS 2017 SP02 (HKLM\...\{BB965FD0-077F-4CA4-BFD1-39FFEFF15770}) (Version: 25.120.52 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2017 SP02 (HKLM-x32\...\SolidWorks Installation Manager 20170-40200-1100-100) (Version: 25.2.0.52 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2017 SP02 (HKLM\...\{2F5D372A-EE3F-4201-8899-AA717AB91110}) (Version: 25.20.52 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2017 SP02 (HKLM\...\{061157FB-631D-480A-B8AB-529E455BA74D}) (Version: 17.2.0029 - Dassault Systèmes SolidWorks Corp) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.13 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.13 - SteelSeries ApS)
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.11-0 - Bitnami)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1719391309-1542172637-2612288240-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719391309-1542172637-2612288240-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-07-08] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-07-08] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-07-08] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2016-07-08] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06763BA6-162A-4D87-8ED8-08B3878D28B4} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {0F1BE22A-6BB3-40D2-966B-927BB0F74662} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-02-21] (NVIDIA Corporation)
Task: {0F2E34F7-DF67-4931-8180-94601F02A3E7} - System32\Tasks\AdobeAAMUpdater-1.0-Betrayed-Jamie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {2ACC1BC1-941D-4C89-807D-C6037F9DA2E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {35386CF1-51D3-4CDB-AAE6-E4A831819BF8} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {45D3124E-E400-4CB6-8A58-771FA7E08BE9} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {492BCF37-1654-4946-9F2C-2118E201C5AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {5032FE90-0ED8-42BD-BB4F-109991ED5A94} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-02-21] (NVIDIA Corporation)
Task: {58BBA558-2959-42FC-9902-821282282918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.)
Task: {5ADE268D-7EA3-4F1F-B752-F46E3B97F0FD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-02-21] (NVIDIA Corporation)
Task: {607BA121-CFF0-4C18-B956-F48A4BA443CF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-02-21] (NVIDIA Corporation)
Task: {6B74E13D-3FC8-4126-827B-DC51721AD556} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-02-21] (NVIDIA Corporation)
Task: {74BFFE8C-382B-4AC2-A021-B884EDAA936A} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {7A55D264-0586-4C00-90D4-19FA9260642D} - System32\Tasks\AdobeGCInvoker-1.0-Betrayed-Jamie => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {81B4D325-6C4B-47CA-AA77-C6870C99B4C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {906A9971-2A23-4C36-AC21-C3599AF569AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {AFACBA89-BFF1-4157-B006-B56889770DB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {BD0C595B-A45A-4FAF-8B72-7C243743F292} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-02-21] (NVIDIA Corporation)
Task: {BDF43C40-AA3C-45A7-B70C-D9C32D8BBC42} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {BFE19B39-EC2B-4708-8BE6-D9322CE361E1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {C945DA90-4C5E-4A02-B1E1-43D03C942852} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.)
Task: {EA061957-4DC6-4AD9-A83D-2C7D195DADC7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-02-21] (NVIDIA Corporation)
Task: {F39D3455-785E-4480-8D49-19EA80DBC20E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-02-21] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-07 16:41 - 2017-02-07 16:41 - 001008448 _____ () C:\Program Files\Bitdefender\Bitdefender Parental Advisor\otengines_02451_004\ashttpbr.mdl
2017-02-07 16:41 - 2017-02-07 16:41 - 000541952 _____ () C:\Program Files\Bitdefender\Bitdefender Parental Advisor\otengines_02451_004\ashttpdsp.mdl
2017-02-07 16:41 - 2017-02-07 16:41 - 003654344 _____ () C:\Program Files\Bitdefender\Bitdefender Parental Advisor\otengines_02451_004\ashttpf.mdl
2017-02-07 16:41 - 2017-02-07 16:41 - 001544568 _____ () C:\Program Files\Bitdefender\Bitdefender Parental Advisor\otengines_02451_004\ashttprbl.mdl
2017-10-25 16:44 - 2018-02-21 07:51 - 001268616 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-15 17:28 - 2018-02-24 12:46 - 000543248 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-07-19 22:09 - 2017-07-19 22:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-07-09 10:05 - 2016-06-08 17:12 - 000416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-07-09 10:05 - 2016-06-08 17:18 - 000709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-07-09 10:05 - 2016-06-08 17:15 - 000130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-07-09 10:05 - 2016-06-08 17:16 - 000025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-07-09 10:05 - 2016-06-08 17:16 - 000059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-07-09 10:05 - 2016-06-08 17:16 - 000194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-07-09 10:05 - 2016-06-08 17:17 - 000159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-07-09 10:05 - 2016-06-08 17:17 - 000158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-07-09 10:05 - 2016-06-08 17:16 - 000050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-07-09 10:05 - 2016-06-08 17:15 - 000032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2018-02-10 01:12 - 2018-02-10 01:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-02-04 01:43 - 2017-02-04 01:43 - 000272280 _____ () D:\Program Files\SOLIDWORKS\sldBodyDiffu.dll
2018-02-26 19:03 - 2018-02-21 07:51 - 000020368 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll
2018-02-27 20:08 - 2018-02-27 20:08 - 034523072 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2016-07-09 10:05 - 2016-06-08 17:07 - 000458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-07-09 10:05 - 2016-06-08 17:17 - 000188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2018-02-27 16:26 - 2018-02-22 03:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-27 16:26 - 2018-02-22 03:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2016-10-07 12:18 - 2016-10-07 12:18 - 005971056 _____ () D:\Program Files\Sublime Text 3\sublime_text.exe
2016-10-07 12:18 - 2016-10-07 12:18 - 000672768 _____ () D:\Program Files\Sublime Text 3\plugin_host.exe
2018-03-13 16:53 - 2018-02-28 15:59 - 031228928 _____ () C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\PepperFlash\29.0.0.113\pepflashplayer.dll
2017-08-14 16:05 - 2017-08-14 16:05 - 000076456 _____ () D:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-03-16 00:54 - 2016-03-16 00:54 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-10-25 16:44 - 2018-02-21 07:51 - 001041800 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-02-26 19:03 - 2018-02-21 07:51 - 000020368 _____ () c:\program files (x86)\nvidia corporation\nvstreamsrv\detoured.dll
2017-12-14 16:28 - 2017-11-29 05:09 - 000781088 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2016-10-14 07:48 - 2016-09-01 01:02 - 004969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2017-12-16 10:28 - 2017-12-15 19:59 - 002558752 _____ () D:\Program Files (x86)\Steam\video.dll
2016-10-14 07:48 - 2016-09-01 01:02 - 001563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2016-10-14 07:48 - 2016-09-01 01:02 - 001195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2017-12-14 16:28 - 2017-11-04 01:54 - 005137696 _____ () D:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 16:28 - 2017-11-04 01:54 - 000695584 _____ () D:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 16:28 - 2017-11-04 01:54 - 000351520 _____ () D:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 16:28 - 2017-11-04 01:54 - 000847136 _____ () D:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 16:28 - 2017-11-04 01:54 - 000783648 _____ () D:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-16 10:28 - 2017-12-15 19:59 - 000904992 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-14 07:48 - 2016-07-04 22:17 - 000266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2018-01-09 16:15 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 16:15 - 2018-02-10 12:03 - 001780216 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-01-09 16:15 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 16:15 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Jamie\AppData\Local\Discord\app-0.0.300\libegl.dll
2017-12-19 10:31 - 2017-12-19 10:31 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2018-01-09 16:15 - 2018-03-14 13:49 - 009634296 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 16:15 - 2018-02-01 16:17 - 001508344 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 16:15 - 2018-01-09 16:15 - 000513016 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 16:15 - 2018-03-14 13:49 - 001517560 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 16:15 - 2018-01-09 16:15 - 002662904 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 16:16 - 2018-03-08 18:51 - 002749944 _____ () \\?\C:\Users\Jamie\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2016-03-23 10:04 - 2016-03-23 10:04 - 000091136 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 000224256 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 000200704 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2018-02-14 05:03 - 2018-02-14 05:03 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-08-14 16:05 - 2017-08-14 16:05 - 000073384 _____ () D:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-10-25 16:45 - 2018-02-21 07:51 - 071673736 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 08:39 - 2018-01-30 08:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-02-14 05:26 - 2018-02-14 05:26 - 000099800 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-10-13 11:12 - 2017-09-07 02:04 - 000678400 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-12-14 16:28 - 2017-10-31 04:44 - 071471904 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-10-14 07:48 - 2015-09-24 23:52 - 000119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2018-02-14 05:20 - 2018-02-14 05:20 - 000125904 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-02-14 05:20 - 2018-02-14 05:20 - 000125392 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2018-02-14 05:20 - 2018-02-14 05:20 - 000133072 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-02-14 05:20 - 2018-02-14 05:20 - 000222160 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-02-14 05:20 - 2018-02-14 05:20 - 000099792 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-02-14 05:20 - 2018-02-14 05:20 - 000106456 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2018-02-14 05:20 - 2018-02-14 05:20 - 000094168 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-06-19 21:24 - 2016-06-19 21:24 - 000036878 _____ () D:\Program Files (x86)\Pidgin\libssp-0.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000671031 _____ () D:\Program Files (x86)\Pidgin\exchndl.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000904525 _____ () D:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000118272 _____ () D:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000279059 _____ () D:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000553382 _____ () D:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000216992 _____ () D:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 001136034 _____ () D:\Program Files (x86)\Pidgin\libxml2-2.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000177586 _____ () D:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000475580 _____ () D:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000020997 _____ () D:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000013253 _____ () D:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000024924 _____ () D:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000015702 _____ () D:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000014147 _____ () D:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000018882 _____ () D:\Program Files (x86)\Pidgin\plugins\history.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000012865 _____ () D:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000019043 _____ () D:\Program Files (x86)\Pidgin\plugins\idle.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000018555 _____ () D:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000015074 _____ () D:\Program Files (x86)\Pidgin\plugins\libaim.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000315843 _____ () D:\Program Files (x86)\Pidgin\liboscar.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000093066 _____ () D:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000332178 _____ () D:\Program Files (x86)\Pidgin\plugins\libgg.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000016005 _____ () D:\Program Files (x86)\Pidgin\plugins\libicq.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000108441 _____ () D:\Program Files (x86)\Pidgin\plugins\libirc.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000128694 _____ () D:\Program Files (x86)\Pidgin\libsasl2-3.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000374169 _____ () D:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000151731 _____ () D:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000106671 _____ () D:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000123540 _____ () D:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000116071 _____ () D:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2016-06-19 21:23 - 2016-06-19 21:23 - 000152852 _____ () D:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000171123 _____ () D:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000868705 _____ () D:\Program Files (x86)\Pidgin\libsilc-1-1-4.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000225616 _____ () D:\Program Files (x86)\Pidgin\libsilcclient-1-1-4.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000055880 _____ () D:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000021337 _____ () D:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000417764 _____ () D:\Program Files (x86)\Pidgin\libjabber.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000022832 _____ () D:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000236666 _____ () D:\Program Files (x86)\Pidgin\libymsg.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000019793 _____ () D:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000047934 _____ () D:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000021795 _____ () D:\Program Files (x86)\Pidgin\plugins\markerline.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000013456 _____ () D:\Program Files (x86)\Pidgin\plugins\newline.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000030249 _____ () D:\Program Files (x86)\Pidgin\plugins\notify.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000021075 _____ () D:\Program Files (x86)\Pidgin\plugins\nss-prefs.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000017023 _____ () D:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2016-03-07 22:49 - 2016-03-07 22:49 - 000848384 _____ () D:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000029256 _____ () D:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000015380 _____ () D:\Program Files (x86)\Pidgin\plugins\psychic.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000015429 _____ () D:\Program Files (x86)\Pidgin\plugins\relnot.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000015045 _____ () D:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000069625 _____ () D:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000031993 _____ () D:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000012004 _____ () D:\Program Files (x86)\Pidgin\plugins\ssl.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000015978 _____ () D:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000030353 _____ () D:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000032020 _____ () D:\Program Files (x86)\Pidgin\plugins\ticker.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000018399 _____ () D:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000023851 _____ () D:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000029791 _____ () D:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000030771 _____ () D:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000037191 _____ () D:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000044494 _____ () D:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000048402 _____ () D:\Program Files (x86)\Pidgin\sasl2\libanonymous-3.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000049962 _____ () D:\Program Files (x86)\Pidgin\sasl2\libcrammd5-3.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000079858 _____ () D:\Program Files (x86)\Pidgin\sasl2\libdigestmd5-3.dll
2016-06-19 21:24 - 2016-06-19 21:24 - 000048907 _____ () D:\Program Files (x86)\Pidgin\sasl2\libplain-3.dll
2016-06-19 21:23 - 2016-06-19 21:23 - 000554496 _____ () D:\Program Files (x86)\Pidgin\sqlite3.dll
2016-07-09 16:27 - 2016-07-09 16:27 - 000090496 _____ () D:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2016-07-09 12:11 - 2018-03-01 16:54 - 080302992 _____ () C:\Users\Jamie\AppData\Roaming\Spotify\libcef.dll
2016-07-09 12:11 - 2018-03-01 16:54 - 003734416 _____ () C:\Users\Jamie\AppData\Roaming\Spotify\libglesv2.dll
2016-07-09 12:11 - 2018-03-01 16:54 - 000088464 _____ () C:\Users\Jamie\AppData\Roaming\Spotify\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [488]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\hola.org -> hxxp://hola.org
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2017-10-25 16:29 - 000000002 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "OBS Studio.lnk"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "NetBalancer"
HKU\S-1-5-21-1719391309-1542172637-2612288240-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{43280E25-5FDA-4220-A4AE-5002A736D28B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B004BAD1-39D2-44EB-B190-2075321C648C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB9ED71A-662C-455F-87E9-0A790C95A5EC}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37271229-BE7A-47BC-BFB4-8C54924854FF}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{05F9763A-ED1A-4A80-9C2E-0F779D2D7450}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F3BF32E7-1337-46D7-89C5-72D92A81628D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B7E95E14-D16D-46B5-8867-574F60FA4F27}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{234A17CE-C1FC-40E0-B9C2-8D307AEE884E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0EF71D9A-6EBD-4FB3-B8AF-6213F01C9E46}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{EE668382-30B4-4F1B-A1AF-8C150FDF1865}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{798A58B1-B109-4ADD-8381-426C0FBD0E7E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{245F0650-001A-4902-9819-648CD12269EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{D78D9F29-C391-4F4D-B44C-EB43EAD3BBF9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{A1BEA2B7-CE10-4D6E-998D-BC5D4F4C7834}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{4D20DBF2-0C1E-432E-AC59-DAEBB9F28C6C}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68AD369D-B8A4-494F-83AA-1926FA3263D0}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AD5458E8-667C-458E-9FF4-2EB84ABF8C42}D:\program files (x86)\steam\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [UDP Query User{12590890-1217-4AA1-A426-BD3B1C29EA3E}D:\program files (x86)\steam\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [TCP Query User{5E966F72-502D-4C81-954D-A28DC77BE3F0}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{EB1D1430-426B-4945-A818-02E532AE9977}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{4F823053-4909-4AB2-9291-BD68248ADF32}C:\users\jamie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jamie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3A0DA01A-C88E-4EEE-A304-3B115F5AA62E}C:\users\jamie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jamie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{094A09AB-4776-424C-A2E2-C232E04F7705}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{1221CC45-8FA2-471E-9947-9E0C2BFF8D9A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{75EA8C07-E02B-42B2-859D-2A041D76B6D2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{EDEBF04E-4D77-4140-9642-0F8F955531FF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{ADD96FA6-B2C5-4E0A-8489-756CD795492C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{51905D0F-9C42-4DA6-A34E-896A36FEA620}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{9CC85030-5885-4EAF-81BD-3B47F7F17C6E}] => (Allow) C:\Users\Jamie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A12C97BC-7E5A-4F0B-A47B-6B87058C1773}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2127FAC9-E30B-4FB4-BDDC-07D661F068F5}] => (Allow) LPort=2869
FirewallRules: [{E696FF9E-C112-4FF2-BF34-6A7060266C46}] => (Allow) LPort=1900
FirewallRules: [{2D3695A1-326F-4523-9C8A-25B32C2DF4EC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{598F6D8E-24E5-401A-84AA-05B79FC20419}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{1EAD2AF8-5037-4106-822E-74BF9CB3CED4}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{15DBF988-5F71-4099-B7B4-CCA393546DB5}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{2A8C7067-B59E-49EA-A540-10687AD386EE}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{C59428CB-1F85-4957-ADB6-F8B9C42FDA22}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3D955DC0-0228-475A-8253-724E6E51F3C4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{45E440E8-F608-4CF0-939B-62A2569FB968}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CA3EA36B-DBD2-4096-BD8E-7DC75DF0D7A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CDA5438B-5EBF-4CD0-8035-D806C3F6617A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Arma3Tools.exe
FirewallRules: [{1D8DD10C-926F-41E7-B2E7-9F796956ECEC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Arma3Tools.exe
FirewallRules: [{5D70229B-081B-4E3F-9F6B-F3A85EA32D15}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\starter.exe
FirewallRules: [{04DD16C0-B189-4C7A-A05A-9C79D0A1B256}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\starter.exe
FirewallRules: [{35D6B5A8-BBC8-4BB4-8437-C37302CFE7DE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\AddonBuilder\AddonBuilder.exe
FirewallRules: [{3AC0E794-A4BB-4258-8A73-9AAA95B7BCFB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\AddonBuilder\AddonBuilder.exe
FirewallRules: [{221061C7-8755-4DEF-8822-67CA3FE03698}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Publisher\Publisher.exe
FirewallRules: [{31D892F4-9BBD-45B4-B1F1-DFBD1DE1BD3E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3 Tools\Publisher\Publisher.exe
FirewallRules: [{CAEB01B5-C51A-461B-A739-C6AC5AB00FB8}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6DBADAEC-90BF-4150-9699-A1ACE2670A65}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{65BCB92C-B7A7-40AB-B562-618EAB4B0A7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EF547CEC-C447-49E3-9CD4-1389A4015C2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3A85E5E7-F1BB-4852-ABDF-C9C041DEC30D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3EAF9153-995F-4A07-9483-53C6687072DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66108248-7899-4FA5-9652-D0A501EA97D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{735D853C-757E-4787-A993-DB3669620016}D:\program files (x86)\steam\steamapps\common\battlegrounds\shootergame\binaries\win64\shootergame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\battlegrounds\shootergame\binaries\win64\shootergame-win64-shipping.exe
FirewallRules: [UDP Query User{39BF3FC7-1DB0-4AAF-946E-062467332DA7}D:\program files (x86)\steam\steamapps\common\battlegrounds\shootergame\binaries\win64\shootergame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\battlegrounds\shootergame\binaries\win64\shootergame-win64-shipping.exe
FirewallRules: [TCP Query User{3D306803-4323-4135-B7AB-1A884466D43D}D:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{6272F8B5-5F4F-49A3-A028-7F2D061D22CA}D:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{B48D565B-1064-4A1E-B333-4F807DA52358}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{ACDD4940-14C5-4278-B928-392B3C2497B6}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{716510F5-2508-4E63-B021-D8FAB54E4A5E}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{8A6DE1DC-7909-45AB-94DD-57F285AC9C7A}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{213D75CB-C013-4ECF-BA3E-11B2401C297B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4C95CAF3-85C6-4037-B23F-567A834C79FD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3493E0EA-612A-465C-99FA-1F7FF368B1DD}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BF2208F8-467B-4B5D-B728-6F4D65D12F35}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{97BBEDEF-967C-4D34-B438-D9971445F5AC}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5B116891-FCD2-4BEA-A423-C0E475A24859}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F1D6B41D-31AB-4D7B-B7D8-56D468FE1E35}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{361D7308-9B4B-4728-8920-C023FB8D020A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{0525ABC2-2A74-4AF9-9A48-D7ABDEA9620A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{033CE73D-8BA2-4C62-96F7-1FE59B88B3BB}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{828E9277-E9B4-44FD-9688-53005615BAA0}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{E1920F54-4271-4054-88D8-985EA69CD803}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{5A5B3439-AB38-4242-B4C9-8457B117B963}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{63F895A9-84B3-450E-943E-D7D51B2848F4}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{14A970D5-009F-4E35-9A24-A8380BE6568C}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A8888945-DFBA-4060-9078-E193C4EF79EA}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4331BA20-7EEB-41DF-A634-205837C07376}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{781F9E07-A98C-40E0-814B-317021B7FEB1}] => (Allow) C:\Users\Jamie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{5DC4ACA9-1514-48D3-A39B-EB021E81B9D0}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{857A0648-8909-478B-ABC6-173A334FC21C}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{FE480A42-72FA-4680-A346-09753A5D8E1B}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{4C723CC6-37AE-496C-806A-D71D07B0F531}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{004115AC-3B0C-493C-B576-C89D3A280AFF}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{BF18A62D-0753-43EA-885C-1E5671905617}D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{D125098A-D45E-4A54-A218-8D9CDFF31E78}C:\users\jamie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jamie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A8217E94-A114-4015-B913-609ED4AC54D9}C:\users\jamie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jamie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{847FCDC4-A13E-4A63-B3FC-8A3844BA162B}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{09ECCEF8-4BF5-41A6-9EEE-028ED5DCBF18}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{B4066D9D-E45D-46AD-8751-B877DC55CEC4}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{AFA28439-9D85-4940-BD37-54FF25C2BEBC}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{C85FFB54-1D5A-4D33-ABF6-2BE90B03AA04}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{49284333-C5FE-43C9-B509-3530F0DFCBF3}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{20514E74-B1ED-4E12-B373-D9D65809E67E}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{083B28D4-19AD-4706-96C1-6281CE1CF523}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{C9BFA25B-EB89-49B1-809E-7EC8B093BD8E}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{0D38522F-6E81-42C7-B8DF-09AD3ABA1986}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{D188A311-7968-454B-B336-59DFA84F89B4}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{EAB7083F-9E7A-42FA-99F1-30ACC6B4E114}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [{092F6539-E3A1-4160-A8CC-8FF1B73F4787}] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{629124B9-D933-47CC-9F19-146EC4B85BB0}] => (Allow) D:\Program Files (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [{C873AF50-7F01-49B7-A231-51F945298243}] => (Allow) D:\Program Files (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [{B1921B5F-529F-47C9-8FB8-07C9A0923695}] => (Allow) D:\Program Files (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [{882CB9CF-6B7F-461C-9F39-688B4FFD3C4D}] => (Allow) D:\Program Files (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [TCP Query User{066E391E-7B51-4A71-B1CF-D8A00967F0A8}D:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe
FirewallRules: [UDP Query User{F82AFCEE-4BC0-4018-998E-7CAEABA4E20B}D:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe
FirewallRules: [{BEE18A40-9D97-4ABD-B3CF-8A0B67B44C99}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{7BDE513E-B80B-4C92-95AE-108D37CA8078}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{533F98D3-5FFC-443B-A1E1-F389F63FDB20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F8512BAC-C8C3-4803-9AA7-77BAE031BD21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4F35148F-8003-4C70-A9FA-143CA8F942CD}] => (Allow) C:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3E2F95E2-048C-42F1-A9D7-EC059139AF44}] => (Allow) C:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{488A0425-5FE3-4C17-8BBF-D5001D835247}C:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{82EFAD9D-999E-4D0E-B86E-D1272FB4607F}C:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{9DC5ED78-5D04-48D0-9FA7-EA29BF5896BE}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{2E3A6978-5338-4EF3-8911-6AAB0CAFB966}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{AE0AC452-CA04-4D70-BB2D-9E8E43835B29}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4C481E7A-CAD8-4F15-8EE9-793A3092D017}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{7B21009D-D772-4400-A683-9E08F4FC515F}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{23FC5D17-D74C-4239-AAA8-48578A9DA88D}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe
FirewallRules: [{BB664711-245B-44BD-9817-169ECC150999}] => (Allow) D:\Program Files\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{A5EC0E0E-627E-4F3F-941E-08A06536AE9C}] => (Allow) D:\Program Files\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [TCP Query User{230DF51C-9434-405B-BFE7-789798CCF1F6}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{A69E820D-3E7D-4328-94F5-AF0E93D30807}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{3D5F118E-1F63-449D-BB15-B9459D9088AF}C:\users\jamie\appdata\local\webtorrent\app-0.18.0\webtorrent.exe] => (Allow) C:\users\jamie\appdata\local\webtorrent\app-0.18.0\webtorrent.exe
FirewallRules: [UDP Query User{08218CD5-D1B5-47CA-990E-FB41E8C3F3E5}C:\users\jamie\appdata\local\webtorrent\app-0.18.0\webtorrent.exe] => (Allow) C:\users\jamie\appdata\local\webtorrent\app-0.18.0\webtorrent.exe
FirewallRules: [{22C9C27D-2849-4B43-880E-273F86214724}] => (Allow) C:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{A6568B11-F2FE-4950-BDFA-775ABC1026BB}] => (Allow) C:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{BB8DA272-8E7E-42CB-828A-AB67873BD5F9}] => (Allow) C:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{9B97AA94-89EC-4754-B2FE-2BB3AC604DF0}] => (Allow) C:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{FC07EE0D-77DD-4957-97D8-73C6ACE0D514}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe
FirewallRules: [{1DFFB3ED-B4EF-423D-9F1B-8EAFF89386A7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe
FirewallRules: [{802848D8-4719-401B-957D-5F4429A42998}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{6A3CF025-CBDC-45B3-827E-375EF0A24E08}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{7D366F10-ED1A-4E95-90FE-53E1E78E3E73}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{519D1C13-EBE4-452F-A54C-359390757C6B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{CAE475F6-34DF-433D-A607-A44620F17A56}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{FBDD785F-AE5E-4A80-AE91-FAB8BF3481E6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{8B8D6FE8-06B8-4174-83EF-4FC44DA142C2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F71554D4-0289-4CC2-8844-3CC22173BBEE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [TCP Query User{E90F7430-8330-48ED-A7A8-2B31A18F9F92}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{6348B783-2B4C-484C-BB83-4A31586DABAC}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{12F93B83-113D-4C9A-A880-87E2529ED221}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{056DD859-5ACD-4CBA-A1CD-95045489619B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0DA2E09-5B0E-401B-A9E9-C53639BB8338}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BCBF65A7-58AB-45E4-BB6F-56D28F2C2A8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{276B7B92-270B-4AFC-BFCA-F55748F6504E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{FF9C7F6B-C58E-4FB4-897D-9FCBE3C7B58C}D:\program files (x86)\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B0117A2E-2EC7-4F22-A292-0E9EF3C3EA5B}D:\program files (x86)\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9B1C6C9E-F85E-4305-92D1-B82D31AB1C37}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{16E14B08-9E63-401C-8106-44DF17D6F517}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [{103BA478-8AE6-4812-ACBA-9E329AF3CC42}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{DA273770-AD0E-4E59-A674-92634BAD0265}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A254CEB6-7F57-4F5B-815B-CBE0B376B360}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\H1Z1_BE.exe
FirewallRules: [{15C4A018-F9C8-4920-9DD9-41E732A536DA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\H1Z1_BE.exe
 
==================== Restore Points =========================
 
24-02-2018 12:40:41 Installed DirectX
04-03-2018 11:03:17 Scheduled Checkpoint
11-03-2018 13:19:33 Scheduled Checkpoint
18-03-2018 14:38:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 690LC
Description: 690LC
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/18/2018 02:38:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl2a7349c2.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/18/2018 12:50:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: arma3launcher.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Threading.Tasks.TaskCanceledException
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at System.Windows.Threading.DispatcherOperation.Wait(System.TimeSpan)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherOperation, System.Threading.CancellationToken, System.TimeSpan)
   at System.Windows.Threading.Dispatcher.Invoke(System.Action, System.Windows.Threading.DispatcherPriority, System.Threading.CancellationToken, System.TimeSpan)
   at System.Windows.Threading.Dispatcher.Invoke(System.Action)
   at Utils.Threading.DispatcherContext.Invoke(System.Action)
   at Launcher.ViewModels.LauncherViewModel.<InitializeExecutorAndMonitor>b__aa(System.Object, Launcher.GameStateChangedArgs)
   at Utils.EventHandleExtensions.Raise[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.EventHandler`1<System.__Canon>, System.Object, System.__Canon)
   at Launcher.GameExecutor.FireGameNotRunningEvent(System.Collections.Generic.IEnumerable`1<System.Diagnostics.Process>)
   at Launcher.GameExecutor+<>c__DisplayClass37.<GmaeProcessExitedHandler>b__36(System.Collections.Generic.List`1<System.Diagnostics.Process>)
   at Utils.LockedWrapper`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Do(System.Action`1<System.__Canon>)
   at Launcher.GameExecutor.GmaeProcessExitedHandler(System.Object, System.EventArgs)
   at System.Diagnostics.Process.OnExited()
   at System.Diagnostics.Process.RaiseOnExited()
   at System.Diagnostics.Process.CompletionCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
 
Error: (03/17/2018 01:18:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.17060.1019, time stamp: 0x0206ae46
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b1b67
Exception code: 0xc0000374
Fault offset: 0x00000000000f1cd0
Faulting process ID: 0x29ec
Faulting application start time: 0x01d3bd8dcd137990
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: 298ac63f-2981-11e8-82d7-d8cb8a318c74
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/16/2018 07:49:34 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (03/16/2018 03:20:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.17060.1019, time stamp: 0x0206ae46
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b1b67
Exception code: 0xc0000374
Fault offset: 0x00000000000f1cd0
Faulting process ID: 0x55e4
Faulting application start time: 0x01d3bd39e2b6c540
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: 80ed2867-292d-11e8-82d7-d8cb8a318c74
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 07:23:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 578
 
Start Time: 01d3bc929327818e
 
Termination Time: 10
 
Application Path: UNKNOWN
 
Report Id: 2bde22a6-2886-11e8-82d7-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2018 04:21:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.17060.1019, time stamp: 0x0206ae46
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b1b67
Exception code: 0xc0000374
Fault offset: 0x00000000000f1cd0
Faulting process ID: 0x4ed8
Faulting application start time: 0x01d3bc794504ed2a
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: deeea39e-286c-11e8-82d7-d8cb8a318c74
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 04:15:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AAM Updates Notifier.exe, version: 9.0.0.281, time stamp: 0x5776ade0
Faulting module name: UpdaterCore.dll, version: 9.0.0.30, time stamp: 0x5773799f
Exception code: 0xc0000005
Fault offset: 0x0006287e
Faulting process ID: 0x1110
Faulting application start time: 0x01d3bc78e15d0388
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterCore.dll
Report ID: 213059bf-286c-11e8-82d7-d8cb8a318c74
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/18/2018 06:27:55 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (03/18/2018 06:27:25 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (03/18/2018 02:39:53 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (03/18/2018 02:39:23 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (03/17/2018 11:18:58 AM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (03/17/2018 11:18:28 AM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (03/16/2018 06:10:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (03/16/2018 04:37:19 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2018-03-18 18:29:12.745
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {5931D452-F3B3-47DC-B1DC-BB0F4F17BC75}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-18 14:43:16.792
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {20EF7568-812A-4836-A417-D3BF7BE46BC5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-17 11:22:47.389
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {2BAFF608-A45E-4AF4-9101-D43F65D7C28F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-15 16:33:41.861
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {61DE9857-C535-4EEE-99FF-A3731A5FD9F5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-11 17:25:30.389
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {7CB2D040-54A4-4AED-94A0-570DF7EC35A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-19 00:22:36.412
Description: 
Windows Defender has encountered an error trying to upload a suspicious file for further analysis.
Filename: D:\Users\Jamie\Downloads\Unconfirmed 959795.crdownload
Sha256: 
Current Signature Version: AV: 1.263.716.0, AS: 1.263.716.0
Current Engine Version: 1.1.14600.4
Error code: 0x80508016
 
Date: 2018-03-13 16:40:54.000
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.526.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-13 16:40:54.000
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.526.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-13 16:40:54.000
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.526.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-06 16:44:06.592
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.223.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 43%
Total physical RAM: 16279.26 MB
Available physical RAM: 9175.16 MB
Total Virtual: 32663.26 MB
Available Virtual: 24388.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.37 GB) (Free:68.62 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:395.89 GB) NTFS
 
\\?\Volume{3fad585b-9665-4141-80f4-c6d4b5b1ed84}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Please remove this program
popcorn time

Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
S3 cpuz140; \??\C:\Users\Jamie\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
U0 gzflt; no ImagePath
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
2018-02-25 16:50 - 2018-02-25 16:50 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign3714680e21f2b7c7
2018-02-25 10:59 - 2018-02-25 10:59 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsignefbe6d44dab72fbd
2018-02-22 18:34 - 2018-02-22 18:34 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign093bc663a7261520
2018-02-22 18:03 - 2018-02-22 18:03 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsigna5e43ac1efd51ce5
2018-02-22 18:03 - 2018-02-22 18:03 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign77c1cfa1d9153e29
2018-02-22 18:02 - 2018-02-22 18:02 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign4af5fee33a697aa6
2018-02-22 17:07 - 2018-02-22 17:07 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign824e9c641205e6a3
CustomCLSID: HKU\S-1-5-21-1719391309-1542172637-2612288240-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [488]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


    Next

    Download AdwCleaner from here. Save the file to the desktop.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

AdwCleaner[C0].txt:

 

# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 20 16:49:53 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 8.1 (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: Update service
 
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{847FCDC4-A13E-4A63-B3FC-8A3844BA162B}C:\program files (x86)\popcorn time\chromecast\node.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{09ECCEF8-4BF5-41A6-9EEE-028ED5DCBF18}C:\program files (x86)\popcorn time\chromecast\node.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B4066D9D-E45D-46AD-8751-B877DC55CEC4}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AFA28439-9D85-4940-BD37-54FF25C2BEBC}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted: [Value] - HKCU\Software\RegisteredApplications|AceStream
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Conduit - search.conduit.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2298 B] - [2018/3/20 16:48:59]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
 
Fixlog.txt:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Jamie (20-03-2018 16:32:46) Run:2
Running from D:\Users\Jamie\Desktop
Loaded Profiles: Jamie (Available Profiles: Jamie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
S3 cpuz140; \??\C:\Users\Jamie\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
U0 gzflt; no ImagePath
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
2018-02-25 16:50 - 2018-02-25 16:50 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign3714680e21f2b7c7
2018-02-25 10:59 - 2018-02-25 10:59 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsignefbe6d44dab72fbd
2018-02-22 18:34 - 2018-02-22 18:34 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign093bc663a7261520
2018-02-22 18:03 - 2018-02-22 18:03 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsigna5e43ac1efd51ce5
2018-02-22 18:03 - 2018-02-22 18:03 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign77c1cfa1d9153e29
2018-02-22 18:02 - 2018-02-22 18:02 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign4af5fee33a697aa6
2018-02-22 17:07 - 2018-02-22 17:07 - 000000000 ____D C:\Users\Jamie\AppData\Local\Tempzxpsign824e9c641205e6a3
CustomCLSID: HKU\S-1-5-21-1719391309-1542172637-2612288240-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jamie\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [488]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\System\CurrentControlSet\Services\cpuz140" => removed successfully
cpuz140 => service removed successfully
"HKLM\System\CurrentControlSet\Services\gzflt" => removed successfully
gzflt => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMFarflt" => removed successfully
MBAMFarflt => service removed successfully
C:\Users\Jamie\AppData\Local\Tempzxpsign3714680e21f2b7c7 => moved successfully
C:\Users\Jamie\AppData\Local\Tempzxpsignefbe6d44dab72fbd => moved successfully
C:\Users\Jamie\AppData\Local\Tempzxpsign093bc663a7261520 => moved successfully
C:\Users\Jamie\AppData\Local\Tempzxpsigna5e43ac1efd51ce5 => moved successfully
C:\Users\Jamie\AppData\Local\Tempzxpsign77c1cfa1d9153e29 => moved successfully
C:\Users\Jamie\AppData\Local\Tempzxpsign4af5fee33a697aa6 => moved successfully
C:\Users\Jamie\AppData\Local\Tempzxpsign824e9c641205e6a3 => moved successfully
"HKU\S-1-5-21-1719391309-1542172637-2612288240-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 329611987 B
Java, Flash, Steam htmlcache => 390700791 B
Windows/system/drivers => 11988002 B
Edge => 0 B
Chrome => 842764354 B
Firefox => 393975701 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 204800 B
NetworkService => -652 B
Jamie => 262654100 B
 
RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:33:09 ====

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#5
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/21/18
Scan Time: 1:39 PM
Log File: 54f2b386-2d0d-11e8-9661-00ffbd584bd8.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4434
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Betrayed\Jamie
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318278
Threats Detected: 12
Threats Quarantined: 12
Time Elapsed: 2 min, 4 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 12
PUP.Optional.Tuvaro, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [6278], [455257],1.0.4434
PUP.Optional.Tuvaro, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6278], [455257],1.0.4434
PUP.Optional.ASK, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [480], [454827],1.0.4434
PUP.Optional.ASK, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [480], [454827],1.0.4434
PUP.Optional.Delta, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [3464], [455070],1.0.4434
PUP.Optional.Delta, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3464], [455070],1.0.4434
PUP.Optional.Conduit, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [529], [454832],1.0.4434
PUP.Optional.Conduit, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4434
PUP.Optional.Conduit, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4434
PUP.Optional.Delta, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3464], [455070],1.0.4434
PUP.Optional.Conduit, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4434
PUP.Optional.Delta, C:\USERS\JAMIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3464], [455070],1.0.4434
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Not much malware being discovered,

Next

Click start> search and type cmd, right click on the returned cmd.exe and select "run as administrator" at the prompt>>> type or (copy paste) the text in the code box below into the command prompt window
echo > 0 & tasklist /v >> 0 & net start >> 0 & notepad 0
press enter on your keyboard.
A log file in note pad will be created on the desktop.
Post all of the notepad outcome in your next reply.
  • 0

#7
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ECHO is on.
 
Image Name                     PID Session Name        Session#    Mem Usage Status          User Name                                              CPU Time Window Title                                                            
========================= ======== ================ =========== ============ =============== ================================================== ============ ========================================================================
System Idle Process              0 Services                   0          4 K Unknown         NT AUTHORITY\SYSTEM                                   133:04:23 N/A                                                                     
System                           4 Services                   0      4,020 K Unknown         N/A                                                     3:58:03 N/A                                                                     
smss.exe                       396 Services                   0        376 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
csrss.exe                      596 Services                   0      3,840 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:07 N/A                                                                     
wininit.exe                    672 Services                   0      7,952 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
services.exe                   760 Services                   0      9,400 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:19 N/A                                                                     
lsass.exe                      768 Services                   0     36,276 K Unknown         NT AUTHORITY\SYSTEM                                     0:13:55 N/A                                                                     
svchost.exe                    840 Services                   0     21,424 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:03 N/A                                                                     
svchost.exe                    868 Services                   0     14,952 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:05 N/A                                                                     
svchost.exe                    952 Services                   0     38,676 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:06 N/A                                                                     
svchost.exe                   1012 Services                   0     82,212 K Unknown         NT AUTHORITY\SYSTEM                                     0:02:16 N/A                                                                     
svchost.exe                    444 Services                   0     35,708 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:01 N/A                                                                     
svchost.exe                    756 Services                   0     17,724 K Unknown         NT AUTHORITY\SYSTEM                                     0:01:54 N/A                                                                     
svchost.exe                    892 Services                   0      9,484 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:02 N/A                                                                     
SbieSvc.exe                   1060 Services                   0      4,368 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1304 Services                   0     20,068 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:31 N/A                                                                     
spoolsv.exe                   1424 Services                   0     10,448 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1496 Services                   0     28,320 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:14 N/A                                                                     
AdobeUpdateService.exe        1604 Services                   0      5,456 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
AGSService.exe                1644 Services                   0      7,756 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
bdparentalservice.exe         1680 Services                   0     91,804 K Unknown         NT AUTHORITY\SYSTEM                                     0:12:30 N/A                                                                     
pcupdateservice.exe           1712 Services                   0      6,060 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:01 N/A                                                                     
svchost.exe                   1736 Services                   0     16,216 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
IPROSetMonitor.exe            1784 Services                   0      3,268 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
dasHost.exe                   1792 Services                   0      3,176 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
SeriousBit.NetBalancer.Se     1916 Services                   0    114,336 K Unknown         NT AUTHORITY\SYSTEM                                     0:26:13 N/A                                                                     
nvcontainer.exe               1980 Services                   0     24,336 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:02 N/A                                                                     
NVDisplay.Container.exe       1288 Services                   0     10,760 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:17 N/A                                                                     
NvTelemetryContainer.exe      1528 Services                   0     14,404 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:01 N/A                                                                     
ProductAgentService.exe       3680 Services                   0     12,296 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:01 N/A                                                                     
GameScannerService.exe        1348 Services                   0     27,720 K Unknown         NT AUTHORITY\SYSTEM                                     0:01:53 N/A                                                                     
svchost.exe                   4128 Services                   0      7,300 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
SurSvc.exe                    4148 Services                   0     42,628 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:35 N/A                                                                     
TeamViewer_Service.exe        4236 Services                   0     13,836 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
MsMpEng.exe                   4264 Services                   0    201,016 K Unknown         NT AUTHORITY\SYSTEM                                     0:47:43 N/A                                                                     
hamachi-2.exe                 4360 Services                   0      7,840 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
WmiPrvSE.exe                  4464 Services                   0     18,888 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:08:49 N/A                                                                     
NisSrv.exe                    5412 Services                   0      9,592 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:20 N/A                                                                     
svchost.exe                   5456 Services                   0      9,588 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:01 N/A                                                                     
SearchIndexer.exe             5472 Services                   0     44,544 K Unknown         NT AUTHORITY\SYSTEM                                     0:01:23 N/A                                                                     
svchost.exe                   5540 Services                   0      4,128 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
esrv_svc.exe                 10228 Services                   0     21,744 K Unknown         NT AUTHORITY\SYSTEM                                     0:01:24 N/A                                                                     
jhi_service.exe               9500 Services                   0      3,732 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
LMS.exe                       9520 Services                   0      8,384 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
audiodg.exe                   4688 Services                   0     22,544 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:19:45 N/A                                                                     
taskhost.exe                 10712 Services                   0     29,804 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:06 N/A                                                                     
isa.exe                       8084 Services                   0     10,308 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
MBAMService.exe               2172 Services                   0    227,360 K Unknown         NT AUTHORITY\SYSTEM                                     0:19:00 N/A                                                                     
csrss.exe                    25236 Console                    4     11,480 K Running         NT AUTHORITY\SYSTEM                                     0:00:05 N/A                                                                     
winlogon.exe                 26292 Console                    4      4,812 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
dwm.exe                      21796 Console                    4     31,056 K Running         Window Manager\DWM-4                                    0:00:20 DWM Notification Window                                                 
NVDisplay.Container.exe      26280 Console                    4     35,344 K Running         NT AUTHORITY\SYSTEM                                     0:00:03 NvSvc                                                                   
nvcontainer.exe              14312 Console                    4     15,024 K Running         Betrayed\Jamie                                          0:00:00 {2A335767-FC94-417F-ABC4-B4122ADBEE60}                                  
explorer.exe                 26388 Console                    4    109,308 K Running         Betrayed\Jamie                                          0:00:13 N/A                                                                     
nvcontainer.exe              22980 Console                    4     28,832 K Running         Betrayed\Jamie                                          0:00:05 BroadcastListenerWindow                                                 
taskhostex.exe               24128 Console                    4     10,644 K Running         Betrayed\Jamie                                          0:00:00 Task Host Window                                                        
mbamtray.exe                 20272 Console                    4     21,720 K Running         Betrayed\Jamie                                          0:00:02 N/A                                                                     
NVIDIA Web Helper.exe         7684 Console                    4     20,436 K Running         Betrayed\Jamie                                          0:00:01 NVIDIA NodeJS Share Window                                              
conhost.exe                  18268 Console                    4      1,100 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
bdparentalsystray.exe         8604 Console                    4      6,956 K Running         NT AUTHORITY\SYSTEM                                     0:00:00 BdParental SysTrayWnd 1                                                 
usb3Monitor.exe               9072 Console                    4      4,528 K Running         Betrayed\Jamie                                          0:00:00 UsbMonitor                                                              
RtkNGUI64.exe                14660 Console                    4      8,492 K Running         Betrayed\Jamie                                          0:00:00 Realtek SpeakerTestManager                                              
Steam.exe                    16336 Console                    4    104,740 K Running         Betrayed\Jamie                                          0:00:24 Friends                                                                 
GyStation.exe                16228 Console                    4      4,656 K Running         Betrayed\Jamie                                          0:00:00 GYAZO_STATION                                                           
SpotifyWebHelper.exe         13768 Console                    4      4,404 K Running         Betrayed\Jamie                                          0:00:00 N/A                                                                     
RzSynapse.exe                 7324 Console                    4     76,932 K Running         Betrayed\Jamie                                          0:00:02 N/A                                                                     
sldworks_fs.exe              10900 Console                    4     39,596 K Running         Betrayed\Jamie                                          0:00:00 sldworks_fs                                                             
SteelSeriesEngine3.exe        8684 Console                    4     53,148 K Running         Betrayed\Jamie                                          0:00:03 SSEdevice.dll                                                           
Rainmeter.exe                19256 Console                    4     19,932 K Running         Betrayed\Jamie                                          0:00:00 N/A                                                                     
CorsairHID.exe               19472 Console                    4     63,816 K Running         Betrayed\Jamie                                          0:00:18 HID                                                                     
Lightshot.exe                14476 Console                    4      7,748 K Running         Betrayed\Jamie                                          0:00:00 Lightshot_Tray_Wnd                                                      
Creative Cloud.exe            2720 Console                    4     48,816 K Running         Betrayed\Jamie                                          0:00:02 N/A                                                                     
AdobeIPCBroker.exe           13020 Console                    4      7,508 K Running         Betrayed\Jamie                                          0:00:01 N/A                                                                     
jusched.exe                   1704 Console                    4      3,992 K Not Responding  Betrayed\Jamie                                          0:00:00 OleMainThreadWndName                                                    
Discord.exe                   7936 Console                    4     51,832 K Running         Betrayed\Jamie                                          0:00:10 #general - Discord                                                      
Adobe CEF Helper.exe         25284 Console                    4     88,064 K Unknown         Betrayed\Jamie                                          0:00:03 N/A                                                                     
Adobe Desktop Service.exe     9256 Console                    4    141,180 K Running         Betrayed\Jamie                                          0:00:23 N/A                                                                     
Discord.exe                   1336 Console                    4     32,916 K Unknown         Betrayed\Jamie                                          0:00:04 N/A                                                                     
Discord.exe                  22580 Console                    4    154,688 K Running         Betrayed\Jamie                                          0:00:45 N/A                                                                     
CoreSync.exe                 26476 Console                    4     26,144 K Running         Betrayed\Jamie                                          0:00:02 CoreSync::ƒ?<musync::ƒ?<WSystemƒ?<ObserverImpl                          
CCXProcess.exe                1440 Console                    4      1,544 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
node.exe                      1408 Console                    4     57,096 K Not Responding  Betrayed\Jamie                                          0:00:02 OleMainThreadWndName                                                    
conhost.exe                  17744 Console                    4      2,624 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
CCLibrary.exe                  468 Console                    4      1,600 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
node.exe                      4736 Console                    4     57,212 K Not Responding  Betrayed\Jamie                                          0:00:01 OleMainThreadWndName                                                    
conhost.exe                  14876 Console                    4      2,648 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
steamwebhelper.exe            7356 Console                    4     83,764 K Running         Betrayed\Jamie                                          0:00:12 N/A                                                                     
steamwebhelper.exe            3444 Console                    4     10,476 K Running         Betrayed\Jamie                                          0:00:00 N/A                                                                     
SteamService.exe             15100 Services                   0      9,716 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
esrv.exe                      3440 Console                    4     10,832 K Running         Betrayed\Jamie                                          0:00:00 C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe                     
conhost.exe                   8964 Console                    4      3,324 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
nvsphelper64.exe             12168 Console                    4      8,800 K Running         Betrayed\Jamie                                          0:00:00 {1274D398-C3C8-422E-87DD-2FAFFD5A7F2F}                                  
NVIDIA Share.exe             15196 Console                    4     67,088 K Running         Betrayed\Jamie                                          0:00:00 NVIDIA GeForce Overlay                                                  
nvcontainer.exe               8792 Services                   0     17,128 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
chrome.exe                   17444 Console                    4    183,076 K Running         Betrayed\Jamie                                          0:00:31 Slow Computer - Virus, Spyware, Malware Removal - Google Chrome         
ts3client_win64.exe          19764 Console                    4     89,192 K Running         Betrayed\Jamie                                          0:00:11 TeamSpeak 3                                                             
chrome.exe                    4596 Console                    4      9,140 K Running         Betrayed\Jamie                                          0:00:00 N/A                                                                     
nvcontainer.exe               2224 Console                    4     46,116 K Running         NT AUTHORITY\SYSTEM                                     0:00:01 NvContainerWindowClass000008B0                                          
chrome.exe                   11092 Console                    4      8,672 K Running         Betrayed\Jamie                                          0:00:00 N/A                                                                     
chrome.exe                   13624 Console                    4    121,728 K Unknown         Betrayed\Jamie                                          0:00:12 N/A                                                                     
chrome.exe                   12080 Console                    4     30,012 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
chrome.exe                   10836 Console                    4     60,448 K Unknown         Betrayed\Jamie                                          0:00:05 N/A                                                                     
chrome.exe                    7592 Console                    4     51,472 K Unknown         Betrayed\Jamie                                          0:00:01 N/A                                                                     
chrome.exe                    6588 Console                    4     29,848 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
chrome.exe                   11984 Console                    4     35,644 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
steamwebhelper.exe           13672 Console                    4    135,652 K Unknown         Betrayed\Jamie                                          0:00:48 N/A                                                                     
rundll32.exe                 20788 Console                    4      4,008 K Running         NT AUTHORITY\SYSTEM                                     0:00:00 SHIELD Remote Gamepad © 2017 NVIDIA Corporation Jan  9 2018 17:41:03  
rundll32.exe                 18356 Console                    4      4,544 K Running         NT AUTHORITY\SYSTEM                                     0:00:00 SHIELD Remote Gamepad x86 © 2017 NVIDIA Corporation Jan  9 2018 17:40:
chrome.exe                   16256 Console                    4     91,820 K Unknown         Betrayed\Jamie                                          0:00:06 N/A                                                                     
NVIDIA Share.exe             22952 Console                    4     53,416 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
chrome.exe                     452 Console                    4     77,828 K Unknown         Betrayed\Jamie                                          0:00:12 N/A                                                                     
EpicGamesLauncher.exe        20220 Console                    4    107,700 K Running         Betrayed\Jamie                                          0:00:04 Epic Games Launcher                                                     
MpCmdRun.exe                 14772 Services                   0      8,924 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
WmiPrvSE.exe                 25272 Services                   0     27,568 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:10 N/A                                                                     
WmiApSrv.exe                  7824 Services                   0      5,752 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
chrome.exe                   15076 Console                    4    104,152 K Unknown         Betrayed\Jamie                                          0:00:03 N/A                                                                     
FortniteLauncher.exe         12628 Console                    4      4,084 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
FortniteClient-Win64-Ship    22984 Console                    4      7,228 K Running         Betrayed\Jamie                                          0:00:00 BattlEye Launcher                                                       
BEService.exe                25256 Services                   0     21,336 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:23 N/A                                                                     
FortniteClient-Win64-Ship     7040 Console                    4  1,606,932 K Running         Betrayed\Jamie                                          0:02:32 Fortnite                                                                
steamwebhelper.exe           14904 Console                    4     36,536 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
chrome.exe                   16196 Console                    4     73,880 K Unknown         Betrayed\Jamie                                          0:00:01 N/A                                                                     
chrome.exe                   17388 Console                    4    116,616 K Unknown         Betrayed\Jamie                                          0:00:05 N/A                                                                     
chrome.exe                   22724 Console                    4     48,728 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
WUDFHost.exe                  8976 Services                   0      9,904 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
cmd.exe                       7800 Console                    4      3,324 K Running         Betrayed\Jamie                                          0:00:00 tasklist  /v                                                            
conhost.exe                   7244 Console                    4      5,504 K Running         Betrayed\Jamie                                          0:00:00 OleMainThreadWndName                                                    
tasklist.exe                 18100 Console                    4      6,704 K Unknown         Betrayed\Jamie                                          0:00:00 N/A                                                                     
These Windows services are started:
 
   Adobe Genuine Software Integrity Service
   AdobeUpdateService
   Application Information
   Background Intelligent Transfer Service
   Background Tasks Infrastructure Service
   Base Filtering Engine
   BattlEye Service
   Bitdefender Parental Advisor
   Bitdefender Parental Advisor Update
   COM+ Event System
   Cryptographic Services
   DCOM Server Process Launcher
   Device Association Service
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Diagnostic System Host
   Diagnostics Tracking Service
   Distributed Link Tracking Client
   DNS Client
   Energy Server Service WILLAMETTE
   Human Interface Device Service
   IKE and AuthIP IPsec Keying Modules
   Intel® Dynamic Application Loader Host Interface Service
   Intel® Management and Security Application Local Management Service
   Intel® PROSet Monitoring Service
   Intel® Security Assist
   Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE
   IP Helper
   IPsec Policy Agent
   Local Session Manager
   LogMeIn Hamachi Tunneling Engine
   Malwarebytes Service
   Multimedia Class Scheduler
   NetBalancerService
   Network Connection Broker
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   NVIDIA Display Container LS
   NVIDIA LocalSystem Container
   NVIDIA NetworkService Container
   NVIDIA Telemetry Container
   Plug and Play
   Power
   Print Spooler
   ProductAgentService
   Program Compatibility Assistant Service
   Quality Windows Audio Video Experience
   Razer Game Scanner
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Sandboxie Service
   Security Accounts Manager
   Security Center
   Sensor Monitoring Service
   Server
   Shell Hardware Detection
   SSDP Discovery
   Steam Client Service
   Superfetch
   System Event Notification Service
   System Events Broker
   Task Scheduler
   TCP/IP NetBIOS Helper
   TeamViewer 12
   Themes
   Time Broker
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Connection Manager
   Windows Defender Network Inspection Service
   Windows Defender Service
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Management Instrumentation
   Windows Search
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   WMI Performance Adapter
   Workstation
 
The command completed successfully.

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Hello,

2 commands to run:

First

Open command prompt with elevated privileges. (run as admin)

type sfc/scannow and press enter. wait for the process to finish.

then command prompt again type Dism /Online /Cleanup-Image /RestoreHealth press enter.
  • 0

#9
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Done


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Hello,

Has there been any any change in operation of the computer ?
  • 0

#11
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Hello,

Has there been any any change in operation of the computer ?

Yes I believe it is back to normal.


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Great.

You may uninstall any tools we downloaded and any log files on the desktop. Right click and delete them.

Thanks
Joe :)
  • 0

#13
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts

Great.

You may uninstall any tools we downloaded and any log files on the desktop. Right click and delete them.

Thanks
Joe :)

What about the folders left behind for FRST?


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,570 posts
Yes anything left behind may be deleted.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP