Browser redirect malware with additional side effects

jocloud31 · Dec 15, 2017

I have what I believe is a multi-faceted problem stemming from a particularly stubborn piece of malware.

The key indicator is when searching from Chrome's Omnibar it redirects before showing my search results as shown here:

It's almost never the same URL or even CLOSE. I believe whatever is causing this is also preventing me from updating Spybot S&D. Running the update module in my Spybot install does nothing, I can't run the updater directly from the file, and downloading the files manually does not appear to work either. I am also unable to start the updater service due to it timing out immediately.

In trying to gather the troubleshooting information needed for this post I also experienced problems. My FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Jay (administrator) on JAY-PC (14-12-2017 21:21:19)
Running from C:\FRST
Loaded Profiles: Jay (Available Profiles: Jay)
Platform: Windows 10 Home Version 1703 15063.540 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

========================================================

Please note this is the WHOLE log and no addition.txt file was created. I tried running several times, deleting and re-downloading the files and tool, running as admin... no change.

Running aswMBR.exe had even more drastic results:

I have attempted Malware Bytes to no avail, and also tried running it in Safe Mode.

My version of windows is Win 10 64bit 1703 (OS Build 15063.540)

I have tried updating to 1709 several times and am also unable to do that due to constant failures, though that may be unrelated.

I'm at a loss as to what to try next. Any direction or help would be greatly appreciated.

Juliet · Dec 15, 2017

When I first read your information I kinda cringed a bit, if the infection on your machine is what I think it is, we're in for a battle that not all have been lucky enough to remove.
It is also possible attempts to repair or delete the infection might have to be done in Recovery Environment:

~~~~~~~~~~~~~~~~~~~~~~~~~~`

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/top...is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

jocloud31 · Dec 19, 2017

I am working on following these steps, but am fighting with unrelated ISP issues making it difficult to download the tool.

Juliet · Dec 19, 2017

I don't know if this is going to help but, try to boot into safe mode with networking and attempt to download the tool from there.
https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode

Also, if it can be done, download and attempt to download these additional tools while in safe mode with networking and post the logs for me

RogueKiller

Download the right version of RogueKiller for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select

Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

created by Aura

****

AdwCleaner - Fix Mode

Download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select

Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

jocloud31 · Dec 20, 2017

I will post the logs in the order they were requested in the thread:

MBAR log:

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
main: v2017.12.19.06
rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
Jay :: JAY-PC [administrator]

12/19/2017 8:51:09 PM
mbar-log-2017-12-19 (20-51-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 222269
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 5
C:\Users\Jay\AppData\Local\psohkwl\psohkwl.exe (Trojan.Clicker) -> 9764 -> Delete on reboot. [1260a9827535cc6a75755d521ce534cc]
C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 11748 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 3112 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 4876 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 12680 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\WINDOWS\SYSTEM32\drivers\69bc6d74e29d13e16e2b101abfb49035.sys (Adware.Wajam) -> Delete on reboot. [a9dd56a37c1ab181b2d2400331b43044]
C:\WINDOWS\SYSTEM32\drivers\sncfilps.sys (Rootkit.Agent.PUA) -> Delete on reboot. [d4b78f4f04a1132bf3088f93b9e5d140]
C:\Users\Jay\AppData\Local\psohkwl\psohkwl.exe (Trojan.Clicker) -> Delete on reboot. [1260a9827535cc6a75755d521ce534cc]
C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
C:\Windows\System32\config\systemprofile\AppData\Local\psohkwl\psohkwl.exe (Trojan.Agent) -> Delete on reboot. [3e340724ffab0036c351ab2620e1fb05]
C:\Windows\System32\config\systemprofile\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> Delete on reboot. [29492dfe723893a3861853ea5ba602fe]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

jocloud31 · Dec 20, 2017

Rogue Killer Log:

RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Jay [Administrator]
Started from : C:\Users\Jay\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 12/19/2017 22:06:14 (Duration : 00:31:30)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 35 ¤¤¤
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Conduit -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\InstallCore -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\WeatherAlerts -> Deleted
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Conduit -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\InstallCore -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\WeatherAlerts -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\IM -> Deleted
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\Conduit -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\PriceGong -> Deleted
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\Conduit -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\PriceGong -> Deleted
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\Conduit -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\ConduitSearchScopes -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\PriceGong -> Deleted
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\Conduit -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\ConduitSearchScopes -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\PriceGong -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_EAB4\ControlSet001\Services\SPPD (\??\C:\Windows\system32\drivers\SPPD.sys) -> Deleted
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_EAB4\ControlSet002\Services\SPPD (\??\C:\Windows\system32\drivers\SPPD.sys) -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?PC=BNHP -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?PC=BNHP -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.11.1 208.73.63.114 ([-][United States]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caa2ce7e-e35b-4c74-9a90-00093b61115a} | DhcpNameServer : 192.168.11.1 208.73.63.114 ([-][United States]) -> Replaced ()
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 5 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUP.Gen0][Chrome:Addon] Default : Amazon Assistant for Chrome [pbjikboenpfhbbejgkoklgkhjpfogcam] -> ERROR [2]
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [bing.com] -> Deleted
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN] -> Deleted
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] f8196a3f36464a3c80b0c03a41a02241
[BSP] 608c79d957753ee8236c468d14c98aa5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 113921 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD7500AAKS-00RBA0 ATA Device +++++
--- User ---
[MBR] 66c2a20d1a2b4bc6acd8fbd9269536cc
[BSP] cede988f4171384d55a70ab29563e4cd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
--- User ---
[MBR] f62fb7523fee5d10dec91fe20d1429d6
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - android_meta | Offset (sectors): 2048 | Size: 16 MB
1 - android_expand | Offset (sectors): 34816 | Size: 61038 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

jocloud31 · Dec 20, 2017

ADW Cleaner Log:

# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 20 04:42:31 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1010 B] - [2017/12/20 4:42:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

jocloud31 · Dec 20, 2017

Running these scans seems to have at least fixed something. I can now update spybot any my other AV/Malware software. Should I run that now?

Juliet · Dec 20, 2017

yes!

I want you to find the installation you have for Farbar Recovery Scan Tool and delete it. The version you had was corrupted.

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select

Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

jocloud31 · Dec 20, 2017

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Jay (administrator) on JAY-PC (20-12-2017 09:39:14)
Running from C:\Users\Jay\Desktop
Loaded Profiles: Jay (Available Profiles: Jay)
Platform: Windows 10 Home Version 1703 15063.540 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

========================================================

C:\FRST\FRST64.exe => Win32/Suweezy? - moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(f.lux Software LLC) C:\Users\Jay\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\AMHelper.exe
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => E:\Keepvid\KeepVid Pro (Desktop)\KeepVidProUpdateHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1971872 2016-07-19] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [441856 2017-10-23] (Power Software Ltd)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1069032 2017-12-15] (Blizzard Entertainment)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [GoogleChromeAutoLaunch_1DC2C497258DC181EE7CEA8580F59E00] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [f.lux] => C:\Users\Jay\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Discord] => C:\Users\Jay\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\MountPoints2: H - "H:\setup.exe"
Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2017-10-23]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 208.73.63.114
Tcpip\..\Interfaces\{caa2ce7e-e35b-4c74-9a90-00093b61115a}: [DhcpNameServer] 192.168.11.1 208.73.63.114

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-22] (Oracle Corporation)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-07-19] ()
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-11-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/docs/spreadsheets/favicon_jfk2.png
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
CHR Extension: (Slides) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Overwatch Performance Tracker (Blank)...) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\amemnopljkanfileagmgohnmfnflikdo [2017-05-31]
CHR Extension: (Docs) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-18]
CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-18]
CHR Extension: (Honey) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-19]
CHR Extension: (Adblock Plus) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Steam Inventory Helper) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-12-19]
CHR Extension: (Tampermonkey) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-05]
CHR Extension: (Google Play Music) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-12-09]
CHR Extension: (Sheets) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-18]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-21]
CHR Extension: (eSport Tournaments For Money

Hearth...) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnihfekhncchmljjkikeondcdehkbee [2016-10-04]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-12-19]
CHR Extension: (Google Hangouts) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-12-19]
CHR Extension: (As Noted) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\phamnjjjhnobmbnkohdhfdlpiaoplaja [2016-08-19]
CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-08]
CHR HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] ()
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-05-31] (Apple Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-12-15] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-20] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-20] (Electronic Arts)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S3 WsDrvInst; "E:\Keepvid\KeepVid Pro (Desktop)\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVer330USB; C:\WINDOWS\system32\DRIVERS\AVer330USB.sys [1551616 2015-04-09] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [39296 2013-08-05] (Etron Technology Inc)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-19] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
S3 SMIGrabber3C; C:\WINDOWS\System32\Drivers\SmiUsbGrabber3C.sys [827952 2013-07-16] (Windows (R) Win 7 DDK provider)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S1 cycgorla; \??\C:\WINDOWS\system32\drivers\cycgorla.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-20 09:39 - 2017-12-20 09:39 - 000020787 _____ C:\Users\Jay\Desktop\FRST.txt
2017-12-20 09:38 - 2017-12-20 09:38 - 002392064 _____ (Farbar) C:\Users\Jay\Desktop\FRST64.exe
2017-12-19 22:40 - 2017-12-19 22:42 - 000000000 ____D C:\AdwCleaner
2017-12-19 21:07 - 2017-12-19 22:40 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-19 21:07 - 2017-12-19 21:07 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-19 20:51 - 2017-12-19 20:51 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\777281FE.sys
2017-12-19 20:50 - 2017-12-19 22:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-19 20:48 - 2017-12-19 21:01 - 000000000 ____D C:\Users\Jay\Desktop\mbar
2017-12-19 20:48 - 2017-12-19 20:48 - 017583333 _____ C:\Users\Jay\Downloads\mbar-1.10.3.1001.zip
2017-12-19 20:47 - 2017-12-19 20:48 - 026878536 _____ (Adlice Software) C:\Users\Jay\Desktop\RogueKiller_portable64.exe
2017-12-19 20:46 - 2017-12-19 20:46 - 008172032 _____ (Malwarebytes) C:\Users\Jay\Downloads\AdwCleaner.exe
2017-12-16 00:07 - 2017-12-16 00:07 - 000000000 ___HD C:\$Windows.~WS
2017-12-16 00:06 - 2017-12-16 00:06 - 018617536 _____ (Microsoft Corporation) C:\Users\Jay\Downloads\MediaCreationTool.exe
2017-12-15 23:09 - 2017-12-15 23:09 - 000000000 ____D C:\Users\Jay\AppData\Roaming\EasyAntiCheat
2017-12-15 23:09 - 2017-12-15 23:09 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2017-12-15 00:51 - 2017-12-15 00:51 - 000002402 _____ C:\Users\Jay\Desktop\closers.lnk
2017-12-14 22:17 - 2017-12-14 22:17 - 000000000 ____D C:\Users\Jay\AppData\Local\En Masse Entertainment
2017-12-14 22:17 - 2017-12-14 22:17 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-12-14 22:16 - 2017-12-14 22:16 - 000001426 _____ C:\Users\Public\Desktop\En Masse Launcher.lnk
2017-12-14 22:16 - 2017-12-14 22:16 - 000000000 ____D C:\Users\Public\Games
2017-12-14 22:16 - 2017-12-14 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
2017-12-14 22:10 - 2017-12-14 22:11 - 018689800 _____ (En Masse Entertainment ) C:\Users\Jay\Downloads\CLOSERS-Minimal-Installer.exe
2017-12-14 21:11 - 2017-12-14 21:11 - 000000000 ____D C:\Users\Jay\Downloads\tweaking.com_registry_backup_portable
2017-12-14 21:10 - 2017-12-14 21:10 - 003449206 _____ C:\Users\Jay\Downloads\tweaking.com_registry_backup_portable.zip
2017-12-14 21:03 - 2017-12-14 21:18 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-12-14 21:03 - 2017-12-14 21:18 - 000000719 _____ C:\Users\Jay\Desktop\Windows 10 Update Assistant.lnk
2017-12-14 21:03 - 2017-12-14 21:03 - 000000000 ____D C:\Windows10Upgrade
2017-12-14 21:00 - 2017-12-14 21:00 - 000195346 _____ C:\Users\Jay\Downloads\wu170509.diagcab
2017-12-14 20:58 - 2017-12-14 20:59 - 006541184 _____ (Microsoft Corporation) C:\Users\Jay\Downloads\Windows10Upgrade9252.exe
2017-12-14 20:55 - 2017-12-14 20:55 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-14 20:55 - 2017-12-14 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-14 20:55 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-14 20:26 - 2017-12-14 20:26 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-14 10:56 - 2017-11-01 23:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-12-14 10:56 - 2017-09-29 23:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-12-14 10:56 - 2017-09-29 23:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-12-14 10:56 - 2017-09-29 01:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-14 10:56 - 2017-09-18 17:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-14 10:56 - 2017-09-04 23:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-14 10:56 - 2017-09-04 23:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-14 10:56 - 2017-09-04 22:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-12-14 10:56 - 2017-09-04 22:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-12-14 10:56 - 2017-09-04 22:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-12-14 10:56 - 2017-09-04 22:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-12-14 04:28 - 2017-12-14 04:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-14 04:28 - 2017-10-27 10:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-12-14 04:28 - 2017-09-13 17:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-14 04:28 - 2017-09-13 17:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-14 04:28 - 2017-09-13 17:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-12-14 04:28 - 2017-09-13 17:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-12-14 04:27 - 2017-10-16 23:11 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-14 04:27 - 2017-10-16 23:10 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-14 04:27 - 2017-10-16 23:10 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-14 04:27 - 2017-10-16 23:10 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-14 04:27 - 2017-10-16 23:05 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-14 04:27 - 2017-10-16 23:04 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-12 21:02 - 2017-12-13 00:05 - 000000000 ____D C:\Users\Jay\AppData\Roaming\.minecraft
2017-12-12 21:00 - 2017-12-12 21:05 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-12-12 21:00 - 2017-12-12 21:00 - 000001030 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-12-12 21:00 - 2017-12-12 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-12 20:54 - 2017-12-12 20:57 - 002314240 _____ C:\Users\Jay\Downloads\MinecraftInstaller.msi
2017-12-12 20:37 - 2017-12-12 20:39 - 011204152 _____ (Piriform Ltd) C:\Users\Jay\Downloads\ccsetup538.exe
2017-12-09 11:29 - 2017-12-09 11:29 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-08 23:22 - 2017-12-08 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2017-11-30 23:17 - 2017-12-01 00:56 - 000000000 ____D C:\Users\Jay\Documents\American Truck Simulator

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-20 09:39 - 2017-10-23 22:27 - 000000000 ____D C:\FRST
2017-12-20 09:35 - 2017-06-29 21:00 - 000000000 ____D C:\Users\Jay
2017-12-20 09:35 - 2017-06-29 21:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-20 09:35 - 2016-04-18 18:38 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-20 09:35 - 2016-04-18 18:35 - 000000000 ____D C:\Users\Jay\AppData\Local\Battle.net
2017-12-20 09:35 - 2016-04-18 18:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-12-20 09:35 - 2016-03-08 20:34 - 000000000 __SHD C:\Users\Jay\IntelGraphicsProfiles
2017-12-19 22:49 - 2017-07-08 00:21 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-19 22:49 - 2017-06-29 21:09 - 002222230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-19 22:49 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-19 22:43 - 2017-06-29 21:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-19 22:42 - 2017-03-18 05:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-19 22:38 - 2017-06-29 21:04 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ABA966A0-F804-4519-82BF-7CEA604833E8}
2017-12-19 21:37 - 2016-04-18 20:59 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-19 21:08 - 2017-09-28 23:45 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-19 21:03 - 2017-09-28 23:45 - 000000000 ____D C:\Users\Jay\AppData\Local\psohkwl
2017-12-19 20:51 - 2017-09-29 00:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-19 20:36 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-16 01:11 - 2016-03-09 01:15 - 000000000 ____D C:\ESD
2017-12-16 00:07 - 2017-09-29 18:52 - 000000000 ____D C:\WINDOWS\Panther
2017-12-16 00:01 - 2017-09-28 23:29 - 002797056 _____ C:\WINDOWS\system32\wmevglcsvc.exe
2017-12-15 23:57 - 2017-03-18 05:40 - 015990784 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-15 21:07 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-14 22:17 - 2017-08-01 21:58 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-12-14 21:02 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-14 21:02 - 2016-04-18 18:07 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
2017-12-14 20:48 - 2017-03-18 15:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-12-14 20:48 - 2017-03-18 15:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-12-14 06:40 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-14 04:29 - 2017-06-29 21:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-14 04:29 - 2017-01-28 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-14 04:29 - 2016-04-15 21:11 - 000000000 ____D C:\Temp
2017-12-14 04:28 - 2017-06-29 21:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-14 04:28 - 2017-06-29 21:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-13 20:33 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-13 20:33 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 00:08 - 2017-06-29 20:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-12 20:39 - 2017-10-24 21:01 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-12 20:39 - 2017-10-24 21:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-12 20:35 - 2017-05-10 22:26 - 000000000 ____D C:\Users\Jay\AppData\Local\Discord
2017-12-12 20:35 - 2016-10-25 21:14 - 000000000 ____D C:\Users\Jay\AppData\Roaming\discord
2017-12-10 21:52 - 2016-05-17 08:35 - 000000000 ____D C:\Users\Jay\AppData\Local\Greenshot
2017-12-05 23:08 - 2017-11-13 21:51 - 000000871 _____ C:\Users\Jay\Desktop\DRAGON BALL XENOVERSE 2.lnk
2017-12-05 00:05 - 2017-01-27 22:12 - 000000000 ____D C:\Users\Jay\Documents\Square Enix
2017-12-04 22:56 - 2016-07-23 14:36 - 000000000 ____D C:\Users\Jay\AppData\Local\CrashDumps
2017-12-01 20:25 - 2017-03-18 15:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 20:25 - 2017-03-18 15:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-27 23:58 - 2016-04-24 20:03 - 000000000 ____D C:\Users\Jay\AppData\Roaming\vlc
2017-11-27 23:07 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-20 23:36 - 2017-09-28 23:45 - 000000000 ____D C:\Users\Jay\AppData\Local\atrzclv

==================== Files in the root of some directories =======

2016-08-21 14:00 - 2016-08-21 14:00 - 000002112 _____ () C:\Users\Jay\AppData\Local\recently-used.xbel
2016-07-12 22:24 - 2017-01-22 18:06 - 000007660 _____ () C:\Users\Jay\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-19 21:07 - 2017-06-20 00:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-30 22:36

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Jay (20-12-2017 09:39:44)
Running from C:\Users\Jay\Desktop
Windows 10 Home Version 1703 15063.540 (X64) (2017-06-30 03:07:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3889070278-3414657367-3443163699-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3889070278-3414657367-3443163699-503 - Limited - Disabled)
Guest (S-1-5-21-3889070278-3414657367-3443163699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3889070278-3414657367-3443163699-1002 - Limited - Enabled)
Jay (S-1-5-21-3889070278-3414657367-3443163699-1000 - Administrator - Enabled) => C:\Users\Jay

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: - ArcSoft)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Belkin N300 Micro USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155.1 - Belkin International, Inc.)
Black Chocobo (HKLM-x32\...\Black_Chocobo) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CLOSERS (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\EME_GAME_closers) (Version: - Naddic)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4502.0 - CyberLink Corp.)
Discord (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
DRAGON BALL XENOVERSE 2 (HKLM-x32\...\DRAGON BALL XENOVERSE 2_is1) (Version: - )
En Masse Launcher (HKLM-x32\...\{5d5e6f2b-6c03-4f96-8cd7-c16318764bc8}_is1) (Version: 1.0 - En Masse Entertainment)
ezcap Video Grabber (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.1.1 - Somagic)
EzGrabber version 3.0.1 (HKLM-x32\...\{59D21F0E-EA54-4438-A5B7-7EAD262FD873}_is1) (Version: 3.0.1 - Geniatech)
f.lux (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HitFilm Express 2017 (HKLM\...\{752C4EC4-8031-476E-A3A5-A7023C06AC2C}) (Version: 5.0.7012.39363 - FXHOME)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
KeepVid Pro(Build 4.10.0.5) (HKLM-x32\...\KeepVid Pro_is1) (Version: 4.10.0.5 - KeepVid Studio)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LBRY 0.13.0 (HKLM-x32\...\e406725b-d361-5b1c-81f7-0a4c5ac54cb3) (Version: 0.13.0 - LBRY Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
RetroArch 1.6.3 (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\RetroArch) (Version: 1.6.3 - libretro)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Transcribe! 8.70 (HKLM-x32\...\com.seventhstring.Transcribe_is1) (Version: 8.70 - Seventh String Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
USB2.0 Audio Capture (HKLM\...\VID_1F4D&PID_0102&MI_00) (Version: 1.0.0.0 - Conexant Systems)
USB2.0 Video Capture (HKLM\...\VID_1F4D&PID_0102&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000_Classes\CLSID\{aa420d0f-9f35-449d-90da-58a65cf09e21}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107C236C-B535-497D-9B01-2486418EF815} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {20210802-D386-428D-BD07-9EFC7BB35636} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {3ABEE73B-39CE-499D-A904-39DB2B1F64BC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {5E61646E-9C96-45CA-B793-75E88655400D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {8D173677-D7C5-4174-95C1-F41B7E6FEA62} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {963DE68B-F76F-4459-8A26-21CB72971447} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {97E25A7A-A4AC-409E-AD27-33FEF65DCE1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {9C13EA45-2B77-4AF8-8494-F1AAB279CB3C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {9DB86DD4-E2A4-46CC-A3B4-833C71DB9CE2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {9DC91F2D-DDAB-4C35-AC57-FD6FBE9B4F80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18] (Google Inc.)
Task: {A232EA5B-49B1-4AFA-B921-7A4D8CD81B43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {BD1E37B9-4A77-4BCF-B5F7-A39075F0CB65} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {C44C4582-0B85-4E55-9837-760991956A54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18] (Google Inc.)
Task: {DD16F220-3869-4117-ABC8-17338A235B55} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {EA34435A-9245-41BA-9115-DFA21E9B0971} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {EA650FD0-7215-4E8E-8BF4-E00CB53B8289} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {FABEEDB5-B9BC-4B76-8D16-548B5F89B034} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 14:57 - 2017-03-18 14:57 - 000377344 _____ () c:\windows\system32\SSDM.dll
2017-01-28 13:56 - 2017-10-10 19:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-28 18:02 - 2014-04-14 17:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-12-14 20:55 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-06-29 21:00 - 2017-10-27 10:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-11-15 22:38 - 2017-10-10 19:05 - 000018880 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-06 20:32 - 2017-12-05 22:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-06 20:32 - 2017-12-05 22:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-09-28 23:45 - 2017-05-12 10:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-09-28 23:45 - 2016-09-13 13:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-09-28 23:45 - 2016-09-13 13:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-09-28 23:45 - 2016-09-13 13:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-01-28 13:56 - 2017-10-10 19:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-28 13:56 - 2017-10-10 19:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-04-18 20:59 - 2017-10-23 22:19 - 000456621 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15670 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.11.1 - 208.73.63.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "WarThunderLauncher"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1DC2C497258DC181EE7CEA8580F59E00"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Innkeeper"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Hearthstone Deck Tracker"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Wowhead_Client"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "TSMApplication"
HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Haste"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{1E293B84-AD73-446C-9E4C-86F3019D42CE}E:\blizzard\hearthstone\hearthstone.exe] => (Allow) E:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7B5364A0-0AB5-4E60-A8E3-9739B1BD03FC}E:\blizzard\hearthstone\hearthstone.exe] => (Allow) E:\blizzard\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4614884D-BD65-4E4F-ACD1-2723E0F9672C}C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe
FirewallRules: [TCP Query User{27023CF3-C8D6-44C2-AFD0-52C7EE185AC6}C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe
FirewallRules: [{16C110B5-7698-438C-A2A1-6B2358884234}] => (Allow) E:\SteamLibrary\steamapps\common\Just Deserts\JustDeserts.exe
FirewallRules: [{BA346340-115A-47D2-ADC5-5D70E2C525C2}] => (Allow) E:\SteamLibrary\steamapps\common\Just Deserts\JustDeserts.exe
FirewallRules: [{A61FB616-2829-4455-BB65-0A0CEC2EC13E}] => (Allow) E:\SteamLibrary\steamapps\common\Love, Money, Rock-n-Roll Demo\Love, Money, Rock'n'Roll.exe
FirewallRules: [{53D398F0-D5F9-4635-A96B-722F6BF69228}] => (Allow) E:\SteamLibrary\steamapps\common\Love, Money, Rock-n-Roll Demo\Love, Money, Rock'n'Roll.exe
FirewallRules: [{70485754-85DF-4117-AD6B-B078D2E3CB87}] => (Allow) E:\SteamLibrary\steamapps\common\Mystic Destinies Serendipity of Aeons\Mystic Destinies.exe
FirewallRules: [{E7B748F8-BBCE-4051-8B9B-FD90945FF599}] => (Allow) E:\SteamLibrary\steamapps\common\Mystic Destinies Serendipity of Aeons\Mystic Destinies.exe
FirewallRules: [UDP Query User{4F56DC19-6A44-4F46-B202-C39CC319F67A}C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe
FirewallRules: [TCP Query User{BEFCBEB2-15C7-4D63-BBC4-1F0442055085}C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe
FirewallRules: [UDP Query User{667BFDE5-D113-4B41-8F9D-7B5D2EDC1641}C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe
FirewallRules: [TCP Query User{C693AF37-338F-4A8D-ABF7-236CB0425894}C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe
FirewallRules: [{A13FBBE1-FFF0-4378-A82E-D7AE050BFC1D}] => (Allow) E:\SteamLibrary\steamapps\common\Trick and Treat\Trick and Treat.exe
FirewallRules: [{8DA0579A-DE4E-4EBA-9564-0C9E546E05AC}] => (Allow) E:\SteamLibrary\steamapps\common\Trick and Treat\Trick and Treat.exe
FirewallRules: [UDP Query User{FB664C13-4FAD-4388-A860-FFC1B94043F1}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{F7A5E909-0DD6-4571-9C6B-8A036ADEA2A6}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{397A1F48-FDBC-48DE-92B2-3D31C9AC3297}] => (Allow) E:\SteamLibrary\steamapps\common\Highway Blossoms\HighwayBlossoms.exe
FirewallRules: [{93F7A951-A23D-4E00-AB6E-1A663C52A512}] => (Allow) E:\SteamLibrary\steamapps\common\Highway Blossoms\HighwayBlossoms.exe
FirewallRules: [UDP Query User{05678027-9267-4EB4-A2A8-648B79151A0A}C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [TCP Query User{BC8B14DC-705E-4BE3-8CF3-5418DE4A6C0B}C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{5D562D75-6497-435F-985B-8591389DF1C2}C:\users\jay\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{587534FD-4640-4964-8970-0E8B48EEF8CE}C:\users\jay\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_enus.exe
FirewallRules: [{9F80FEBB-A1BC-43C1-AB00-070ED8519485}] => (Allow) E:\SteamLibrary\steamapps\common\Dragon Knight\game.exe
FirewallRules: [{6AE61C3B-275A-4090-9BFF-C584239B1E4E}] => (Allow) E:\SteamLibrary\steamapps\common\Dragon Knight\game.exe
FirewallRules: [UDP Query User{AF732291-9AFC-4EBE-9080-C7D639FEE1BF}C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [TCP Query User{599A70EB-F89E-4CC8-8337-FDEE3B0CA54C}C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [UDP Query User{CC0A3DD3-AE14-4477-B18F-6CBFE0DF09EF}E:\blizzard\diablo iii public test\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii public test\x64\diablo iii64.exe
FirewallRules: [TCP Query User{C9FEFCF6-85C0-4A5A-9716-1955F5DD71C8}E:\blizzard\diablo iii public test\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii public test\x64\diablo iii64.exe
FirewallRules: [UDP Query User{1D5D1AB1-CFAE-4B3C-80E0-C38CB045CB3B}C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [TCP Query User{1CE24D24-C8CE-492E-AFF4-30EE73322716}C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [{25FC9955-0328-4029-8C0B-0771F82D4E5E}] => (Allow) E:\SteamLibrary\steamapps\common\Cuit\Cuit.exe
FirewallRules: [{3216FD4B-9354-433D-B781-FBA89E612A29}] => (Allow) E:\SteamLibrary\steamapps\common\Cuit\Cuit.exe
FirewallRules: [{A91BF61A-1D31-44F4-98AC-2CE69A832C55}] => (Allow) E:\SteamLibrary\steamapps\common\Animal Lover\Animal_Lover.exe
FirewallRules: [{43C0962D-EABF-4138-A3B9-548A434CC3B2}] => (Allow) E:\SteamLibrary\steamapps\common\Animal Lover\Animal_Lover.exe
FirewallRules: [{558B2AF2-65BA-4012-A99A-4B4A1E9F8B00}] => (Allow) E:\SteamLibrary\steamapps\common\BackstagePass\backstagepass.exe
FirewallRules: [{6178D810-6C74-4372-A0EC-40267BD22C99}] => (Allow) E:\SteamLibrary\steamapps\common\BackstagePass\backstagepass.exe
FirewallRules: [{41E2924A-843D-4572-BD01-2CDDAEF52036}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{839D89F7-DB5D-4748-B87C-EA66E42E05F3}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{B999890A-6E30-47C5-8814-E15DF936FA3B}] => (Allow) E:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{6A83B102-9F9B-4542-B152-5B36A95B1807}] => (Allow) E:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [UDP Query User{B514B26C-D5E4-4E5E-8A8A-17453E23FBE8}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{3C427EEB-7069-4BCB-B472-9BBD8020120C}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{D8D496E9-0151-4943-85AE-AB122CA5A735}] => (Allow) E:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{C0B94C76-46AF-487A-87B5-418D0C86230E}] => (Allow) E:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [UDP Query User{509BB8B4-8CBB-4215-8A63-27BDC1564F31}E:\blizzard\diablo iii\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{7948856B-4716-4767-8EFE-0E1E2EDFB38D}E:\blizzard\diablo iii\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii\x64\diablo iii64.exe
FirewallRules: [{BE1139FB-4D6E-4A58-A2F9-1CB51DF022C7}] => (Allow) E:\SteamLibrary\steamapps\common\Montaro\nw.exe
FirewallRules: [{73F68D09-007D-42A8-8032-4C489FA13D7B}] => (Allow) E:\SteamLibrary\steamapps\common\Montaro\nw.exe
FirewallRules: [{9410F98B-6A65-445D-8F0D-3D7C9BA5F6AA}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{9C234CB0-95D7-46C7-A211-DB7238D7CE8F}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{8ED9A1D0-2382-45AB-95F8-598E567B17B0}] => (Allow) E:\SteamLibrary\steamapps\common\Out of the Park Baseball 17\ootp17.exe
FirewallRules: [{2800507C-337A-4DD5-975D-E7890AAE97B8}] => (Allow) E:\SteamLibrary\steamapps\common\Out of the Park Baseball 17\ootp17.exe
FirewallRules: [{3F111557-BE1F-48A5-A5F2-DACF78FEFB48}] => (Allow) E:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{747A20A2-2E65-41DD-B4D8-F51DD8D3609A}] => (Allow) E:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{283088D4-30E3-461A-BC0B-0DAC70CC5040}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FDC54168-5A22-4B17-BA98-9DF9C45C82FA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5283A2F2-D450-4319-BE0E-28579D3BDBA5}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{7122563B-DD64-465C-9834-5D6F5BD8212C}] => (Allow) E:\SteamLibrary\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{024968D9-2438-47DE-92D4-28C432C54EA2}] => (Allow) E:\SteamLibrary\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{EE59BB20-E6FE-43F3-A294-A54ED6CE43FE}] => (Allow) E:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{F9C6CBD0-2427-43A6-A004-CD875DD2B1E9}] => (Allow) E:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [UDP Query User{6DE37FBB-0047-4540-81C3-9F8F27253153}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
FirewallRules: [TCP Query User{9108711A-42EB-4CB8-AA38-C093AD3EE313}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
FirewallRules: [{DC5CFB49-AFC1-472D-BB43-B2C8908D2CFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6CB5F059-8D36-4550-83A5-6B5D701280D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85ED8251-7159-4768-ACEF-20D5AFDB8DBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2A3C1B1D-D896-4207-9FDC-8A774A328BAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DB4BC014-A1EE-4EF5-8A8A-DAC8E55A368E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1578AAB0-EC31-4969-ABD5-C95490B9F8EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1FE1EB29-B8DC-4BFC-9DD3-A43A81CA60DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D94A57AC-FBB7-41C9-BA45-DB15E30A5F2E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60D85E0B-11CF-4FA7-9299-87CB4D6A922E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E233AE71-A1E4-4DD8-B5EB-2A2A50E6B2CE}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{3FE794B9-C390-4B2D-AD5B-AE214B8FF195}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{244D955F-E59C-485A-B55A-F639A197385F}] => (Allow) E:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{14DE62FD-28DA-4C7E-A249-51AADA375B73}] => (Allow) E:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{0F2FC2B5-79D2-4700-9200-54F969531F29}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{E25031E9-32A4-48CF-BF6B-9D730F65AD21}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{ED9189F5-E980-4ABC-8ED9-71531EB430F5}] => (Allow) E:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F0E53FAE-0307-4F40-9DEC-214621AEF09D}] => (Allow) E:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{CFDFD0CC-F4C1-4769-A8A6-884983BF5AD8}] => (Allow) E:\SteamLibrary\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{8D14CEC2-7953-4310-950D-44F04CB88770}] => (Allow) E:\SteamLibrary\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{427A1EB4-6709-4EBA-8362-ABE3E9042FE3}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy III\FF3_Launcher.exe
FirewallRules: [{03EC04A8-A50D-43DF-B69F-BB4FF20406BE}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy III\FF3_Launcher.exe
FirewallRules: [{38C2724F-9548-4FB4-8B55-C8A57314DDDB}] => (Allow) E:\SteamLibrary\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{8AABE138-087B-4CE3-A45A-287916B68BC0}] => (Allow) E:\SteamLibrary\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{15764486-09DA-4C61-86C8-A79589FECCE5}] => (Allow) E:\SteamLibrary\steamapps\common\Offworld Trading Company\Offworld.exe
FirewallRules: [{51A32CEA-F4E5-4E7D-9BBE-B1AE9899C07A}] => (Allow) E:\SteamLibrary\steamapps\common\Offworld Trading Company\Offworld.exe
FirewallRules: [{98AD9DC2-38BA-4A11-A4AE-6D05FEE801B3}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{62168692-A446-4748-94BB-EC3DBA010034}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{ECB16363-CA93-4D11-ACCE-17E92E111E80}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{0E053FCC-A07E-4754-B78A-370511D56D88}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{FD738A9B-F4DA-4216-AEF6-7B570DC267E1}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{F7C6D79B-CCC1-41A0-96B7-A83676C12E88}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{956C41B5-22F3-4B86-BD9D-4C26689018DB}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY IV THE AFTER YEARS\FF4A_Launcher.exe
FirewallRules: [{38A3B7EC-37F2-40C8-9F00-E0282E88433D}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY IV THE AFTER YEARS\FF4A_Launcher.exe
FirewallRules: [{CAA0F9DF-A776-4CFD-AC9D-666FEFFC6AED}] => (Allow) E:\SteamLibrary\steamapps\common\Divine Slice of Life\Divine Slice of Life.exe
FirewallRules: [{0B3A47EA-383D-4A71-B785-C2551C2588B6}] => (Allow) E:\SteamLibrary\steamapps\common\Divine Slice of Life\Divine Slice of Life.exe
FirewallRules: [{01FDB210-FEC2-47EC-AB3A-02ACE73F9377}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{E3E497C7-EAB6-4B46-A965-BE2BFC895545}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{8C903A95-4440-485F-B13A-A8E181C74B17}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{95957658-CE05-409D-AB70-CB182B734407}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{09819EF2-652A-4CB4-BD25-7B779DD2055F}] => (Allow) E:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
FirewallRules: [{E00ABBD9-3FC8-4D59-A63C-6FD310A31AA6}] => (Allow) E:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
FirewallRules: [TCP Query User{F6E9CE83-E56B-4D5F-AFA6-BA587FDB29EB}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
FirewallRules: [UDP Query User{FAD6955B-0E04-448B-A49A-88544F5BF7A8}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
FirewallRules: [TCP Query User{C5B66CB0-5823-4DFA-8955-E61A0F301988}E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{3993AF4E-F2D3-4C2A-92C1-18DAB7C7F663}E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{22017523-80A8-4409-9D06-4E1BBB26AA09}E:\blizzard\diablo iii\diablo iii.exe] => (Allow) E:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{6C68789D-9BAE-4867-909A-A088DD976097}E:\blizzard\diablo iii\diablo iii.exe] => (Allow) E:\blizzard\diablo iii\diablo iii.exe
FirewallRules: [{9ED32E22-6555-4374-852B-3CA9ECC53C44}] => (Allow) E:\SteamLibrary\steamapps\common\Panzermadels\Panzermadels.exe
FirewallRules: [{68247DB3-9A94-4D4B-A4D6-B88E3E6B2E5A}] => (Allow) E:\SteamLibrary\steamapps\common\Panzermadels\Panzermadels.exe
FirewallRules: [{0F7E9D98-14E1-464E-97DA-61B4F956AB69}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Spirit\Sakura Spirit.exe
FirewallRules: [{661962B9-BF34-49CA-8DAD-BECB761DE132}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Spirit\Sakura Spirit.exe
FirewallRules: [{A4A7A6E6-CD92-43E6-8005-44FBC782AA6B}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Angels\Sakura Angels.exe
FirewallRules: [{A71E63EF-D61A-4BC7-BA50-029FF9BF75A7}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Angels\Sakura Angels.exe
FirewallRules: [{528FCE77-11C8-4812-B8FB-7B8AB88CA53D}] => (Allow) E:\SteamLibrary\steamapps\common\Tokyo School Life\TSL.exe
FirewallRules: [{CB24FB48-862E-4B17-83C4-6824113BE885}] => (Allow) E:\SteamLibrary\steamapps\common\Tokyo School Life\TSL.exe
FirewallRules: [{3F5201A5-24EE-4DE0-9EE2-5E09CEA158B8}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Fantasy\Sakura Fantasy.exe
FirewallRules: [{B2B79E05-FB5B-4237-B9C3-5677BF8084D3}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Fantasy\Sakura Fantasy.exe
FirewallRules: [{671AF55F-A671-419A-A0F8-6F2C3C95BAC4}] => (Allow) E:\SteamLibrary\steamapps\common\Sins Of The Demon\Game.exe
FirewallRules: [{1010D2D2-4ABC-416B-8B30-4463013128B0}] => (Allow) E:\SteamLibrary\steamapps\common\Sins Of The Demon\Game.exe
FirewallRules: [{9D19AC90-B12D-4F9E-9027-2D7409887903}] => (Allow) E:\SteamLibrary\steamapps\common\Legend of Mysteria\EQLauncher.exe
FirewallRules: [{3A8AE379-415F-479C-BC5E-C3F0ECBD7914}] => (Allow) E:\SteamLibrary\steamapps\common\Legend of Mysteria\EQLauncher.exe
FirewallRules: [{FEFBBC67-D8D0-4466-B232-E8A374EC8A9C}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia RPG 2\Game.exe
FirewallRules: [{61522CB0-1730-45C1-BC12-8EEFD0B1B192}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia RPG 2\Game.exe
FirewallRules: [{3229A866-089B-4481-BD5B-A5E9C8FB60D2}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia\Game.exe
FirewallRules: [{56AC2BE3-7F51-4DFE-9021-272680C0AF7D}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia\Game.exe
FirewallRules: [{13CD2C9C-E34D-426E-83BA-C5C362C776E1}] => (Allow) E:\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{E2FBDDF2-0B17-4D68-8C8C-721C1DD96F44}] => (Allow) E:\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{CF2575FD-DB7C-46BF-8F3B-E42683D6B424}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0395C2E-C3BE-4F50-BD88-BEBB6479754E}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8E21D9A-5BC9-4A9D-AE04-38BC77FA4A51}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6436E477-DE7C-4839-8AE5-697687723612}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7BC34E7-2EE3-4A05-A51D-A1553F0D5086}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F1D8DF29-DE42-4E05-819E-C20E9346437E}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F753FE9-6E82-4DC4-B3C8-6EE0D0637FF5}] => (Allow) E:\SteamLibrary\steamapps\common\Punch Club\Punch Club.exe
FirewallRules: [{BA77F7FB-3561-4446-B244-C529D58D5AC4}] => (Allow) E:\SteamLibrary\steamapps\common\Punch Club\Punch Club.exe
FirewallRules: [{FE1CCF82-71B7-485B-B2BF-46810504A681}] => (Allow) E:\SteamLibrary\steamapps\common\Sepia Tears\sepiatears.exe
FirewallRules: [{78F79D48-8EDE-4E8F-A985-166D7060601F}] => (Allow) E:\SteamLibrary\steamapps\common\Sepia Tears\sepiatears.exe
FirewallRules: [{434CF268-F55B-40FC-83BB-3B2D8770A025}] => (Allow) E:\SteamLibrary\steamapps\common\ChuSingura46+1\ChuSinGura46+1.exe
FirewallRules: [{916A795B-6E8A-4621-A64B-D991E50FFE39}] => (Allow) E:\SteamLibrary\steamapps\common\ChuSingura46+1\ChuSinGura46+1.exe
FirewallRules: [{22B80331-037C-4242-85DB-7AB5CA9E9AD6}] => (Allow) E:\SteamLibrary\steamapps\common\One Thousand Lies\One Thousand Lies.exe
FirewallRules: [{0F8402BB-0184-47CD-BE17-9E09164D7509}] => (Allow) E:\SteamLibrary\steamapps\common\One Thousand Lies\One Thousand Lies.exe
FirewallRules: [{01715534-7CAD-4825-84E5-249409930AF0}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{88F48756-EA17-4848-B992-B5B6ACF68748}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{B9A96F18-AED1-4E74-AC98-7C929D893B0C}] => (Allow) E:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{1F6D64D2-3670-4E85-8F7F-2190359C7AE0}] => (Allow) E:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{7100DE16-2F14-4BDB-919C-6227F6BCAA86}E:\blizzard\overwatch test\overwatch.exe] => (Allow) E:\blizzard\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{DEFBC4B4-813D-4335-8AB8-04C07B099A3F}E:\blizzard\overwatch test\overwatch.exe] => (Allow) E:\blizzard\overwatch test\overwatch.exe
FirewallRules: [{E02072DF-511D-4BA6-9E55-E1EEDA5E5A0B}] => (Allow) E:\SteamLibrary\steamapps\common\Tangledeep\Tangledeep.exe
FirewallRules: [{0B8118D9-9D42-4757-A0B2-0F57EFD6D740}] => (Allow) E:\SteamLibrary\steamapps\common\Tangledeep\Tangledeep.exe
FirewallRules: [{D31DE898-CFDE-4027-9006-00C4FEBCA199}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero.exe
FirewallRules: [{4DC438E0-A349-4CC5-AD0A-FB45338A5971}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero.exe
FirewallRules: [{4B5E8BBC-DD5F-45C3-95DE-4A51E678D1A4}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero64.exe
FirewallRules: [{E3D74D36-816A-4535-9871-848E8AB294B1}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero64.exe
FirewallRules: [TCP Query User{E8203AB6-88C8-46E9-A0C6-E4B6D9F95009}C:\program files (x86)\battle.net\battle.net.beta.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.exe
FirewallRules: [UDP Query User{884C17DD-35A2-42EF-8961-1DC11D4DFA11}C:\program files (x86)\battle.net\battle.net.beta.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.exe
FirewallRules: [{E5FA101E-73FF-405A-B135-AE0190E8640F}] => (Allow) E:\SteamLibrary\steamapps\common\Dysfunctional Systems Orientation\Dysfunctional Systems - Episode 0.exe
FirewallRules: [{214035C1-8147-442B-A085-103D68E60EE3}] => (Allow) E:\SteamLibrary\steamapps\common\Dysfunctional Systems Orientation\Dysfunctional Systems - Episode 0.exe
FirewallRules: [TCP Query User{C29A120D-7B76-4D52-AB7C-D628DBB7487E}C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe] => (Allow) C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe
FirewallRules: [UDP Query User{A174C144-9373-4878-88BA-142E32374CF7}C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe] => (Allow) C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe
FirewallRules: [TCP Query User{8D7246E6-8185-49B4-AC22-9B3F8078AD6B}C:\blizzard\overwatch\overwatch.exe] => (Allow) C:\blizzard\overwatch\overwatch.exe
FirewallRules: [UDP Query User{4612BFD0-C27D-4376-A4EC-85CCF13783DA}C:\blizzard\overwatch\overwatch.exe] => (Allow) C:\blizzard\overwatch\overwatch.exe
FirewallRules: [{60788383-7947-41DD-AE98-0C050F683D33}] => (Allow) E:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{D082614A-F61E-454A-A734-31E90D1CAA01}] => (Allow) E:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{180AA278-2BF3-4517-A4B7-EE0224C6EB28}] => (Allow) C:\Users\Jay\Downloads\LiquidSkyClient0.2.9.exe
FirewallRules: [{B5ACBAB6-059F-4786-92DF-119F94BC455A}] => (Allow) C:\Users\Jay\Downloads\LiquidSkyClient0.2.9.exe
FirewallRules: [TCP Query User{AC48CEBC-44EA-4A0C-9F84-302928F87712}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{770B2E98-3491-4901-89E4-27A2B6607057}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{AD40BDD8-3C77-46DB-BB79-4F04D4D47099}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{92865F4C-8B23-4639-AF9B-725A192E66E8}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{E9315E20-EDE6-4EF5-BF5B-835EC8EAFDC7}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [{81209488-E014-4687-AABB-2A79D99610A9}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [{F6BED7A5-34F4-4104-9583-A77D529B25D6}] => (Allow) E:\SteamLibrary\steamapps\common\CUPID - A free to play Visual Novel\CupidVN.exe
FirewallRules: [{2C142BC5-A84B-43D5-BA36-69735710C1D1}] => (Allow) E:\SteamLibrary\steamapps\common\CUPID - A free to play Visual Novel\CupidVN.exe
FirewallRules: [{A6DEBB21-FCF7-4FA9-B232-9E9F12DD52F7}] => (Allow) E:\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{69FE865C-1A2D-40C7-B0B5-500441A17CEC}] => (Allow) E:\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{E0A120CC-A323-4A04-9A86-8C21EAABA759}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{52421609-9A35-4C19-93D2-28DF641A1BCF}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{E6C14AD6-EBAF-4BFA-9A62-D4739B0E5EE2}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6D66D033-EF1B-4AEC-962F-57497AC6CE7A}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{079FA334-A844-4D58-A0AC-EEC5219F24D6}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\nw.exe
FirewallRules: [{6A3F9C99-8FDF-4F6C-8852-58496B7D9A1F}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\nw.exe
FirewallRules: [{7585706F-6087-4069-8676-A1ACEB692198}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{45C70CAF-24BB-485F-B6B3-EF71B0224CA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A117E5D2-1283-46CD-90C4-794E1F5880ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{202E9D41-E7FB-4CF9-A7E4-ED471D808784}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9358989C-C6F1-4714-BB19-AD3403E30606}] => (Allow) E:\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{0AC017B1-92E5-4599-B595-661D903D5B32}] => (Allow) E:\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{A9480DBA-D50C-4233-990C-A45E16F2BD4C}] => (Allow) E:\SteamLibrary\steamapps\common\Material Girl\Game.exe
FirewallRules: [{A775324D-74FF-4D89-A150-178BD7FD79AC}] => (Allow) E:\SteamLibrary\steamapps\common\Material Girl\Game.exe
FirewallRules: [{4370BD42-876F-4FEB-A1FF-4C49D55A7F64}] => (Allow) E:\SteamLibrary\steamapps\common\Orion Trail\Orion Trail.exe
FirewallRules: [{5BCC914F-473B-4795-A387-65E586F08DCF}] => (Allow) E:\SteamLibrary\steamapps\common\Orion Trail\Orion Trail.exe
FirewallRules: [{61A22BBD-6713-4B67-895A-D44F2C002826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{FE20FC5B-D190-4328-81E6-6207EC9F2B3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{C822B3F2-04F7-4ADD-9B7C-4993D5A335D9}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜浮汥整杤敲湯屹湕敭瑬摥牧潥祮攮數
FirewallRules: [{05BB9863-7264-418E-B6C3-66542DCDD69C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜浮汥整杤敲湯屹湕敭瑬摥牧潥祮⹟硥e
FirewallRules: [{56E50A92-FE8E-447B-BEE5-FE51F7D231D9}] => (Allow) E:\SteamLibrary\steamapps\common\Strawberry Vinegar\Strawberry Vinegar.exe
FirewallRules: [{0D64784A-E61D-485E-90BE-A438BA7AFB77}] => (Allow) E:\SteamLibrary\steamapps\common\Strawberry Vinegar\Strawberry Vinegar.exe
FirewallRules: [{A0188E5E-2657-44BA-A04B-DF8EBB67004D}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\windsdemo\Game.exe
FirewallRules: [{76AE0FB8-F382-4F71-89EB-E0D693BE1C40}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\windsdemo\Game.exe
FirewallRules: [TCP Query User{D2E635FE-C5AE-4B1A-B21D-5D9C3A2DE32E}E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E53A641A-E218-474F-977E-6EB71B516F7C}E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [{65B4CEEE-39E0-4076-8814-A1EE3219D612}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{85564162-1323-44B0-B028-B3EF19E48D4A}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{C41D6724-5DB3-4940-ABAC-F2B5FFE2D395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FFE68601-3C03-4158-8AC5-F06342F3FEDB}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{9C087293-AD63-4D4C-A018-9EE5F45095EE}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{569678E8-B6D9-4AEF-9614-BBCE69D092C0}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{B57047F9-8422-49FD-BEA8-7B5843C9FDE0}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{5EEBC69C-D91A-4955-BAB3-3EE0260FC2B1}] => (Allow) E:\SteamLibrary\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe
FirewallRules: [{9161E69F-CD22-455D-86A3-743FC2B660C8}] => (Allow) E:\SteamLibrary\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe
FirewallRules: [{BEE5B9D2-9277-4EEA-9A70-B3CCDCC3961A}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{59CA21D8-F5FE-4E03-80D8-1A08BA8B86D3}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{9B811EAE-24E8-4CEF-9B93-1E7E8E347B05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4FBA13F3-5E0C-4B56-BBD4-00C6343B51F7}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{11F9DB29-B90E-4254-89D5-B75BCA1CC05E}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{BA3318F8-CF1C-4461-B951-A55EA8FBC239}] => (Allow) E:\SteamLibrary\steamapps\common\Idol Magical Girl Chiruchiru Michiru Part 1\MichiruPt1Launcher.exe
FirewallRules: [{8325C52D-624B-4F63-8555-7F7FFF940A7D}] => (Allow) E:\SteamLibrary\steamapps\common\Idol Magical Girl Chiruchiru Michiru Part 1\MichiruPt1Launcher.exe
FirewallRules: [{46B65C2F-AAF6-4349-B3B8-A6B9EFF46261}] => (Allow) E:\SteamLibrary\steamapps\common\DB Xenoverse 2\START.exe
FirewallRules: [{C915F0D0-86DA-4450-996F-9C4775DCDA15}] => (Allow) E:\SteamLibrary\steamapps\common\DB Xenoverse 2\START.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2017 10:50:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110

Error: (12/19/2017 10:50:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110

Error: (12/19/2017 10:50:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (12/20/2017 09:38:53 AM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (12/19/2017 10:49:59 PM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (12/19/2017 10:49:59 PM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (12/19/2017 10:49:59 PM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-12-20 09:38:53.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.238
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.233
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.228
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.223
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.218
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.208
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-20 09:38:53.202
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8109.11 MB
Available physical RAM: 4918.4 MB
Total Virtual: 12973.11 MB
Available Virtual: 9124.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:8.15 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:698.54 GB) (Free:158.34 GB) NTFS
Drive f: () (Removable) (Total:0.06 GB) (Free:0.03 GB) NTFS
Drive h: (DRAGON BALL XENOVERSE 2) (CDROM) (Total:11.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D6D916F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7E77F7DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 60 MB) (Disk ID: 73736572)
Partition 1: (Not Active) - (Size=866 GB) - (Type=72)
Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

==================== End of Addition.txt ============================

Juliet · Dec 20, 2017

Let's get system restore turned back on.
https://www.tenforums.com/tutorials/4533-turn-off-system-protection-drives-windows-10-a.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start Farbar Recovery Scan Tool with Administrator privileges
or Right click on the FRST icon and select Run as administrator

Right click/highlight on the text below and select Copy.
beginning with Start:: and finishing with End::

Start::
CloseProcesses:
CreateRestorePoint:
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
S3 WsDrvInst; "E:\Keepvid\KeepVid Pro (Desktop)\DriverInstall.exe" [X]
S1 cycgorla; \??\C:\WINDOWS\system32\drivers\cycgorla.sys [X]
2017-12-19 21:07 - 2017-06-20 00:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
Emptytemp:
End::

Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~``

Please open Malwarebytes Anti-Malware.
On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete Apply Actions to any found entries.
Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options: > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Please post these 2 logs when finished.

Juliet · Dec 21, 2017

what device is connected to Drive f:

jocloud31 · Dec 25, 2017

Drive F: is a virtual drive through PowerISO.

Here are the logs requested:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/25/17
Scan Time: 9:25 AM
Log File: c648d0de-e987-11e7-b191-902b341033e8.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3560
License: Free

-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: JAY-PC\Jay

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305902
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Jay (25-12-2017 09:13:54) Run:1
Running from C:\Users\Jay\Desktop
Loaded Profiles: Jay (Available Profiles: Jay)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
S3 WsDrvInst; "E:\Keepvid\KeepVid Pro (Desktop)\DriverInstall.exe" [X]
S1 cycgorla; \??\C:\WINDOWS\system32\drivers\cycgorla.sys [X]
2017-12-19 21:07 - 2017-06-20 00:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome" => removed successfully
WsDrvInst => service not found.
cycgorla => service not found.
"C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll" => not found.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy

Неаrth.._.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk => Shortcut argument removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9525271 B
Java, Flash, Steam htmlcache => 561628175 B
Windows/system/drivers => 946005 B
Edge => 2521795 B
Chrome => 41155253 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Jay => 10869553 B

RecycleBin => 0 B
EmptyTemp: => 603.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:14:18 ====

Juliet · Dec 26, 2017

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on

start emergency kit scanner.exe and select

Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

created by Aura

After finishing the above scan please tell me how the computer is now.

Juliet · Dec 27, 2017

Drive F
what did you mount or use since it was so small?

Juliet · Dec 31, 2017

How is your computer now?

jocloud31 · Jan 2, 2018

Sorry for the delay, been away from home for the holidays.

Here's the log after the emisoft scan:

Emsisoft Emergency Kit - Version 2017.11
Last update: 1/1/2018 8:46:29 PM
User account: JAY-PC\Jay
Computer name: JAY-PC
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 1/1/2018 8:46:56 PM

Scanned 101012
Found 0

Scan end: 1/1/2018 8:48:00 PM
Scan time: 0:01:04

Everything appears to be back up and running as expected! No more CPU spikes and no more redirects

I think it's safe to say we're good. Thank you for all your help.

Juliet · Jan 2, 2018

Good to hear.

DelFix

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

*********

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Juliet · Jan 13, 2018

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Browser redirect malware with additional side effects

jocloud31

New member

Juliet

Security Expert-emeritus

jocloud31

New member

Juliet

Security Expert-emeritus

jocloud31

New member

jocloud31

New member

jocloud31

New member

jocloud31

New member

Juliet

Security Expert-emeritus

jocloud31

New member

Juliet

Security Expert-emeritus

Juliet

Security Expert-emeritus

jocloud31

New member

Juliet

Security Expert-emeritus

Juliet

Security Expert-emeritus

Juliet

Security Expert-emeritus

jocloud31

New member

Juliet

Security Expert-emeritus

Juliet

Security Expert-emeritus