Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Interfering with Network Connection


  • Please log in to reply

#1
Rydon

Rydon

    Member

  • Member
  • PipPip
  • 57 posts

So I've been having trouble connecting to the internet on my desktop. I thought that there was an issue with my router at first so I reset it, I called tech support, and I've been spending all day fiddling with the DNS settings. Whenever i restart my system there's a brief window where I can connect to the internet but then it locks me out again. I have reason to believe that this is a virus. None of my other devices are having this issue and my computer is hardwired to my router via ethernet cable. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Ryan (administrator) on DESKTOP-ES8F9HD (13-11-2018 16:00:22)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-24] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\Run: [Spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-23] (Spotify Ltd)
HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\Run: [Discord] => C:\Users\Ryan\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-09] (Valve Corporation)
HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [34910608 2018-11-05] (Epic Games, Inc.)
HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\RunOnce: [Application Restart #0] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-23] (Spotify Ltd)
HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\MountPoints2: {6b648183-8097-11e8-9e75-6045cb6fabaf} - "E:\LaunchU3.exe" -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2ca7425f-5e08-4c1f-9c05-bea2b537bf8d}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-11] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-11] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2018-11-13]
CHR Extension: (Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
CHR Extension: (Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
CHR Extension: (Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
CHR Extension: (XKit) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2018-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (AdBlock) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-16]
CHR Extension: (Avast Online Security) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-24] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-24] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-24] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-10-31] (@ByELDI) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Creative Technology Ltd.)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-10-24] (AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-10-24] (AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-10-24] (AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-10-24] (AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-10-24] (AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-16] (AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185240 2018-10-24] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-10-24] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-10-24] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-10-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-10-24] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-10-24] (AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-10-24] (AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-10-24] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-10-24] (AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-10-24] (AVAST Software)
S3 CtxHdb; C:\WINDOWS\system32\DRIVERS\Ctxhdb.sys [48400 2017-06-22] (Creative Technology Ltd)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-11-04] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-11-04] (Disc Soft Ltd)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-16] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-13] (Malwarebytes)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_485c1c3102021986\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-06-24] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-19] (Realtek )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-13 16:00 - 2018-11-13 16:00 - 000015526 _____ C:\Users\Ryan\Desktop\FRST.txt
2018-11-13 15:59 - 2018-11-13 15:59 - 000045373 _____ C:\Users\Ryan\Downloads\Addition.txt
2018-11-13 15:58 - 2018-11-13 16:00 - 000000000 ____D C:\FRST
2018-11-13 15:58 - 2018-11-13 15:59 - 000026518 _____ C:\Users\Ryan\Downloads\FRST.txt
2018-11-13 15:58 - 2018-11-13 15:58 - 002415616 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2018-11-13 15:46 - 2018-11-13 15:58 - 000116314 _____ C:\WINDOWS\ntbtlog.txt
2018-11-13 15:46 - 2018-11-13 15:46 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-13 15:46 - 2018-11-13 15:46 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-11-13 15:23 - 2018-11-13 15:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-13 15:23 - 2018-11-13 15:23 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-11-13 14:59 - 2017-10-19 22:32 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-11-13 14:58 - 2018-11-13 14:58 - 000000000 ____D C:\Users\Ryan\Desktop\Realtek_LAN_RS3_10.23.1003.2017
2018-11-13 13:52 - 2018-11-13 13:52 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-11-09 13:58 - 2018-11-09 13:59 - 206156875 _____ C:\Users\Ryan\Downloads\Various Artists - 9th Wonder Presents_ Jamla Is The Squad II (2018).zip
2018-11-09 01:38 - 2018-11-09 01:38 - 000000000 ___HD C:\$AV_ASW
2018-11-09 00:03 - 2018-11-09 00:04 - 000000000 ____D C:\Users\Ryan\Downloads\Various Artists - 9th Wonder Presents_ Jamla Is The Squad II (2018)
2018-11-08 13:20 - 2018-11-09 01:38 - 000000000 ____D C:\Program Files\KMSpico
2018-11-08 13:20 - 2018-11-08 13:20 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2018-11-08 13:20 - 2018-11-08 13:20 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2018-11-08 13:20 - 2018-11-08 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2018-11-08 13:20 - 2010-12-05 21:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2018-11-06 14:53 - 2018-11-06 14:53 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\MPC-HC
2018-11-06 13:43 - 2018-11-06 13:44 - 036797792 _____ C:\Users\Ryan\Downloads\SSSS.GRIDMAN OP.hikarinoakariost.zip
2018-11-06 09:35 - 2018-11-06 09:36 - 000000000 ____D C:\Users\Ryan\Downloads\OxT - UNION (Single) SSSS.GRIDMAN OP
2018-10-24 16:15 - 2018-10-24 16:14 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-10-24 16:15 - 2018-10-24 16:14 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-10-24 10:47 - 2018-10-24 10:47 - 000040456 _____ C:\Users\Ryan\Downloads\[RyRo]_Inazuma_Eleven_Orion_no_Kokuin_-_02v1_(720p)_[EE9542D8].mkv.torrent
2018-10-24 10:47 - 2018-10-24 10:47 - 000027876 _____ C:\Users\Ryan\Downloads\[RyRo]_Inazuma_Eleven_Orion_no_Kokuin_-_01v1_(720p)_[90682A99].mkv.torrent
2018-10-21 23:38 - 2018-10-24 12:42 - 000000000 ____D C:\Users\Ryan\Downloads\Cardfight Vanguard Area 3.05
2018-10-20 00:42 - 2018-10-20 00:42 - 000000000 ____D C:\Users\Ryan\Downloads\Prelude.hikarinoakari
2018-10-18 12:12 - 2017-05-01 18:08 - 000000252 ____N C:\Users\Ryan\Downloads\readme.txt
2018-10-17 09:39 - 2018-10-17 09:43 - 000000000 ____D C:\Users\Ryan\Downloads\Official HIGE DANdism - Stand by You (Single) Hinomaru Sumo OP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-13 15:53 - 2018-06-12 00:25 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-13 15:53 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-13 15:45 - 2018-06-12 00:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-13 15:45 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-13 15:44 - 2018-06-17 16:29 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-13 15:43 - 2018-05-12 02:03 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-13 15:43 - 2018-05-11 23:18 - 000000000 ____D C:\Users\Ryan\AppData\Local\Spotify
2018-11-13 15:42 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-13 15:41 - 2018-06-12 00:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-13 15:27 - 2018-06-12 00:21 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-11-13 15:18 - 2018-05-11 23:18 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Spotify
2018-11-13 14:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-13 14:30 - 2018-05-19 18:56 - 000000000 ____D C:\Users\Ryan\AppData\Local\Pokemon Showdown
2018-11-13 13:43 - 2018-06-12 00:21 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-585004741-812547592-3513941725-1001
2018-11-13 13:43 - 2018-06-12 00:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-13 12:41 - 2018-06-12 00:17 - 000000000 ____D C:\Users\Ryan
2018-11-12 23:09 - 2018-06-12 00:17 - 000002360 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-12 23:09 - 2018-05-11 23:13 - 000000000 ___RD C:\Users\Ryan\OneDrive
2018-11-12 22:58 - 2018-05-11 23:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-12 22:58 - 2018-05-11 23:15 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-12 13:23 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-11 00:31 - 2018-05-12 20:07 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Azureus
2018-11-10 23:13 - 2018-05-12 20:07 - 000000000 ____D C:\Users\Ryan\Documents\Vuze Downloads
2018-11-09 15:24 - 2018-05-12 20:37 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2018-11-09 15:04 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-07 23:28 - 2018-09-18 23:32 - 000000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2018-10-31 17:01 - 2018-07-24 09:21 - 000003458 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003256 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003212 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003076 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003044 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000002974 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000002898 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-07-24 09:21 - 000002804 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-31 17:01 - 2018-06-12 00:21 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-31 17:01 - 2018-06-12 00:21 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-27 21:04 - 2018-10-11 12:52 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-25 21:15 - 2018-05-11 23:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\discord
2018-10-25 18:55 - 2018-06-22 11:56 - 000000000 ____D C:\WINDOWS\Minidump
2018-10-24 16:15 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-24 16:15 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-24 16:14 - 2018-06-12 00:06 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-10-24 16:14 - 2018-06-12 00:06 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-10-24 16:14 - 2018-05-11 23:24 - 000185240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-10-23 11:07 - 2018-07-11 01:29 - 000000000 ____D C:\ProgramData\Packages
2018-10-19 14:21 - 2018-08-21 11:34 - 000000000 ____D C:\Users\Ryan\Desktop\District applicants
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-12 00:16
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by Ryan (13-11-2018 16:00:40)
Running from C:\Users\Ryan\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-06-12 05:21:10)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-585004741-812547592-3513941725-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-585004741-812547592-3513941725-503 - Limited - Disabled)
Guest (S-1-5-21-585004741-812547592-3513941725-501 - Limited - Disabled)
Ryan (S-1-5-21-585004741-812547592-3513941725-1001 - Administrator - Enabled) => C:\Users\Ryan
WDAGUtilityAccount (S-1-5-21-585004741-812547592-3513941725-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.2.202 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Discord (HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Droid Transfer (HKLM-x32\...\{15E6FF4D-AF9A-4344-AD90-7E69F739010C}) (Version: 1.20 - Wide Angle Software)
Epic Games Launcher (HKLM-x32\...\{E7B62E3F-0F70-4119-89A2-28DE1C3873CC}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GIMP 2.10.0 (HKLM\...\GIMP-2_is1) (Version: 2.10.0 - The GIMP Team)
Google Chrome (HKLM\...\{8F835491-C2E8-3875-B886-D08DE0341A7A}) (Version: 70.0.3538.102 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Ori and The Blind Forest - Definitive Edition (HKLM-x32\...\1384944984_is1) (Version: 2.0.0.2 - GOG.com)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-585004741-812547592-3513941725-1001\...\Spotify) (Version: 1.0.92.390.g2ce5ec7d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-24] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-24] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-24] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-24] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {300F0B8C-06EC-4C3D-9644-84EBF210704D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-19] (NVIDIA Corporation)
Task: {380DB80D-4947-48A3-8A3D-EE6955A1FB43} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {54655D4B-32C1-4CB9-B766-DDB76C858632} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {54E5C0CD-362E-4C51-8FC6-00E1D118E535} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {602A2DAF-0B9D-4783-A40C-0946E4030AAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-11] (Google Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6ACEE899-516D-4B24-AACB-8219E58C8B44} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {8BA3CC49-F35E-4523-9055-922C22ECAA41} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {91D5D8FD-9582-466F-B4B4-AFBF8F22B2A6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-31] (AVAST Software)
Task: {94048C34-1D87-4975-BDEF-3627A338EFF6} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {9540F1D0-4820-4DBC-8A76-9A798965591E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {9F0C50B5-0E6E-40EA-BF70-5C81F8972C13} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {A0B9ABAC-6617-49ED-A429-AB66C0D7FE4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-11] (Google Inc.)
Task: {AE5AEB93-E23B-45AC-8AB8-D5CA2E78A8BD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-24] (AVAST Software)
Task: {B3708ECD-4FAF-4D1E-ACE1-CF5DC313C2C1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-19] (NVIDIA Corporation)
Task: {B816A1A5-1E1D-437D-B15D-C5CEF7DA848B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {E4CE534D-41B2-4F9F-AFE1-1DEE7A9701FA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-19] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-10-11 12:53 - 2018-10-27 21:04 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-10 09:44 - 2018-09-19 22:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-23 11:07 - 2018-10-23 11:07 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-02 23:26 - 2018-10-02 23:26 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-23 11:07 - 2018-10-23 11:07 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-12 22:58 - 2018-11-08 17:14 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libglesv2.dll
2018-11-12 22:58 - 2018-11-08 17:14 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-05-12 02:55 - 2018-05-12 02:54 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-585004741-812547592-3513941725-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C45E5D22-0ECE-4065-A740-DF9CB6EDE800}] => (Allow) C:\Program Files (x86)\Wide Angle Software\Droid Transfer\Droid Transfer.exe
FirewallRules: [UDP Query User{79E45ED2-F095-46BB-97F0-88E7B0EF7F9C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [TCP Query User{10DE96C7-CF40-4ECC-AAA0-A83D0CD3AC36}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [UDP Query User{18249803-37E8-4883-845D-4BDCB0CFF026}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F6219223-2D17-4F30-ACA9-F6F056513F96}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C9C8C564-7961-429F-A165-BE7E7E06448D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe
FirewallRules: [TCP Query User{253EBEF2-112F-4859-9E46-5B705D2611D6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.148\deploy\leagueclient.exe
FirewallRules: [UDP Query User{6D0F04AB-14E4-4351-BD38-5FC0CD6B3F40}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E65CEB59-427A-4B4C-A75E-439997E1E772}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [UDP Query User{5022A801-A8A3-4096-92DF-6EC58D986A5A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [TCP Query User{58DF100C-1899-4D11-9947-858751D0BB21}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.143\deploy\leagueclient.exe
FirewallRules: [{2BB62378-2067-4B10-BEBE-B1A5154E040D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3060DBF9-9295-4045-8724-28E3AA7AB640}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{0B3E4BFA-9840-4F3E-808E-40CFD8CD4966}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [TCP Query User{88842BFD-3BED-4CCC-AEEC-42626146FE94}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe
FirewallRules: [{89EEAC10-8117-4512-85EC-EB623D3D176D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CDF9204-B146-469F-AF40-5BCFC54593AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4AFC5D7A-1629-4ABE-B642-F1B3BE2FE559}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A3503125-26EF-4C52-90CF-F71C61ADE860}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9FAEC70F-A3AE-4F42-A9BB-C75D459C5CAB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{E30DADEA-C5F6-452F-AE9C-746A3F6B9702}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [UDP Query User{170BF759-2E45-4F0D-996B-1D6BD2E518AB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [{2E57CA37-BECA-4FBD-AB25-54366B9BE7AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AE234007-F839-4FBA-A440-36300F22F869}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82BD8DB7-FB03-4B8C-8002-3DA653ECDD05}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6940A8D2-DBD2-4BF1-82B4-368E27C8A790}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{79714B70-4F85-4F9E-91C8-1D34B6A41CEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{483FB5C3-CA79-47DE-8EE6-F750F2A95BF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{CD72096D-FE67-4C4E-8125-E173D565C861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{378712EA-DBFB-4F25-9C0C-B026AA427810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{42B54F9E-5EF7-49D3-80C4-22192BD1A1A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{CB58B078-DB14-4703-B5CC-69D5A049374F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{0C52B044-DF58-4DBF-8B45-A37E278D644C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{9DBCA8BB-641C-4F79-A09C-CB71642DA4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [TCP Query User{50E9194A-A455-4078-BFAD-59F4B4904E57}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A34F65E8-37EC-4FEE-947F-EFE866B03CD5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B2B72083-0266-4360-A38A-2367905889DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A43299D5-5D36-425E-9F76-2841F0EED9E6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [TCP Query User{26B17D0C-5E37-4EB7-9B25-D5ABAB5F93A1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8B126E13-9DD5-4532-9C70-85A1AA9A5A08}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [TCP Query User{A974A5B7-64CE-4370-B1F0-736080C66C40}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A0A8C564-AC20-464B-937D-47C6792402B6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [{4C741E26-CE52-4A9A-A077-CE1181C91F4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{49FEE2E9-4E73-4C2E-8128-2789C244BCA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7EB8E205-BF21-4DC7-95D4-A68BEB7F0B35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DD923D54-C053-4983-8000-F2C8C0FE4C00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3A944C84-771B-46D8-A4FE-95684F4EEA14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39B760CF-B9CC-4C3F-87E4-42C32FB9D608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2D723B83-E30C-46B9-931C-C25A80BBD083}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{E823A01A-C399-4502-9323-159C7F991920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [TCP Query User{F5274A08-B647-464A-AB0F-1176A13C35DF}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{A6F93AE0-4DA8-43EF-8C8A-BEE67D83ACCB}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{72FD9410-E39E-42AC-A8F8-BFC1291027D1}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B29B5552-5BCA-41DC-A584-862E3CD9C03F}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{912B35A2-1D7D-47BB-A434-6CD6FF6F9552}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{901FE625-D506-41A7-9516-6A7B2205EB8B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [TCP Query User{1B944FAB-339B-4C1C-95C9-3ECF33C7A0EC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E1B26529-E271-49D6-B9D9-31B776248E6E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [{86F63D9A-0646-4EE0-8176-2B0DAC872148}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{C0206990-A906-4079-8BAA-24CBA00E913B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E7CFF105-EC84-413F-8381-7CC54F06C2A9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [{A8758E0D-DEE0-4886-8E4E-ACBAD3916A4C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{51DDD273-9498-415A-8F23-DFCF0DA5A53A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{20E8930A-A7AA-4066-BDB5-4B76CBA9A32F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [UDP Query User{259399E3-4561-4BC6-A119-48EE6BFC6B53}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8171BA7F-118E-4C58-BE34-AC1A13D85BD5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe
FirewallRules: [UDP Query User{1B146F89-5CB0-4442-952F-2B89E8F4B1A0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe
FirewallRules: [TCP Query User{65EECEAB-182F-4017-879A-112A1CB9DB95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A360C7E1-15CD-484A-A9E6-A151346A35CC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe
FirewallRules: [TCP Query User{A398C3F9-D95E-4F98-9AA5-9FD6BDF575C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{45C260E0-A8F5-4BAD-8D25-DA6939F3D1B9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [TCP Query User{6C3791C1-1661-4B2C-8890-A087B87FF471}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{97CAF4BE-09C2-4036-9EC6-2D7A60508448}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{10151447-CB9C-4101-A552-5A58CAC90AA7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{F7098DB4-ACFE-401C-AA52-D00373B04BE4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{5BB43810-2864-4B6A-88B5-B1B019C798E6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [UDP Query User{1C409D69-4F6A-4193-A867-326F42A3DDA6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [TCP Query User{558413A0-F2EE-4796-A8A7-B0DFF354574F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [UDP Query User{1679262C-65A7-4F97-8611-C2DE72CB7372}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [{6554DB3F-0FA1-4FA5-9EB0-0C59F9F7EEDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe
FirewallRules: [{D8732822-AA48-43BE-AB23-4E64678D7D25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe
FirewallRules: [TCP Query User{EA77E76F-2DCC-41EB-A1C1-28AA748E46EB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
FirewallRules: [UDP Query User{F7CFAB20-667E-4A1C-8D4F-AD8CF8F1FFE7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F833C4B5-1448-4909-A1FA-1FCFC3829307}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe
FirewallRules: [UDP Query User{760A9474-0461-4E59-A1A7-4648BBADD1BD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe
FirewallRules: [{EC37D604-EBE8-438B-9898-01B525C18C98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E478D803-1325-46AA-A992-A5230872F584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D14ACE03-FCD5-42B2-BCA5-BD5DA187AE68}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F7984C13-E25E-49B6-BCE6-25399CF794D0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [TCP Query User{788167D5-EAC9-4874-A08C-AC1BAF1F0A4B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7309C5A5-44DA-4BD6-9A22-8FC465DE778B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E9A6FF7F-DF89-47D5-B490-46302F0C61FE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [UDP Query User{770621BA-5671-41B7-A632-36A4D65F1854}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [TCP Query User{37368D51-3BE0-4FA7-A811-EAF157FF2D42}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A21A7004-42C3-4C6C-AC9D-3D21EB5B8982}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CF649718-1831-47F2-B199-57DF761B621A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [UDP Query User{9EEE8A65-9370-4114-8963-F339F1D899A1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [{9459C4C3-7335-4078-98C0-D43AE577AA01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-10-2018 19:56:05 Scheduled Checkpoint
06-11-2018 21:23:23 Scheduled Checkpoint
13-11-2018 14:59:04 Installed Realtek Ethernet Controller Driver
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Sound Blaster Audio Controller
Description: Sound Blaster Audio Controller
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative Technology Ltd.
Service: HDAudBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2018 01:24:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-ES8F9HD.local already in use; will try DESKTOP-ES8F9HD-2.local instead
 
Error: (11/13/2018 01:24:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-ES8F9HD.local. Addr 192.168.1.166
 
Error: (11/13/2018 01:24:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.166:5353   16 DESKTOP-ES8F9HD.local. AAAA FE80:0000:0000:0000:58F7:8F8B:26D0:46DD
 
Error: (11/13/2018 01:24:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 DESKTOP-ES8F9HD.local. Addr 192.168.1.166
 
Error: (11/13/2018 01:24:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.166:5353   16 DESKTOP-ES8F9HD.local. AAAA FE80:0000:0000:0000:58F7:8F8B:26D0:46DD
 
Error: (11/13/2018 11:31:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000
 
Error: (11/13/2018 11:31:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000
 
Error: (11/13/2018 11:31:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (11/13/2018 04:00:41 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/13/2018 04:00:29 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/13/2018 04:00:23 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/13/2018 04:00:15 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/13/2018 04:00:14 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (11/13/2018 04:00:09 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/13/2018 03:59:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (11/13/2018 03:59:10 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-ES8F9HD)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8129.69 MB
Available physical RAM: 5652.48 MB
Total Virtual: 13761.69 MB
Available Virtual: 11542.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.33 GB) (Free:69.94 GB) NTFS
Drive d: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Windows) (Fixed) (Total:931.41 GB) (Free:327.6 GB) NTFS
 
\\?\Volume{8d944e02-c2e6-4f57-ba30-300c955af1ed}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{5cb74c7a-355e-47fb-a076-3f6bd8d23b13}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FC25CFDE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Any help would be appreciated, for the time being I'm going to try running a malwarebytes scan

 


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP