Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Assistance in finding/removing malware


  • Please log in to reply

#1
bm2x

bm2x

    Member

  • Member
  • PipPip
  • 21 posts

My overall goal is to modify a game I downloaded from steam: Skyrim.  Several modding communities have advised that I use/run FRST in order to get my system clean of possibly malicious and/or other programs preventing the correct operation of the program and modifications.

 

Assistance in operating and utilizing FRST is my primary concern, but any additional help or advice for getting and keeping my system in the green is much welcome and appreciated


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,887 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.
 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0

#3
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

FRST 


  • 0

#4
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

FRST 


  • 0

#5
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

addition


  • 0

#6
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

command prompt


  • 0

#7
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

syst idle processes


  • 0

#8
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

PID


  • 0

#9
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

speccy


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,887 posts
  • MVP

No attachments that I can see.  Try again.  Remember attaching takes multiple steps:

 

1.First click on More Reply Options
2.Then scroll down to where you see Choose File and click on it. 

3. Point it at the file and hit Open.
4. Now click on Attach this file.


  • 0

Advertisements


#11
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

sorry, I misread/misunderstood your instructions about attachments 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by William (administrator) on MARTOVICH (16-04-2018 17:38:21)
Running from C:\Users\Helen\Desktop
Loaded Profiles: William (Available Profiles: William & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bethesda Softworks) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSE.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
() C:\Program Files (x86)\GSAutoClicker3\GSAutoClicker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890128 2013-04-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-07-10] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-07] (Electronic Arts)
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Helen\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\MountPoints2: {28526191-8f46-11e4-824f-806e6f6e6963} - "D:\SETUP.EXE"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\MountPoints2: {baa56436-3ccb-11e6-be98-240a646e54e5} - "E:\VZW_Software_upgrade_assistant.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2017-03-20]
ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-09-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{93733082-29C2-4943-9627-7C54CE1FD87A}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-1890713058-2806932541-3226652281-1002 -> {5b59a0b6-949f-44b7-93b6-7ae39796c8ca} URL = hxxp://isearch.shopathome.com?user_id={afe413e5-9a57-4e7f-823e-e522902902cd}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1890713058-2806932541-3226652281-1002 -> {E705114E-6C48-4AF1-BD3D-2C742F7F1EF3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US91044D20151212&p={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-24] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-09-27] (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-24] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-09-27] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://www.google.com
CHR Session Restore: Profile 2 -> is enabled.
CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default [2018-02-18]
CHR Extension: (Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-02]
CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-20]
CHR Extension: (Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-16]
CHR Extension: (Webcam Toy) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-13]
CHR Extension: (Adblock Pro) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-11-16]
CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-25]
CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-02-05]
CHR Extension: (Google Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-18]
CHR Extension: (McAfee SafeKey) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2016-01-18]
CHR Extension: (Google Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-18]
CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18]
CHR Extension: (Adblock Plus) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Google Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-18]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-22]
CHR Extension: (AdBlock) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-03]
CHR Extension: (Invite All Your Facebook Friends PRO) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llihccomjnidgdibbpciaajkednnglpm [2016-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-18]
CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-18]
CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-04-16]
CHR Extension: (Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-16]
CHR Extension: (Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-16]
CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-16]
CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-16]
CHR Extension: (Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Skype) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-16]
CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-09-27] (Perfect World Entertainment Inc)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-07] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-19] (Broadcom Corporation.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-24] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 17:38 - 2018-04-16 17:38 - 000023135 _____ C:\Users\Helen\Desktop\FRST.txt
2018-04-16 17:33 - 2018-04-16 17:33 - 000080883 _____ C:\Users\Helen\Downloads\Shortcut.txt
2018-04-16 17:29 - 2018-04-16 17:30 - 002403328 _____ (Farbar) C:\Users\Helen\Desktop\FRST64.exe
2018-04-12 16:25 - 2018-04-12 16:25 - 003063168 _____ C:\Users\Helen\ZHPDiag3.exe
2018-04-09 21:05 - 2018-04-09 21:05 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-09 21:04 - 2018-04-09 21:04 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-09 21:04 - 2018-04-09 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-09 16:53 - 2018-04-16 17:18 - 000216560 _____ C:\Users\Helen\Desktop\ZHPDiag.txt
2018-04-09 16:53 - 2018-04-12 16:42 - 000308364 _____ C:\Users\Helen\Desktop\ZHPDiag.html
2018-04-09 16:46 - 2018-04-16 17:18 - 000000000 ____D C:\Users\Helen\AppData\Roaming\ZHP
2018-04-09 16:46 - 2018-04-16 17:05 - 000000871 _____ C:\Users\Helen\Desktop\ZHPDiag.lnk
2018-04-09 16:46 - 2018-04-09 16:46 - 000000000 ____D C:\Users\Helen\AppData\Local\ZHP
2018-04-09 16:41 - 2018-04-09 16:41 - 003045760 _____ C:\Users\Helen\Downloads\ZHPDiag3.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 17:38 - 2014-12-12 22:20 - 000000000 ____D C:\FRST
2018-04-16 17:33 - 2014-12-12 22:21 - 000051252 _____ C:\Users\Helen\Downloads\Addition.txt
2018-04-16 17:33 - 2014-12-12 22:20 - 000077244 _____ C:\Users\Helen\Downloads\FRST.txt
2018-04-16 16:34 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-16 16:32 - 2017-11-23 13:40 - 000003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-04-16 16:32 - 2015-05-31 02:26 - 000003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-04-12 21:24 - 2016-03-01 20:43 - 000000000 ____D C:\Users\Helen\AppData\Local\CrashDumps
2018-04-12 21:24 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-12 16:25 - 2015-02-24 06:49 - 000000000 ____D C:\Users\Helen
2018-04-10 21:59 - 2017-12-29 22:41 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-04-10 21:59 - 2017-04-05 18:19 - 000004480 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-10 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-10 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-09 22:01 - 2015-02-09 00:12 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1890713058-2806932541-3226652281-1002
2018-04-09 21:17 - 2017-04-10 19:06 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-09 21:09 - 2016-03-20 18:50 - 000000000 ____D C:\Users\Helen\Desktop\Pics
2018-04-09 20:54 - 2014-11-21 04:44 - 000877620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-09 20:54 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-04-09 20:53 - 2015-02-09 00:05 - 000000074 _____ C:\Users\Helen\AppData\Roaming\sp_data.sys
2018-04-09 20:50 - 2015-02-24 06:42 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-09 20:50 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-09 20:49 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-03-27 20:34 - 2016-06-04 15:06 - 000000000 ____D C:\Users\Helen\AppData\Local\Akamai
2018-03-23 00:13 - 2018-01-17 16:01 - 000053769 _____ C:\Users\Helen\Desktop\DQH Eval.txt
2018-03-22 17:43 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-03-20 21:20 - 2015-02-09 00:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-19 16:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-19 12:57 - 2018-02-15 13:03 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2018-04-12 16:25 - 2018-04-12 16:25 - 003063168 _____ () C:\Users\Helen\ZHPDiag3.exe
2016-05-07 21:56 - 2016-05-07 21:53 - 001355776 _____ (Microsoft Corporation) C:\Program Files\msvbvm50.dll
2016-05-07 21:56 - 2016-05-07 21:53 - 001355776 _____ (Microsoft Corporation) C:\Program Files (x86)\msvbvm50.dll
2015-02-10 05:00 - 2017-03-20 23:43 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-02-09 00:05 - 2018-04-09 20:53 - 000000074 _____ () C:\Users\Helen\AppData\Roaming\sp_data.sys
2016-06-05 21:01 - 2016-06-05 21:01 - 000000093 _____ () C:\Users\Helen\AppData\Local\fusioncache.dat

Some files in TEMP:
====================
2017-10-29 01:28 - 2017-10-29 01:28 - 000000180 _____ () C:\Users\Helen\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-10-29 01:29 - 2017-10-29 01:29 - 000000072 _____ () C:\Users\Helen\AppData\Local\Temp\813e0a4f66963b3ee20d8cc5c09eaab7.dll
2016-04-22 12:36 - 2000-04-06 08:00 - 000263168 ____N () C:\Users\Helen\AppData\Local\Temp\binkw32.dll
2017-12-25 18:22 - 2017-12-25 18:22 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Helen\AppData\Local\Temp\COMAP.EXE
2016-04-22 12:36 - 2001-05-09 20:19 - 000352256 ____N (Blizzard Entertainment) C:\Users\Helen\AppData\Local\Temp\d2l_Install.exe
2016-10-25 19:51 - 2016-10-25 19:51 - 000737856 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-02-12 16:45 - 2017-02-12 16:45 - 000739904 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-01 20:49 - 2017-05-01 20:49 - 000739904 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-11-16 03:43 - 2017-11-16 03:43 - 001856576 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-01-24 01:18 - 2018-01-24 01:18 - 001864256 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u161-windows-au.exe
2015-12-04 18:28 - 2015-12-04 18:28 - 000585824 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-03-11 19:45 - 2016-03-11 19:45 - 000736352 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-04-07 11:59 - 2016-04-07 11:59 - 000736320 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-06 23:33 - 2016-05-06 23:33 - 000739904 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-12-02 11:05 - 2015-12-02 11:05 - 000120336 _____ (McAfee, Inc.) C:\Users\Helen\AppData\Local\Temp\McCSPInstall.dll
2016-01-17 00:44 - 2015-12-02 11:05 - 000131344 _____ (McAfee Inc.) C:\Users\Helen\AppData\Local\Temp\mccspuninstall.exe
2015-02-10 04:42 - 2015-06-17 02:03 - 001170848 _____ (NVIDIA Corporation) C:\Users\Helen\AppData\Local\Temp\nvSCPAPI.dll
2015-02-10 04:42 - 2015-06-17 02:03 - 001366208 _____ (NVIDIA Corporation) C:\Users\Helen\AppData\Local\Temp\nvSCPAPI64.dll
2015-05-25 17:35 - 2015-06-17 02:03 - 000789648 _____ (NVIDIA Corporation) C:\Users\Helen\AppData\Local\Temp\nvStInst.exe
2017-01-28 14:22 - 2012-01-07 00:04 - 000314784 _____ () C:\Users\Helen\AppData\Local\Temp\UNINSTALLER-3672.exe
2017-01-28 14:22 - 2012-01-07 00:04 - 000314784 _____ () C:\Users\Helen\AppData\Local\Temp\UNINSTALLER-4308.exe
2017-01-28 14:23 - 2012-01-07 00:04 - 000314784 _____ () C:\Users\Helen\AppData\Local\Temp\UNINSTALLER-5336.exe
2016-04-03 02:17 - 2016-04-03 02:17 - 000065280 _____ () C:\Users\Helen\AppData\Local\Temp\utils.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-09 21:02

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by William (16-04-2018 17:38:38)
Running from C:\Users\Helen\Desktop
Windows 8.1 (Update) (X64) (2015-02-24 20:34:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1890713058-2806932541-3226652281-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1890713058-2806932541-3226652281-1005 - Limited - Enabled)
Guest (S-1-5-21-1890713058-2806932541-3226652281-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1890713058-2806932541-3226652281-1004 - Limited - Enabled)
William (S-1-5-21-1890713058-2806932541-3226652281-1002 - Administrator - Enabled) => C:\Users\Helen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - )
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - )
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.99 - Broadcom Corporation)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Install Manager (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\DAZ Install Manager 1.1.0.74) (Version: 1.1.0.74 - DAZ 3D)
Diablo (HKLM-x32\...\Diablo) (Version:  - )
Diablo (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Diablo) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.)
Dungeons & Dragons Online™: Stormreach™ v04.01.33.0131 (HKLM-x32\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 04.01.33.0131 - Atari, Inc.)
ETDWare PS/2-X64 11.5.9.1_WHQL (HKLM\...\Elantech) (Version: 11.5.9.1 - ELAN Microelectronic Corp.)
FirestormOS-Releasex64 (HKLM\...\FirestormOS-Releasex64) (Version: 5.0.7.52912 - The Phoenix Firestorm Project, Inc.)
G4E (HKLM-x32\...\{876A0B91-9E2F-562E-D1F6-C9D8F3C85894}) (Version: 1.7 - UNKNOWN) Hidden
G4E (HKLM-x32\...\G4E) (Version: 1.7 - UNKNOWN)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.8.329115 - Linden Research, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6955 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-07-22] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32A10A56-E9D1-4FED-8903-6F68403B72B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {39E8267E-3E9C-4B8B-A5F5-22890626EF54} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {3A33E21B-EC11-4A67-9969-6C56938DA72D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {4133EF87-9EA0-43F3-B159-104C11D129E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {46957674-5A56-4C06-B031-0D18D77E3A11} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {52F0E938-9493-4C50-9CD9-4D48F1DDCE7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {53260357-5DEE-44A0-BAE5-413AB62A09B0} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {5E0106D2-1337-493B-8AEB-2EF94A1A7BBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {82449A1C-308D-4C26-9639-0E560FBAB155} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {8F481014-2626-43C6-AA03-60C5D60C65DC} - System32\Tasks\{8FDAF6B1-D4FE-425E-B887-9607E74D5089} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\"
Task: {A4154356-8974-408B-BC20-5A0AB760631D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-04] (ASUS)
Task: {B0A92E6E-F561-415E-9595-CB6ECFA0BFA6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {B1A8A353-590E-4BE0-A79E-3254A555583B} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {B721765F-2585-4785-B5C7-2BD7FA78C5C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C401E0D2-FBE4-4581-AECE-C618E1F0FE85} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {D20C4A0E-56E7-41BC-8E2E-0D5D983305FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D81E9C26-D40F-4429-8A05-F1BC0625731F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {DC693585-5FFB-41E1-AA4E-281BB09CF32B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {DE34117A-775A-4D95-9442-61FA71892578} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {FDC39426-0BA7-47C0-8934-25AE9C0BC0F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

ShortcutWithArgument: C:\Users\Helen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\[email protected] - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Helen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Thomas - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-02-24 06:42 - 2015-07-22 21:31 - 000116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-19 02:10 - 2012-12-19 02:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-05-20 15:52 - 2013-05-20 15:52 - 000049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-07-23 12:54 - 2013-07-23 12:54 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-03-20 21:20 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-20 21:20 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-02-15 13:03 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-03-17 21:26 - 2014-04-09 10:08 - 000943128 _____ () C:\Program Files (x86)\GSAutoClicker3\GSAutoClicker.exe
2013-04-29 17:17 - 2013-04-29 17:17 - 000587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-05-25 16:14 - 2016-05-02 02:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-10 19:07 - 2018-01-10 22:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-04-10 19:07 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-04-10 19:07 - 2018-04-02 19:34 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll
2017-04-10 19:07 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-04-10 19:07 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-04-10 19:07 - 2018-04-02 19:34 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-04-10 19:07 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-12 00:32 - 2017-09-06 22:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-04-10 19:09 - 2017-12-13 17:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-04-10 19:07 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2013-09-22 17:26 - 2013-06-23 23:05 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-04-27 13:24 - 2013-04-27 13:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-01-11 03:35 - 000000834 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Helen\Desktop\Venom Background.BMP
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "UMonit64"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Gyazo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E06AF586-5A39-4BAE-BD9D-170780FF2476}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{16BF11DE-4CD2-4878-B6EC-3E6636D906F3}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{70547C1E-6E46-472A-B8A9-E6FF0D1AF32F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{EAE7BE05-3561-48BB-8C09-8BCF92543DCD}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{900FCC64-4C7A-4012-8B76-F02384117041}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{BC970E24-9DF6-49DF-992A-BCFA173F2CFF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2A029294-8A02-402F-99D0-08C5F99B2E39}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B6B83F47-7446-4E7C-97E5-27596803780E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{45A07B78-43C3-4FF9-99BE-450159D534EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B64A60EC-7ABF-4AC3-8723-E2E4A268663E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BA823A81-F9F9-4509-AD11-50871818A3D4}] => (Allow) LPort=1900
FirewallRules: [{C020560D-B2F6-4AFB-9602-E7FE4F36FA22}] => (Allow) LPort=2869
FirewallRules: [{DA559833-D4A8-4FA4-85BC-6140C8595D3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D009B1B0-29CD-4A15-8676-1D7E51C327F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{273DE542-82F9-4F37-AA2A-E4FEF3581A62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{02063DAF-2652-4473-9CCB-E8F8281625E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B35E932-D77A-4EE4-9C17-CC82FE2A52AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{33A64F54-BEF4-421D-886F-378B3A17CF8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DFA72DB3-5311-4BC9-9040-08B07B6A7994}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E545F16F-D1EA-4E39-A961-809193599A1B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{3F227998-3EE2-4BA7-BE5C-E22BC601F399}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3E1A4184-7019-4903-842E-1A95DE35B3DF}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BC603971-9108-4098-A0E0-C9488FD98CE0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{3D3A1646-F63A-4A76-801A-006800FDDA77}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{7EA0D9AE-7B09-4912-AE41-8AED76904CD3}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [UDP Query User{1354F315-32BF-4099-A958-5884A0151594}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [TCP Query User{903F86CD-ADDB-4F75-B103-2BEB39FE7DD5}C:\users\helen\desktop\secondlifeviewer\slvoice.exe] => (Block) C:\users\helen\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{6DFDF29A-D47C-4AC2-94E0-4E3B7FAEBABB}C:\users\helen\desktop\secondlifeviewer\slvoice.exe] => (Block) C:\users\helen\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{3ED77A88-1280-4352-B58E-3D1E9C4FF63A}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{371644E6-C095-494A-81C1-8D1301C9E5FC}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4134396A-D730-4D85-A986-3236C3185EF6}C:\users\helen\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{59268E5D-E919-4846-A650-562ED28BF864}C:\users\helen\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{73441189-5584-48DD-9D95-E8DA317A8019}C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{98391BFA-74F3-4803-B779-2548EA9365E5}C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [TCP Query User{DB9C7446-F7B6-4C0C-ABC6-5B94A34E19A6}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [UDP Query User{E17191F1-2FCF-4D83-90B9-71C82746D6A2}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [TCP Query User{18E55351-0374-4588-9209-E4FC46C59EB9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B77409A1-E5DE-4C44-87C8-08B01E4F3569}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{FB3F4304-CC6C-4FD9-827D-777AE09EC318}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{64B9F69E-F620-4677-8F62-245C72B3536D}C:\users\helen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\helen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{72A1BA4D-B869-48A1-AA84-BDF11A5E175B}C:\users\helen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\helen\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8DABF5CE-6420-44DB-B69C-2CE9F08F7C3A}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{5022CFCB-2CC2-4478-A704-AC5412B901B2}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{2737C6A1-FCCC-4ED8-8EFA-CA41C9460CB0}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [UDP Query User{988188E5-99CE-471B-8EB6-C8B720FFB75F}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [TCP Query User{A77B543C-5208-4D88-866F-E3B6BEEB1B51}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{16517458-4D0B-4F0A-8B6A-A30B82A7AACF}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{162D6D26-4627-45DD-BD02-F7A82FE33277}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{732EEC98-7708-4F29-83C7-43EAACBFD3B7}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{87759DFE-79B6-451F-A7DB-D197B838A80D}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{76641115-152A-4F0B-986C-395064A0F3E4}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{80DE36A5-0CC0-4A21-BB00-BAD294741B88}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => (Allow) C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [UDP Query User{6E5AB2B6-DB68-4855-B800-36F7D0C65A50}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => (Allow) C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [{B4036589-123F-4815-87C3-4ECFB011314A}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{94A2DE39-73DA-4B69-AEEF-79DF8D2BDF86}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{D9D1918B-6FBF-4C79-A73F-384AB4CC7CC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F4F5C91-D9D5-4A51-AEDE-C7CD82A9588C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4344B23-ED80-4116-BFE5-BEBC1AF88263}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{60CB10A3-B46B-4BDF-AF07-C3926CC8F539}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CF17B1B5-5281-47CA-88E3-3902C18BB1AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{688A68DF-65FA-43BA-A1A1-DCD0764A4201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{A11CD566-AEB9-4EA9-B3E6-95E206151088}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{3333A87B-832A-4244-A794-56B7766E7E49}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{F5DF5364-4F28-4BA4-B611-2923CCE8BCC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{38802C04-79FE-4DA4-9884-450E87DE3C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{9D1F6657-47AC-4787-9511-D3E47053CDA2}] => (Allow) C:\Users\Helen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7A084805-D6B3-41BB-9FAF-AAD8BBCD514D}] => (Allow) C:\Users\Helen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1FDB9832-0A33-4463-90B0-63F6DEDFFD47}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{47351884-AC08-4B38-B871-C1F5893BAEBE}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{D2B69A72-6D87-4D70-8354-99A7CC9A6ABD}C:\program files (x86)\slv\slvoice.exe] => (Block) C:\program files (x86)\slv\slvoice.exe
FirewallRules: [UDP Query User{03C98CBF-79DB-40DD-A1A5-C640A0D55268}C:\program files (x86)\slv\slvoice.exe] => (Block) C:\program files (x86)\slv\slvoice.exe
FirewallRules: [TCP Query User{DBCD3B63-9350-4D26-882B-9ABAB0870B06}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [UDP Query User{B6A8B5FB-6EA1-4196-B893-8144A2EA3410}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [{C7934333-29D5-466F-B175-B032D846D7D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2523FA86-419D-466B-A953-3FC8324C7867}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4E7E95F9-23F4-429C-B158-5DE43180A2C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{4B8908DC-00DD-4971-90A2-896A12410E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{BCFAC982-EBD4-42E1-B7D7-7B00F6EF89E7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A63579C7-527F-4081-A264-65A63CA63066}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{F92AC4E7-DE65-4F7D-AFC5-77C21F29790A}C:\users\helen\appdata\local\vghd\bin\vghd.exe] => (Allow) C:\users\helen\appdata\local\vghd\bin\vghd.exe
FirewallRules: [UDP Query User{081EDCDB-5BA3-45DF-8B7C-C18C453BEAB1}C:\users\helen\appdata\local\vghd\bin\vghd.exe] => (Allow) C:\users\helen\appdata\local\vghd\bin\vghd.exe
FirewallRules: [TCP Query User{8B5766F4-8680-4E6F-8D71-2A05C1E0FD3A}C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe
FirewallRules: [UDP Query User{0AF078FA-5B3F-4747-A8C6-CC189398AFF2}C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe
FirewallRules: [TCP Query User{481B1F8A-B360-4E9C-B34C-883BA5E309A0}C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe] => (Allow) C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe
FirewallRules: [UDP Query User{E63D5A46-8440-4C7D-B2CF-83A1729BAD52}C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe] => (Allow) C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe
FirewallRules: [{4DD53874-1607-425B-AE25-440D1B94127D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-03-2018 18:50:51 Scheduled Checkpoint
10-04-2018 16:52:50 restore point uno

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2018 09:24:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.18946, time stamp: 0x5a9a3a38
Exception code: 0xc0000142
Fault offset: 0x00000000000ecf30
Faulting process id: 0xb9c
Faulting application start time: 0x01d3d2c62621cbef
Faulting application path: C:\WINDOWS\System32\rundll32.exe
Faulting module path: USER32.dll
Report Id: 64fabd86-3eb9-11e8-bec8-240a646e54e5
Faulting package full name:
Faulting package-relative application ID:

Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Registry Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer System Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (04/09/2018 08:51:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The process cannot access the file because it is being used by another process.


System errors:
=============
Error: (04/12/2018 08:23:33 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (04/12/2018 08:23:02 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (04/12/2018 04:12:54 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (04/09/2018 09:03:49 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (04/09/2018 09:03:19 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (04/09/2018 08:53:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/09/2018 08:53:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/09/2018 08:49:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.


Windows Defender:
===================================
Date: 2018-04-12 20:23:05.651
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1F360583-CFDD-431B-B856-F6D2B7FA49DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-09 21:03:51.541
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5ECD261E-59C8-4C02-ADBF-7BA01F8FAC1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-09 19:12:19.162
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {9F8B7ADC-8771-43F0-8BF6-E1D176ED25C8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-08 19:11:47.970
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {0AE19DD6-658C-4914-8D95-1897EFC5CEF5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-06 16:20:54.119
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B34E58D8-33CD-4F0E-9938-08847D4A9E49}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-16 16:39:29.806
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.524.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-04-16 16:39:29.806
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.524.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-04-16 16:39:28.735
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-04-16 16:39:28.735
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-04-16 16:39:16.902
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.524.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 76%
Total physical RAM: 8109.48 MB
Available physical RAM: 1935.05 MB
Total Virtual: 15277.48 MB
Available Virtual: 5905.09 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.96 GB) (Free:622.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DIABLO) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

\\?\Volume{b9e7f4ef-af0e-4833-8d18-8734083c2c23}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.56 GB) NTFS
\\?\Volume{7715cf4e-3bdc-4576-a1f3-3515654215ac}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{58e02f92-09df-465c-b69a-1bd36bd53726}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5B98F280)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by RKinner, 24 April 2018 - 08:24 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,887 posts
  • MVP

No sign of an infection but something is not right.

 

Go into msconfig and recheck everything you have unchecked.  If there is something you don't need uninstall it instead.

 

Also uninstall:

Skype Click to Call (this is not Skype - just an annoying thing that turns all random nine digit numbers into phone numbers.)

 

Unless you are sure you need it also uninstall Java.  This is a favorite malware target and is hardly used these days.

 

Let's clear out some deadwood with a FRST fixlist:

 

Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   3.19KB   40 downloads

Run FRST and press Fix
A fix log will be generated please post that
Open an elevated command prompt:

http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


Run Process Explorer as before and post the log.

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

 

 

 


  • 0

#13
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

here is the requested information.  I ran the command prompt and problems were found and fixed

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,887 posts
  • MVP

Could you post the fixlog from when you ran the fixlist?

 

Also can you do the VEW at the end of the last post?

 

Process Explorer is looking much better now.  Should be a bit quicker responding.


  • 0

#15
bm2x

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

fixlog and vew

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP