Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Assistance in finding/removing malware

Started by bm2x , Apr 17 2018 02:50 PM

  • Please log in to reply

#16
RKinner
Posted 26 April 2018 - 04:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I was concerned about this line in your FRST scan:
 

HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()

 

 

so I put in a line in the fixlist to look at the registry entry and it shows:

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    RTHDVCPL    REG_SZ    "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    RtHDVBg    REG_SZ    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
    ETDCtrl    REG_EXPAND_SZ    %ProgramFiles%\Elantech\ETDCtrl.exe
    UMonit64    REG_SZ    C:\Windows\SysWOW64\UMonit64.exe
    NvBackend    REG_SZ    "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    WindowsDefender    REG_EXPAND_SZ    "%ProgramFiles%\Windows Defender\MSASCuiL.exe"

 

Note that the ETDCtrl & UMonit64 entries are missing the quotes.  There may also be some unprintable characters after the path of the UMonit64 and that is why we get the line of stars.  Another possibility is that it has something to do with the fact that both entries are unchecked in msconfig as we can see from the addition.txt:

 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "UMonit64"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Gyazo"

 

I asked you in a previous post to go back into msconfig and recheck everything but you apparently missed that step.  Please do so now (reboot)  then post a new FRST scan so I can be sure before I try to fix it.

 

Also Speccy claims your PC is running hot.  Speccy is sometimes wrong so let's get another opinion:

 

Get  Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.


  • 0

Advertisements

#17
bm2x
Posted 26 April 2018 - 04:44 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Okay, I dowloaded speedfan, but I have a laptop, not a pc, so those fix options are viabale, or not?  My temps are 43-48C (109-118F) after prolonged use.

 

In MSCONFIG, everything is checked, so I am unsure how to proceede.  I am rebooting now (after I made sure all of MSCONFIG was checked) and will run and post my FRST results


  • 0

#18
bm2x
Posted 26 April 2018 - 04:57 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by William (26-04-2018 18:53:18)
Running from C:\Users\Helen\Desktop
Windows 8.1 (Update) (X64) (2015-02-24 20:34:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1890713058-2806932541-3226652281-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1890713058-2806932541-3226652281-1005 - Limited - Enabled)
Guest (S-1-5-21-1890713058-2806932541-3226652281-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1890713058-2806932541-3226652281-1004 - Limited - Enabled)
William (S-1-5-21-1890713058-2806932541-3226652281-1002 - Administrator - Enabled) => C:\Users\Helen
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - )
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - )
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.99 - Broadcom Corporation)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Install Manager (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\DAZ Install Manager 1.1.0.74) (Version: 1.1.0.74 - DAZ 3D)
Diablo (HKLM-x32\...\Diablo) (Version:  - )
Diablo (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Diablo) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.)
Dungeons & Dragons Online™: Stormreach™ v04.01.33.0131 (HKLM-x32\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 04.01.33.0131 - Atari, Inc.)
ETDWare PS/2-X64 11.5.9.1_WHQL (HKLM\...\Elantech) (Version: 11.5.9.1 - ELAN Microelectronic Corp.)
FirestormOS-Releasex64 (HKLM\...\FirestormOS-Releasex64) (Version: 5.0.7.52912 - The Phoenix Firestorm Project, Inc.)
G4E (HKLM-x32\...\{876A0B91-9E2F-562E-D1F6-C9D8F3C85894}) (Version: 1.7 - UNKNOWN) Hidden
G4E (HKLM-x32\...\G4E) (Version: 1.7 - UNKNOWN)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.8.329115 - Linden Research, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6955 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-07-22] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DCE724-E914-4FC9-BA94-CBFBCAA9E0F8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {2F084D86-B330-4E85-9F36-D6870C04FF6B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {32A10A56-E9D1-4FED-8903-6F68403B72B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {3A33E21B-EC11-4A67-9969-6C56938DA72D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {4133EF87-9EA0-43F3-B159-104C11D129E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {46957674-5A56-4C06-B031-0D18D77E3A11} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {52F0E938-9493-4C50-9CD9-4D48F1DDCE7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {53260357-5DEE-44A0-BAE5-413AB62A09B0} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {5E0106D2-1337-493B-8AEB-2EF94A1A7BBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {82449A1C-308D-4C26-9639-0E560FBAB155} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {8F481014-2626-43C6-AA03-60C5D60C65DC} - System32\Tasks\{8FDAF6B1-D4FE-425E-B887-9607E74D5089} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\"
Task: {A4154356-8974-408B-BC20-5A0AB760631D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-04] (ASUS)
Task: {B0A92E6E-F561-415E-9595-CB6ECFA0BFA6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {B1A8A353-590E-4BE0-A79E-3254A555583B} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {B721765F-2585-4785-B5C7-2BD7FA78C5C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C401E0D2-FBE4-4581-AECE-C618E1F0FE85} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {D20C4A0E-56E7-41BC-8E2E-0D5D983305FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D81E9C26-D40F-4429-8A05-F1BC0625731F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {DC693585-5FFB-41E1-AA4E-281BB09CF32B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {DE34117A-775A-4D95-9442-61FA71892578} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481
 
ShortcutWithArgument: C:\Users\Helen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\[email protected] - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Helen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Thomas - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-24 06:42 - 2015-07-22 21:31 - 000116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-19 02:10 - 2012-12-19 02:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-05-20 15:52 - 2013-05-20 15:52 - 000049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2018-02-15 13:03 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-07-23 12:54 - 2013-07-23 12:54 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-07-04 02:59 - 2015-07-04 02:59 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2018-03-20 21:20 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-20 21:20 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2013-04-29 17:17 - 2013-04-29 17:17 - 000587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-05-25 16:14 - 2016-05-02 02:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-10 19:07 - 2018-01-10 22:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-04-10 19:07 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-04-10 19:07 - 2018-04-02 19:34 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll
2017-04-10 19:07 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-04-10 19:07 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-19 00:29 - 2017-12-19 21:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-04-10 19:07 - 2018-04-02 19:34 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-04-10 19:07 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-12 00:32 - 2017-09-06 22:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-04-10 19:09 - 2017-12-13 17:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-04-10 19:07 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2013-09-22 17:26 - 2013-06-23 23:05 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-12 17:08 - 2015-02-12 17:08 - 000012288 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-01-11 03:35 - 000000834 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Helen\Desktop\Venom Background.BMP
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "UMonit64"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Gyazo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E06AF586-5A39-4BAE-BD9D-170780FF2476}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{16BF11DE-4CD2-4878-B6EC-3E6636D906F3}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{70547C1E-6E46-472A-B8A9-E6FF0D1AF32F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{EAE7BE05-3561-48BB-8C09-8BCF92543DCD}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{900FCC64-4C7A-4012-8B76-F02384117041}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{BC970E24-9DF6-49DF-992A-BCFA173F2CFF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2A029294-8A02-402F-99D0-08C5F99B2E39}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B6B83F47-7446-4E7C-97E5-27596803780E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{45A07B78-43C3-4FF9-99BE-450159D534EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B64A60EC-7ABF-4AC3-8723-E2E4A268663E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BA823A81-F9F9-4509-AD11-50871818A3D4}] => (Allow) LPort=1900
FirewallRules: [{C020560D-B2F6-4AFB-9602-E7FE4F36FA22}] => (Allow) LPort=2869
FirewallRules: [{DA559833-D4A8-4FA4-85BC-6140C8595D3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D009B1B0-29CD-4A15-8676-1D7E51C327F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{273DE542-82F9-4F37-AA2A-E4FEF3581A62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{02063DAF-2652-4473-9CCB-E8F8281625E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B35E932-D77A-4EE4-9C17-CC82FE2A52AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{33A64F54-BEF4-421D-886F-378B3A17CF8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DFA72DB3-5311-4BC9-9040-08B07B6A7994}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E545F16F-D1EA-4E39-A961-809193599A1B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{3F227998-3EE2-4BA7-BE5C-E22BC601F399}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3E1A4184-7019-4903-842E-1A95DE35B3DF}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BC603971-9108-4098-A0E0-C9488FD98CE0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{3D3A1646-F63A-4A76-801A-006800FDDA77}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{7EA0D9AE-7B09-4912-AE41-8AED76904CD3}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [UDP Query User{1354F315-32BF-4099-A958-5884A0151594}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [TCP Query User{903F86CD-ADDB-4F75-B103-2BEB39FE7DD5}C:\users\helen\desktop\secondlifeviewer\slvoice.exe] => (Block) C:\users\helen\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{6DFDF29A-D47C-4AC2-94E0-4E3B7FAEBABB}C:\users\helen\desktop\secondlifeviewer\slvoice.exe] => (Block) C:\users\helen\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{3ED77A88-1280-4352-B58E-3D1E9C4FF63A}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{371644E6-C095-494A-81C1-8D1301C9E5FC}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4134396A-D730-4D85-A986-3236C3185EF6}C:\users\helen\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{59268E5D-E919-4846-A650-562ED28BF864}C:\users\helen\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{73441189-5584-48DD-9D95-E8DA317A8019}C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{98391BFA-74F3-4803-B779-2548EA9365E5}C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [TCP Query User{DB9C7446-F7B6-4C0C-ABC6-5B94A34E19A6}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [UDP Query User{E17191F1-2FCF-4D83-90B9-71C82746D6A2}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [TCP Query User{18E55351-0374-4588-9209-E4FC46C59EB9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B77409A1-E5DE-4C44-87C8-08B01E4F3569}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{FB3F4304-CC6C-4FD9-827D-777AE09EC318}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{64B9F69E-F620-4677-8F62-245C72B3536D}C:\users\helen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\helen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{72A1BA4D-B869-48A1-AA84-BDF11A5E175B}C:\users\helen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\helen\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8DABF5CE-6420-44DB-B69C-2CE9F08F7C3A}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{5022CFCB-2CC2-4478-A704-AC5412B901B2}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{2737C6A1-FCCC-4ED8-8EFA-CA41C9460CB0}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [UDP Query User{988188E5-99CE-471B-8EB6-C8B720FFB75F}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [TCP Query User{A77B543C-5208-4D88-866F-E3B6BEEB1B51}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{16517458-4D0B-4F0A-8B6A-A30B82A7AACF}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{162D6D26-4627-45DD-BD02-F7A82FE33277}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{732EEC98-7708-4F29-83C7-43EAACBFD3B7}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{87759DFE-79B6-451F-A7DB-D197B838A80D}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{76641115-152A-4F0B-986C-395064A0F3E4}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{80DE36A5-0CC0-4A21-BB00-BAD294741B88}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => (Allow) C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [UDP Query User{6E5AB2B6-DB68-4855-B800-36F7D0C65A50}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => (Allow) C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe
FirewallRules: [{B4036589-123F-4815-87C3-4ECFB011314A}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{94A2DE39-73DA-4B69-AEEF-79DF8D2BDF86}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{D9D1918B-6FBF-4C79-A73F-384AB4CC7CC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F4F5C91-D9D5-4A51-AEDE-C7CD82A9588C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4344B23-ED80-4116-BFE5-BEBC1AF88263}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{60CB10A3-B46B-4BDF-AF07-C3926CC8F539}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CF17B1B5-5281-47CA-88E3-3902C18BB1AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{688A68DF-65FA-43BA-A1A1-DCD0764A4201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{A11CD566-AEB9-4EA9-B3E6-95E206151088}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{3333A87B-832A-4244-A794-56B7766E7E49}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{F5DF5364-4F28-4BA4-B611-2923CCE8BCC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{38802C04-79FE-4DA4-9884-450E87DE3C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{9D1F6657-47AC-4787-9511-D3E47053CDA2}] => (Allow) C:\Users\Helen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7A084805-D6B3-41BB-9FAF-AAD8BBCD514D}] => (Allow) C:\Users\Helen\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1FDB9832-0A33-4463-90B0-63F6DEDFFD47}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{47351884-AC08-4B38-B871-C1F5893BAEBE}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{D2B69A72-6D87-4D70-8354-99A7CC9A6ABD}C:\program files (x86)\slv\slvoice.exe] => (Block) C:\program files (x86)\slv\slvoice.exe
FirewallRules: [UDP Query User{03C98CBF-79DB-40DD-A1A5-C640A0D55268}C:\program files (x86)\slv\slvoice.exe] => (Block) C:\program files (x86)\slv\slvoice.exe
FirewallRules: [TCP Query User{DBCD3B63-9350-4D26-882B-9ABAB0870B06}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [UDP Query User{B6A8B5FB-6EA1-4196-B893-8144A2EA3410}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe
FirewallRules: [{C7934333-29D5-466F-B175-B032D846D7D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2523FA86-419D-466B-A953-3FC8324C7867}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4E7E95F9-23F4-429C-B158-5DE43180A2C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{4B8908DC-00DD-4971-90A2-896A12410E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{BCFAC982-EBD4-42E1-B7D7-7B00F6EF89E7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A63579C7-527F-4081-A264-65A63CA63066}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{F92AC4E7-DE65-4F7D-AFC5-77C21F29790A}C:\users\helen\appdata\local\vghd\bin\vghd.exe] => (Allow) C:\users\helen\appdata\local\vghd\bin\vghd.exe
FirewallRules: [UDP Query User{081EDCDB-5BA3-45DF-8B7C-C18C453BEAB1}C:\users\helen\appdata\local\vghd\bin\vghd.exe] => (Allow) C:\users\helen\appdata\local\vghd\bin\vghd.exe
FirewallRules: [TCP Query User{8B5766F4-8680-4E6F-8D71-2A05C1E0FD3A}C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe
FirewallRules: [UDP Query User{0AF078FA-5B3F-4747-A8C6-CC189398AFF2}C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe
FirewallRules: [TCP Query User{481B1F8A-B360-4E9C-B34C-883BA5E309A0}C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe] => (Allow) C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe
FirewallRules: [UDP Query User{E63D5A46-8440-4C7D-B2CF-83A1729BAD52}C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe] => (Allow) C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe
FirewallRules: [{4DD53874-1607-425B-AE25-440D1B94127D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-04-2018 16:52:50 restore point uno
18-04-2018 18:52:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/26/2018 06:45:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARTOVICH)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/26/2018 06:45:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARTOVICH)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/26/2018 06:45:34 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:45:34 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:45:33 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:45:33 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:45:33 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:45:33 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:10:17 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (04/26/2018 06:09:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8109.48 MB
Available physical RAM: 5895.02 MB
Total Virtual: 12973.48 MB
Available Virtual: 10663.28 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:909.96 GB) (Free:626.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DIABLO) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
 
\\?\Volume{b9e7f4ef-af0e-4833-8d18-8734083c2c23}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.56 GB) NTFS
\\?\Volume{7715cf4e-3bdc-4576-a1f3-3515654215ac}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{58e02f92-09df-465c-b69a-1bd36bd53726}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5B98F280)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#19
RKinner
Posted 26 April 2018 - 09:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Contrary to what Speccy said it doesn't look like your laptop is getting too hot.  That's why we got the second opinion.  You can uninstall Speccy now.

 

(The instructions were for a laptop)

 

Not sure why FRST is claiming that the items aren't checked.  Will have to ask Farber about it.

 

Are you comfortable with regedit?  Can you go in and look at

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

(right click and Export call it Run in case you mess up then you can restore it.)

 

then in the right pane double click on UMonit64

 

change its value to

 

"C:\Windows\SysWOW64\UMonit64.exe"

with the quotes.  Make sure there is nothing after the last quote. Then run FRST scan again.  See if the ****'s are still there.

 

If you are not comfortable with regedit then we can use a fix.reg.  Copy the text between the stars:

 

***********************************

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit64"="C:\\windows\\SysWOW64\\UMonit64.exe"
 

***********************************

 

Open notepad and Edit, Paste and the copied text should appear. File, SaveAs (to your desktop) name it "fix.reg" and do not forget the quotes or it will tack on a .txt extension.  Close notepad then find fix.reg on your desktop and right click on it and Merge.  Yes, Yes, OK.  That should do the same as manually editing the registry.


  • 0

#20
bm2x
Posted 29 April 2018 - 08:23 AM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

SO I tried saving the file as a *.reg and I got this error after trying to merge it

 

nogooditsfullofsteam.png


  • 0

#21
RKinner
Posted 29 April 2018 - 08:42 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Did you right click on fix.reg and select MERGE?  Sounds like you may have tried to import it from within regedit.


  • 0

#22
bm2x
Posted 29 April 2018 - 06:54 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I right click, select "merge" get a windows popup that confirms I'm making a change to the system, get the attached popup and then the error 

 

 

1pop.png


  • 0

#23
RKinner
Posted 29 April 2018 - 09:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

That's the standard warning.  Just tell it Yes.


  • 0

#24
bm2x
Posted 30 April 2018 - 02:26 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

then it gives me the error


  • 0

#25
RKinner
Posted 01 May 2018 - 02:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Not sure why.  When I export the key I get text and not binary for that type of entry.  Expect you will need to go into regedit and try to change it manually or perhaps you could just uninstall the program associated with it and then reinstall it?


  • 0

Advertisements

#26
bm2x
Posted 01 May 2018 - 02:25 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Can you please walk me through using regedit?  Also, Malwarebytes just alerted me that "PUP.Optional.Conduit" is no good and in my Chrome browser.  Is there a way to permanently delete this?


  • 0

#27
RKinner
Posted 01 May 2018 - 04:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

With Chrome you have to go into the service menu.  Click on the three stacked dots at the top right then on More Tools then Extensions.  It should show you all of the extensions you have.  Find the one from Conduit and Remove. 

 

To edit the registry:

Search for

regedit.exe

hit Enter

 

The Registry Editor should open.  Find HKEY_LOCAL_MACHINE

 

Click on the arrow in front of it to open it up

 

Now click on the arrow in front of Software which should be under HKEY_LOCAL_MACHINE

 

 

Do the same for Microsoft

 

then Windows

 

then CurrentVersion

 

and finally click on Run

 

Look in the right pane for

 

UMonit64

 

double click on it and a small window will open.

 

Make it say

"C:\windows\SysWOW64\UMonit64.exe"

 

make sure there is nothing after the last quote

OK. 

 

While there  make sure it says REG_SZ in the type column.


  • 0

#28
bm2x
Posted 01 May 2018 - 05:33 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I followed your instructions using regedit: thank you very much.

 

I also looked at my extensions but I do not have any from conduit, only what is in this pictension.png


  • 0

#29
RKinner
Posted 01 May 2018 - 08:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Run a FRST scan again with Addition.txt checked and post both logs.


  • 0

#30
bm2x
Posted 03 May 2018 - 05:09 PM

bm2x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

ran and attached

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP