WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Just looking for a 2nd opinion...... [Solved]

Started by Nub , Mar 12 2017 06:30 AM

Trojan:Win32/Dynamer!dtc

This topic is locked

29 replies to this topic

#1 Nub

New Member

Authentic Member
17 posts

Posted 12 March 2017 - 06:30 AM

It would appear I have somehow got infected with Trojan Win32 Dynamer!dtc according to this program's scan(though the program itself doesn't tell me WHICH file it is that's infected with this malware......silly Microsoft scanner....):

...which might explain why KillingFloor.exe is deleting itself presumably because it *failed* to do its job so it deletes itself to make sure I won't notice.....but obviously will since I go on that often.......and the fact that KIS 2016 popped up many times regarding this fact but will only pop up if it themselves deleted/quarantined it and NOT the file delete itself or from some other means:

So yeah...it must have been a file I downloaded recently or something or maybe from a previous session that is has become dormant until now(not that I doubt the help of the malware removal specialist that helped me - you did great! Perhaps it was just being dormant and hiding itself? idk...maybe I shouldn't have pointed back to this...).....and no this time I haven't been looking at trainers...

So yeah, I've re-scanned with KIS 2016, Malwarebytes Anti-Malware, SUPERAntiSpyware and even Spybot Search and Destroy.....and followed this guide here: https://dl.packetsto...are-removal.pdf...which means I've done TDSSKiller, another but quicker scan of Malwarebytes(as before I ran a *complete* scan over a threat scan and this guide points to a threat scan on the newer malwarebytes version) and Hitman Pro. Didn't need to do step 3 because it says I don't need to if the above programs ran fine... And have ran Ccleaner, got KeyScambler for a while now, so should be good without needing to re-changing passwords again and I don't have any restore points as the service itself is disabled....

So yeah, it started basically a few days ago...if there's anything I missed out that you would like to know, ask and you shall be given!

EDIT: Nope, KIS 2016 still deletes it on the account of *suspicious* activity..... Even uploaded the file to virustotal.com and that says it's clean......the program must be injecting to the exe file *upon* launch or during execution as that's when KIS 2016 detects the changes and deletes the file....... Otherwise, I'm sure if I scanned the exe file with all my suites (KIS, Malwarebytes, SuperAntiSpyware, Spybot and even virustotal) BEFORE executing it, it would have at least flagged up as such......or it could also be a false positive and KIS 2016 being too overprotective.....but then again.....that Trojan:Win32/Dynamer!dtc that Microsoft's scanner picked up and *partially removed* doesn't sound promising....would have been nice if it stated the location of said infected file...and perhaps a log of what it did.....but nope no log files provided....

I was just in a game too....and then suddenly I crashed to the desktop thinking "What the hell?" hahahaha, then a popup from KIS stated the game executable did something suspicious that warranted it force deleting and crashing the game I was having....and if you want, here's a more recent(as it just happened a few minutes ago...) screenshot of reports:

Hmmmmmm..........

I guess I'll have to postpone my work on that game then until this is solved....

EDIT2: I've move the exe file one folder above so I don't have to verify the entire game if all it's missing is just the executable file for the game(I can just copy it from there and paste it into the System directory whenever it gets deleted.....though a more ideal solution would be to stop this auto delete issue whether it be from KIS or left over *trojan*....)(I've also modded the game a fair bit so I don't want the verification to override them with the stock files.....); so far nothing's happened to that file that got moved up....exact same file, just not in the System folder anymore, one folder up, so in the game root directory folder. And have also left it there for a couple of days there and hasn't deleted itself *yet*.....so it does appear to be targeting this specific file at this specific location.........maybe I could try rename the file? But then I won't be able to play or do any of my work on it as steam would think it's still not there and redownload the file again which will result(unless cleaned up 100%) in the above actions as described......and no, I can't really work on if I were to just execute the file itself without steam as you *need* steam for the perk and achievements......

EDIT3: Hmmmm...I did a test by making a blank exe file of the same name (so zero bytes) and that got deleted upon next turn on today which I did yesterday. So I've made another zero byte(today) same name file exe and have tried to do some more tests with it.....so left it as is without executing the blank file: restarted - file still there; shutdown and then turn back on - file still there; boot into safe mode and then restart - file still there(also whilst I was in that mode, I did another scan with the Microsoft scanner and the same malware got picked up and as was shown last time - *partially removed* with no further information on which file(s) it/they were - so looks like even in safe mode that program can't remove this trojan completely....); log off and login - file still there....

I checked my Services thingy and noticed this:

As I've not seen this before in the services, I don't think that's supposed to happen, right....? Well at least the description part of it...

And another strange service which I don't recall seeing before in a usual windows install is this:

The path to the executable is blank........even running the services program as admin, still shows ....blank..... Now I googled it up and *apparently* it's to do with Kaspersky, but Kaspersky already has one named klvssbridge64 as shown here:

Well at least I'm guessing this is the one for Kaspersky and ...maybe the other one too? But why is the path to executable blank then and not pointing to a file in the same directory of Kaspersky install?

Ok so anyways....did another run, executing the blank file, and then log off, and or restart and file is still there....so that would mean it only happens if the game was *executed* correctly.........hmmm, perhaps this mysterious event is targeting a specific file in memory and trying to alter it somehow whilst in memory and if that doesn't work - ie nothing happens and KIS 2016 hasn't picked up anything suspicious, it then deletes itself or at least the executable game file....but if it *does* work(but not to the point of *successfully* pulling it off because ...), KIS 2016 picks it up and blocks it anyways and deletes the file.

Hmmmm, I'm guessing it either deletes itself upon shutdown *or* it deletes itself upon booting up...not sure which and I am not sure how to find this out either...

Edited by Nub, 13 March 2017 - 03:32 AM.

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 March 2017 - 08:23 AM

:welcome:

What we can do is have you run a couple of scans and post the logs and lets see whats going on. At this point dont run any other programs and change anything as it may interfere with out analysis. From what I have been reading there may be issues when running killingfloor. It also looks like the files you posted about are related to Kaspersky .

All of our tools and scanners run more efficiently when run from the desktop

Please download aswMBR to your DESKTOP <<<<<

Right click the aswMBR icon and select Run as Administrator

XP users just Double Click it to run

If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes

Click the Scan button to start scan.

Select Quickscan on the dropdown list

If you are asked to update the Avast Virus database please allow it to do so.

The scan could take 20 minutes or more , please be patient and let it finish

It will say Scan Finished when its done.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

============================================================================

Please download Farbar Recovery Scan Tool and save it to your DESKTOP<<<<<<

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 Nub

New Member

Authentic Member
17 posts

Posted 14 March 2017 - 02:18 AM

What we can do is have you run a couple of scans and post the logs and lets see whats going on. At this point dont run any other programs and change anything as it may interfere with out analysis. From what I have been reading there may be issues when running killingfloor. It also looks like the files you posted about are related to Kaspersky .

Hiya!

It didn't have these issues before...... Yes if that's what you say about those screenshots on edit 3.....but what about the one without an valid path?

Please download aswMBR to your DESKTOP <<<<<

Right click the aswMBR icon and select Run as Administrator

XP users just Double Click it to run

If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes

Click the Scan button to start scan.

Select Quickscan on the dropdown list

If you are asked to update the Avast Virus database please allow it to do so.

The scan could take 20 minutes or more , please be patient and let it finish

It will say Scan Finished when its done.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

It appears to crash upon scanning a specific file(tried it desktop as well as in the default download folder - same result):

In this case, the file is Audiosrv.dll.... and a google search and according to this, appears to be a valid safe file...

Please download Farbar Recovery Scan Tool and save it to your DESKTOP<<<<<<

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Attached are the two files you requested. Addition.txt 62.33KB 313 downloads FRST.txt 43.28KB 262 downloads

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 March 2017 - 04:11 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017

Ran by Manectric (administrator) on RAIKOU (14-03-2017 16:05:26)

Running from C:\Users\Electrike\Downloads

Loaded Profiles: Manectric & Electrike (Available Profiles: Manectric & Electrike)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe

(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe

() C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

() C:\Program Files\Smart Update\Update_Service.exe

() C:\Program Files (x86)\Windscribe\WindscribeService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

(Razer USA Ltd) C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe

(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe

(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe

(Valve Corporation) E:\Steam\Steam.exe

(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) E:\Sandbox\Steambox\drive\C\S\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) E:\Sandbox\Steambox\drive\C\S\bin\cef\cef.win7\steamwebhelper.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe

(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe

() C:\Users\Electrike\Downloads\Idle Master\IdleMaster.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Users\Electrike\Downloads\Idle Master\steam-idle.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\mspaint.exe

(Valve Corporation) E:\Sandbox\Steambox\drive\C\S\bin\cef\cef.win7\steamwebhelper.exe

(AVAST Software) C:\Users\Electrike\Desktop\aswMBR.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-21] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-09-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)

HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-28] (Intel Corporation)

HKLM Group Policy restriction on software: C:\Windows\System32\VSSAdmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.WSF <====== ATTENTION

HKLM Group Policy restriction on software: *.JSE <====== ATTENTION

HKLM Group Policy restriction on software: *.JS <====== ATTENTION

HKLM Group Policy restriction on software: %appdata% <====== ATTENTION

HKLM Group Policy restriction on software: *.WSH <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile% <====== ATTENTION

HKLM Group Policy restriction on software: *.VBE <====== ATTENTION

HKLM Group Policy restriction on software: *.VBS <====== ATTENTION

HKLM\...\Policies\Explorer: [NoThumbnailCache] 1

HKLM\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1

HKLM\...\Policies\Explorer: [NoCDBurning] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799376 2016-12-14] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-16] (SUPERAntiSpyware)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799376 2016-12-14] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9161720 2016-12-23] (Binary Fortress Software)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-16] (SUPERAntiSpyware)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170360 2017-02-10] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-02-10] (NVIDIA Corporation)

IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES (X86)\PROCESSEXPLORER\PROCEXP.EXE"

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

GroupPolicy: Restriction <======= ATTENTION

GroupPolicyScripts: Restriction <======= ATTENTION

GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File

Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\..\Interfaces\{0326CB5A-1274-4DD9-8EB4-1BE8C95AE083}: [NameServer] 8.8.8.8,203.12.160.35

Tcpip\..\Interfaces\{4F65E33E-CBEB-441C-B813-D5B11989BAD0}: [DhcpNameServer] 10.110.234.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB

SearchScopes: HKLM -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =

Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

FireFox:

========

FF DefaultProfile: ipvqxq4h.default

FF ProfilePath: C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default [2017-03-12]

FF Extension: (HTTPS-Everywhere) - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\https-everywhere@eff.org [2016-01-22]

FF Extension: (TrafficLight) - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\trafficlight@bitdefender.com.xpi [2016-01-22]

FF Extension: (Flagfox) - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-01-22]

FF Extension: (NoScript) - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-06-11]

FF Extension: (No Name) - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-03-11] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]

FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]

FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Manectric\AppData\Roaming\IDM\idmmzcc5

FF Extension: (IDM CC) - C:\Users\Manectric\AppData\Roaming\IDM\idmmzcc5 [2017-02-24] [not signed]

FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Electrike\AppData\Roaming\IDM\idmmzcc5

FF Extension: (IDM CC) - C:\Users\Electrike\AppData\Roaming\IDM\idmmzcc5 [2017-02-12] [not signed]

FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-26] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26]

CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-16] (SUPERAntiSpyware.com)

R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)

R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5098008 2016-12-23] (Binary Fortress Software)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [229648 2016-10-06] (EasyAntiCheat Ltd)

R2 ElevateService; C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe [14336 2014-10-29] () [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-10] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-10-15] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-30] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)

S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)

S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-19] ()

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)

S4 PAExec; C:\Windows\PAExec.exe [189112 2017-02-24] (Power Admin LLC)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197776 2016-12-14] (Sandboxie Holdings, LLC)

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)

R2 Update_Service; C:\Program Files\Smart Update\Update_Service.exe [135680 2016-11-02] () [File not signed]

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-02] (Microsoft Corporation)

R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-19] (Intel® Corporation)

S2 AVP16.0.0; no ImagePath

S4 fsssvc; no ImagePath

S3 Futuremark SystemInfo Service; no ImagePath

S4 TBS; %SystemRoot%\System32\tbssvc.dll [X]

S3 vssbrigde64; no ImagePath

S4 wlidsvc; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-14] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-14] (Motorola Solutions, Inc.)

S3 btmlehid; C:\Windows\system32\drivers\btmlehid.sys [83256 2014-02-04] (Motorola Solutions, Inc.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)

S3 fssfltr; no ImagePath

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [30360 2014-10-09] (Intel Corporation)

R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-04] (Intel Corporation)

R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-19] (QFX Software Corporation)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236432 2016-12-02] (AO Kaspersky Lab)

R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-03-14] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-25] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-25] (AO Kaspersky Lab)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)

R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3438872 2015-02-22] (Intel Corporation)

R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2014-10-22] (Realsil Semiconductor Corporation)

R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [205968 2016-12-14] (Sandboxie Holdings, LLC)

S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)

R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-10-05] (CyberLink Corp.)

U4 npcap_wifi; no ImagePath

U3 aswMBR; \??\C:\Users\MANECT~1\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION

U3 aswVmm; \??\C:\Users\MANECT~1\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 16:05 - 2017-03-14 16:05 - 00024718 _____ C:\Users\Electrike\Downloads\FRST.txt

2017-03-14 16:04 - 2017-03-14 16:05 - 00000000 ____D C:\FRST

2017-03-14 16:04 - 2017-03-14 16:04 - 02424832 _____ (Farbar) C:\Users\Electrike\Downloads\FRST64.exe

2017-03-14 15:44 - 2017-03-14 15:44 - 05198336 _____ (AVAST Software) C:\Users\Electrike\Desktop\aswMBR.exe

2017-03-13 20:15 - 2017-03-13 20:16 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\vlc

2017-03-13 20:15 - 2017-03-13 20:15 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk

2017-03-13 20:15 - 2017-03-13 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2017-03-13 20:15 - 2017-03-13 20:15 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2017-03-13 20:10 - 2017-03-13 20:11 - 30533688 _____ C:\Users\Electrike\Downloads\vlc-2.2.4-win32.exe

2017-03-13 20:06 - 2017-03-13 20:06 - 00000000 ____D C:\Users\Electrike\Downloads\f

2017-03-13 18:03 - 2017-03-13 18:03 - 00170497 _____ C:\Users\Electrike\Downloads\WO-089055.pdf

2017-03-13 14:50 - 2017-03-13 16:47 - 00233482 _____ C:\Windows\ntbtlog.txt

2017-03-13 09:15 - 2017-03-13 09:16 - 14079474 _____ C:\Users\Electrike\Downloads\f.zip

2017-03-13 07:08 - 2017-03-14 00:05 - 00000000 ____D C:\Users\Electrike\Downloads\SAT

2017-03-13 05:47 - 2017-03-13 05:47 - 00335960 _____ C:\Windows\system32\FNTCACHE.DAT

2017-03-13 05:47 - 2017-03-13 05:47 - 00084896 _____ C:\Users\Electrike\AppData\Local\GDIPFONTCACHEV1.DAT

2017-03-12 22:05 - 2017-03-12 22:05 - 00007662 _____ C:\Users\Manectric\AppData\Local\Resmon.ResmonCfg

2017-03-12 19:48 - 2017-03-12 19:53 - 00000000 ____D C:\ProgramData\HitmanPro

2017-03-12 19:41 - 2017-03-12 19:43 - 11581544 _____ (SurfRight B.V.) C:\Users\Electrike\Downloads\HitmanPro_x64.exe

2017-03-12 19:35 - 2017-03-12 19:36 - 00230058 _____ C:\TDSSKiller.3.1.0.12_12.03.2017_19.35.05_log.txt

2017-03-12 19:33 - 2017-03-12 19:34 - 04656523 _____ C:\Users\Electrike\Downloads\tdsskiller.zip

2017-03-12 19:33 - 2017-03-12 19:33 - 00000354 _____ C:\TDSSKiller.2.8.16.0_12.03.2017_19.33.34_log.txt

2017-03-12 19:33 - 2016-11-07 07:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Electrike\Downloads\TDSSKiller.exe

2017-03-10 23:10 - 2017-03-12 16:31 - 00000000 ____D C:\Users\Electrike\Downloads\Idle Master

2017-03-03 17:44 - 2017-03-03 17:44 - 00000202 _____ C:\Users\Electrike\Desktop\Fiends of Imprisonment.url

2017-03-03 17:43 - 2017-03-03 17:43 - 00000202 _____ C:\Users\Electrike\Desktop\Break Into Zatwor.url

2017-02-24 22:05 - 2017-03-10 19:25 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\NVIDIA

2017-02-24 21:55 - 2017-02-24 21:55 - 00000000 ____D C:\Users\Electrike\AppData\Local\NVIDIA Corporation

2017-02-24 21:54 - 2017-02-24 21:54 - 00000000 ____D C:\Windows\SysWOW64\NV

2017-02-24 21:54 - 2017-02-24 21:54 - 00000000 ____D C:\Windows\system32\NV

2017-02-24 21:54 - 2017-02-24 21:54 - 00000000 ____D C:\Users\Manectric\AppData\Local\NVIDIA Corporation

2017-02-24 21:53 - 2017-03-14 11:48 - 00000000 ____D C:\ProgramData\NVIDIA

2017-02-24 21:53 - 2017-02-24 21:53 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-02-24 21:53 - 2017-02-24 21:53 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-02-24 21:53 - 2017-02-24 21:53 - 00003676 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-02-24 21:53 - 2017-02-24 21:53 - 00003500 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-02-24 21:53 - 2017-02-24 21:53 - 00003440 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-02-24 21:53 - 2017-02-24 21:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-02-24 21:53 - 2017-02-24 21:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-02-24 21:53 - 2017-02-10 08:52 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2017-02-24 21:53 - 2017-02-10 07:13 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

2017-02-24 21:53 - 2017-02-10 06:57 - 07791217 _____ C:\Windows\system32\nvcoproc.bin

2017-02-24 21:53 - 2017-02-10 06:57 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2017-02-24 21:53 - 2017-01-26 08:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2017-02-24 21:53 - 2017-01-26 08:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll

2017-02-24 21:53 - 2017-01-26 08:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll

2017-02-24 21:53 - 2017-01-26 08:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe

2017-02-24 21:52 - 2017-02-24 21:52 - 00000000 ____D C:\Windows\LastGood.Tmp

2017-02-24 21:52 - 2017-02-10 08:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2017-02-24 21:52 - 2017-02-10 08:52 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00042606 _____ C:\Windows\system32\nvinfo.pb

2017-02-24 21:52 - 2017-02-10 08:52 - 00039992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2017-02-24 21:52 - 2017-02-10 08:52 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json

2017-02-24 21:52 - 2017-02-10 08:52 - 00000669 _____ C:\Windows\system32\nv-vk64.json

2017-02-24 20:24 - 2017-02-10 08:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2017-02-24 19:35 - 2017-02-24 19:35 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe

2017-02-24 18:56 - 2017-02-10 08:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2017-02-24 18:56 - 2017-02-10 08:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2017-02-24 18:29 - 2017-02-24 18:30 - 00001908 _____ C:\Windows\diagwrn.xml

2017-02-24 18:29 - 2017-02-24 18:30 - 00001908 _____ C:\Windows\diagerr.xml

2017-02-24 18:29 - 2017-02-24 18:29 - 00000000 ____D C:\$WINDOWS.~BT

2017-02-23 23:22 - 2017-02-23 23:22 - 00001928 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk

2017-02-23 23:22 - 2017-02-23 23:22 - 00000000 ____D C:\Users\Electrike\AppData\Local\DOSBox

2017-02-23 23:22 - 2017-02-23 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74

2017-02-23 23:22 - 2017-02-23 23:22 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74

2017-02-23 13:04 - 2017-02-23 13:04 - 00000000 ____D C:\Users\Electrike\Downloads\hw64_544

2017-02-22 21:19 - 2017-03-02 18:49 - 00000000 ____D C:\Users\Electrike\Documents\OpenXcom

2017-02-21 19:23 - 2017-02-21 19:27 - 00000650 _____ C:\Users\Electrike\Downloads\gfjydty.txt

2017-02-20 22:08 - 2017-02-20 23:31 - 00000000 ____D C:\Users\Manectric\Documents\OpenXcom

2017-02-20 22:08 - 2017-02-20 22:08 - 00000000 ____D C:\Users\Manectric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenXcom

2017-02-17 12:10 - 2017-03-14 16:02 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e4d34f86-8653-4a93-bc58-a1e3600e97f4.job

2017-02-17 12:10 - 2017-02-17 12:10 - 00003522 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e4d34f86-8653-4a93-bc58-a1e3600e97f4

2017-02-12 18:35 - 2017-03-12 22:06 - 00000000 ____D C:\Users\Electrike\Downloads\b

2017-02-12 08:12 - 2017-02-12 08:12 - 00001270 _____ C:\Users\Manectric\Desktop\4K Video Downloader.lnk

2017-02-12 08:12 - 2017-02-12 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download

2017-02-12 08:12 - 2017-02-12 08:12 - 00000000 ____D C:\Program Files (x86)\4KDownload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 16:04 - 2016-08-13 10:46 - 00029436 __RSH C:\ProgramData\ntuser.pol

2017-03-14 15:56 - 2016-08-08 20:01 - 00000000 ____D C:\Users\Manectric\AppData\Local\CrashDumps

2017-03-14 15:31 - 2016-03-06 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2017-03-14 15:04 - 2016-10-06 14:55 - 00000000 ____D C:\Users\Electrike\AppData\Local\DisplayFusion

2017-03-14 14:04 - 2016-08-25 12:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2017-03-14 12:41 - 2009-07-14 13:13 - 00847142 _____ C:\Windows\system32\PerfStringBackup.INI

2017-03-14 12:41 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf

2017-03-14 11:59 - 2016-06-26 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-03-14 11:57 - 2009-07-14 12:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-03-14 11:57 - 2009-07-14 12:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-03-14 11:52 - 2016-01-23 11:54 - 00000000 __SHD C:\Users\Electrike\IntelGraphicsProfiles

2017-03-14 11:48 - 2017-01-27 13:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2017-03-14 11:48 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-03-14 00:05 - 2017-01-02 20:10 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\HLSW

2017-03-13 22:45 - 2015-01-12 17:26 - 00133910 _____ C:\Users\Electrike\Documents\%$##!!@.TXT

2017-03-13 20:03 - 2016-01-23 17:21 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2017-03-12 20:04 - 2016-08-22 14:14 - 00000000 ____D C:\Windows\pss

2017-03-12 20:03 - 2016-05-11 05:36 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\IDM

2017-03-12 20:03 - 2016-04-29 15:47 - 00000000 ____D C:\Users\Electrike\AppData\Local\CrashDumps

2017-03-12 20:03 - 2016-04-29 10:46 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\FileZilla

2017-03-12 20:03 - 2016-01-22 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2017-03-12 19:40 - 2016-01-22 19:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-03-12 18:41 - 2016-08-06 09:44 - 01125745 _____ C:\Users\Electrike\Downloads\Trainer for Oil Rush.zip

2017-03-12 17:41 - 2016-01-22 11:28 - 00008934 _____ C:\Windows\Sandboxie.ini

2017-03-12 15:16 - 2016-08-26 14:01 - 00001368 _____ C:\Users\Electrike\Desktop\Steam(_bot_3).lnk

2017-03-12 15:15 - 2016-06-25 10:18 - 00001301 _____ C:\Users\Electrike\Desktop\Steam(BFF18).lnk

2017-03-12 02:08 - 2016-07-08 13:09 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2017-03-12 02:08 - 2014-10-22 14:55 - 00000000 ____D C:\ProgramData\Temp

2017-03-12 01:43 - 2016-08-03 05:57 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job

2017-03-12 01:43 - 2016-03-06 09:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-03-10 23:13 - 2017-01-02 20:10 - 00000961 _____ C:\Users\Manectric\Desktop\HLSW.lnk

2017-03-10 23:13 - 2017-01-02 20:10 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLSW

2017-03-10 23:13 - 2017-01-02 20:10 - 00000000 ___SD C:\Program Files (x86)\HLSW

2017-03-10 23:13 - 2017-01-02 20:10 - 00000000 ____D C:\Users\Manectric\AppData\Roaming\HLSW

2017-03-09 17:28 - 2017-01-30 17:19 - 00002242 ____H C:\Users\Electrike\Documents\Default.rdp

2017-03-05 21:06 - 2016-08-13 09:21 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS

2017-03-05 21:06 - 2016-01-22 17:01 - 00000000 ____D C:\Fraps

2017-03-02 13:19 - 2016-01-22 11:24 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1453433047

2017-03-02 13:19 - 2016-01-22 11:24 - 00000000 ____D C:\Program Files (x86)\Opera

2017-03-01 23:49 - 2016-04-29 10:46 - 00001864 _____ C:\Users\Public\Desktop\FileZilla Client.lnk

2017-03-01 23:49 - 2016-04-29 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2017-03-01 23:49 - 2016-04-29 10:46 - 00000000 ____D C:\Program Files\FileZilla FTP Client

2017-02-24 21:54 - 2016-01-19 10:59 - 00000000 __SHD C:\Users\Manectric\IntelGraphicsProfiles

2017-02-24 21:53 - 2014-10-22 14:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-02-24 21:53 - 2014-10-22 14:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-02-24 21:53 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help

2017-02-24 20:38 - 2016-03-11 08:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-02-24 03:02 - 2016-01-22 20:48 - 00000000 ____D C:\Windows\system32\MRT

2017-02-24 03:00 - 2016-01-22 20:48 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-02-23 23:22 - 2016-01-23 11:55 - 00000000 ____D C:\Users\Electrike\AppData\Local\VirtualStore

2017-02-20 02:01 - 2016-06-23 22:12 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\Skype

2017-02-18 20:01 - 2016-08-14 00:10 - 00079093 _____ C:\Users\Electrike\Desktop\Group Policy.msc

2017-02-17 12:10 - 2016-01-22 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2017-02-17 10:39 - 2016-01-22 21:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2017-02-15 12:31 - 2016-08-03 05:57 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-02-15 12:31 - 2016-03-06 10:01 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-02-15 12:31 - 2016-03-06 10:01 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-02-15 12:31 - 2016-03-06 10:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-02-15 12:31 - 2016-03-06 09:48 - 00000000 ____D C:\Windows\system32\Macromed

2017-02-12 18:35 - 2016-05-11 05:36 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\DMCache

==================== Files in the root of some directories =======

2016-01-19 10:59 - 2016-01-22 17:20 - 0000020 _____ () C:\Users\Manectric\AppData\Roaming\db.ini

2017-03-12 22:05 - 2017-03-12 22:05 - 0007662 _____ () C:\Users\Manectric\AppData\Local\Resmon.ResmonCfg

2014-08-20 12:06 - 2014-08-20 12:06 - 0000020 _____ () C:\ProgramData\db.ini

2014-10-22 13:49 - 2014-10-22 13:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 13:45

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017

Ran by Manectric (14-03-2017 16:05:45)

Running from C:\Users\Electrike\Downloads

Windows 7 Professional Service Pack 1 (X64) (2016-01-19 02:59:00)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2798084944-1211984927-2140173799-500 - Administrator - Disabled)

Electrike (S-1-5-21-2798084944-1211984927-2140173799-1001 - Limited - Enabled) => C:\Users\Electrike

Guest (S-1-5-21-2798084944-1211984927-2140173799-501 - Limited - Disabled)

Manectric (S-1-5-21-2798084944-1211984927-2140173799-1000 - Administrator - Enabled) => C:\Users\Manectric

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\Steam App 223850) (Version: - Futuremark)

4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.1.2185 - Open Media LLC)

7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)

8BitBoy (HKLM-x32\...\Steam App 296910) (Version: - AwesomeBlade)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)

Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)

AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)

Ansel (Version: 378.66 - NVIDIA Corporation) Hidden

Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)

BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)

BioShock Remastered (HKLM\...\Steam App 409710) (Version: - 2K Boston)

Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)

Break Into Zatwor (HKLM\...\Steam App 395980) (Version: - Zonitron Productions)

Breakout Invaders (HKLM-x32\...\Steam App 366700) (Version: - DreamsSoftGames)

Broforce (HKLM\...\Steam App 274190) (Version: - Free Lives)

Canon Easy-PhotoPrint EX - Additional Materials DL_AN1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN1) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_AN2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN2) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_AN3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN3) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_AN4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN4) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_AN5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN5) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_FA1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA1) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_FA2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA2) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_FA3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA3) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_FA4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA4) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_FA5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA5) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST1) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST2) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST3) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST4) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST5) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST6 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST6) (Version: - )

Canon Easy-PhotoPrint EX - Additional Materials DL_ST7 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST7) (Version: - )

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)

Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)

CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2205.58 - CyberLink Corp.)

DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)

DisplayFusion (HKLM\...\Steam App 227260) (Version: - Binary Fortress Software)

DisplayFusion 8.1.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 8.1.2.0 - Binary Fortress Software)

Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)

Edge of Space (HKLM-x32\...\Steam App 238240) (Version: - Handyman Studios)

ELAN Touchpad 11.14.7.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.14.7.1 - ELAN Microelectronic Corp.)

Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version: - Zonitron Productions)

FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)

FRAFS AVI Info version 0.2.2.2 (HKLM-x32\...\{3DC088C4-41EB-4CEF-9B45-940555A818D3}_is1) (Version: 0.2.2.2 - raffriff42)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

Game Dev Tycoon version 1.5.24 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.24 - Greenheart Games Pty. Ltd.)

Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)

GIGABYTE Smart USB Backup 2.0.20141014 (HKLM-x32\...\GIGABYTE Smart USB Backup) (Version: 2.0.20141014 - GIGABYTE TECHNOLOGY CO.,LTD.)

Gone Home (HKLM-x32\...\GoneHome) (Version: - )

GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)

Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 4.71 - Janos Mathe)

Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)

HLSW v1.4.0.5 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)

Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)

Hyperdimension Neptunia Re;Birth2 Sisters Generation (HKLM-x32\...\Steam App 351710) (Version: - Compile Heart)

Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4294 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)

Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)

Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden

KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.10.0.0 - QFX Software Corporation)

Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)

Killing Floor 2 - SDK (HKLM\...\Steam App 232150) (Version: - )

Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)

Killing Floor SDK (HKLM\...\Steam App 1260) (Version: - Tripwire Interactive)

Kingdom Wars (HKLM\...\Steam App 227180) (Version: - Reverie World Studios, INC)

LanOptimizer (HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - Realtek)

Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

MediaInfo 0.7.78 (HKLM\...\MediaInfo) (Version: 0.7.78 - MediaArea.net)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mozilla Firefox 45.8.0 ESR (x86 en-US) (HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Mozilla Firefox 45.8.0 ESR (x86 en-US)) (Version: 45.8.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0 - Mozilla)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)

My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)

NTLite v1.2.0.4750 (HKLM\...\NTLite_is1) (Version: 1.2.0.4750 - Nlitesoft)

NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.0 - OBS Project)

Omikron - The Nomad Soul (HKLM-x32\...\Steam App 243000) (Version: - Quantic Dream)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

OpenXcom 1.0 (HKLM-x32\...\OpenXcom) (Version: 1.0.0.0 - OpenXcom Developers)

Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)

ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)

Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 - Realtek Semiconductor Corp.)

Renegade Ops (HKLM-x32\...\Steam App 99300) (Version: - Avalanche Studios)

Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)

Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version: - Crystal Dynamics)

Sandboxie 5.16 (64-bit) (HKLM\...\Sandboxie) (Version: 5.16 - Sandboxie Holdings, LLC)

Savage Resurrection (HKLM\...\Steam App 366440) (Version: - S2 Games, LLC)

SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)

Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)

Smart Manager V3 Ver 4.4.3 (HKLM\...\Smart Manager V3) (Version: Ver 4.4.3 - GIGABYTE)

Smart Update v3.3.1 (HKLM-x32\...\Smart Update) (Version: v3.3.1 - GIGABYTE TECHNOLOGY CO.,LTD.)

Sniper Elite: Nazi Zombie Army (HKLM\...\Steam App 227100) (Version: - Rebellion)

Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version: - )

Soulbringer (HKLM-x32\...\Steam App 283310) (Version: - Infogames Europe SA)

SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)

SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)

SPORE™ Galactic Adventures (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)

Starbound - Unstable (HKLM\...\Steam App 367540) (Version: - )

Starbound (HKLM-x32\...\Steam App 211820) (Version: - )

State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Street Racing Syndicate (HKLM-x32\...\Steam App 292410) (Version: - Eutechnyx)

Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)

TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)

Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)

The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version: - Bethesda Game Studios)

The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)

Trainz (HKLM-x32\...\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}) (Version: - )

UE Explorer (HKLM-x32\...\{73C686EA-0FF6-4491-BD0D-FE52A62E8B63}) (Version: 1.2.71 - Eliot)

UE3Redist (HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)

UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden

Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version: - Creative Assembly, PC Port - Hardlight)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)

Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)

Windscribe version 1.61 build 9 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.61 build 9 - Windscribe)

WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)

WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

X-COM: UFO Defense (HKLM\...\Steam App 7760) (Version: - MicroProse Software, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {056FFE8C-A857-4FBF-8FCF-1A17169A23E7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)

Task: {09A737C1-5415-4850-916F-39F71D37506D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {0E440603-5998-4E6F-A468-6534CE21E6F8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)

Task: {23999207-D116-4723-BBA3-00FDCAD2E369} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)

Task: {4191DB8E-F288-4967-9413-3A887B0857B4} - System32\Tasks\SUPERAntiSpyware Scheduled Task e4d34f86-8653-4a93-bc58-a1e3600e97f4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)

Task: {9C42B084-9500-4777-9C27-56A5BC51522B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-10] (NVIDIA Corporation)

Task: {B76B62E6-4816-41E9-928B-167DC7901818} - System32\Tasks\Opera scheduled Autoupdate 1453433047 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)

Task: {CB6F5C92-84A9-4643-A25F-B79D4542047C} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2015-09-05] (Beepa P/L)

Task: {D23151EE-5256-4901-9127-5EE10B45EBD6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)

Task: {D2443CEE-28E7-4E8E-B014-09D96E0D998C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-06] (Piriform Ltd)

Task: {E1B701B4-8889-46F5-A1E8-6226A5212985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)

Task: {EB01EC40-DA06-4B4E-88A7-BA219EC53B4F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-10] (NVIDIA Corporation)

Task: {FF4E6B6D-7A57-4A57-8419-5585F849144D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-10] (NVIDIA Corporation)

Task: {FFE4DF80-8C39-4568-8C64-A70E97751AF6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e4d34f86-8653-4a93-bc58-a1e3600e97f4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-24 21:52 - 2017-02-10 08:52 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2017-02-24 21:53 - 2017-02-10 06:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-10-29 15:01 - 2014-10-29 15:01 - 00014336 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe

2016-11-02 11:52 - 2016-11-02 11:52 - 00135680 _____ () C:\Program Files\Smart Update\Update_Service.exe

2016-12-28 09:42 - 2016-12-08 01:15 - 00053352 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe

2017-02-22 05:09 - 2017-02-22 05:09 - 00052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

2017-03-12 15:40 - 2017-01-06 01:55 - 01958400 _____ () C:\Users\Electrike\Downloads\Idle Master\IdleMaster.exe

2017-03-12 15:40 - 2015-02-10 01:44 - 00497664 _____ () C:\Users\Electrike\Downloads\Idle Master\steam-idle.exe

2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll

2014-04-30 07:23 - 2014-04-30 07:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2017-02-24 21:52 - 2017-02-10 08:52 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2016-01-15 06:37 - 2017-02-03 09:42 - 00668960 _____ () E:\Steam\SDL2.dll

2016-01-15 06:37 - 2016-09-01 09:02 - 04969248 _____ () E:\Steam\v8.dll

2016-01-15 06:37 - 2016-09-01 09:02 - 01563936 _____ () E:\Steam\icui18n.dll

2016-01-15 06:37 - 2016-09-01 09:02 - 01195296 _____ () E:\Steam\icuuc.dll

2016-01-15 06:37 - 2017-03-14 06:04 - 02465056 _____ () E:\Steam\video.dll

2016-01-15 06:37 - 2016-01-27 15:49 - 02549760 _____ () E:\Steam\libavcodec-56.dll

2016-01-15 06:37 - 2016-01-27 15:49 - 00442880 _____ () E:\Steam\libavutil-54.dll

2016-01-15 06:37 - 2016-01-27 15:49 - 00491008 _____ () E:\Steam\libavformat-56.dll

2016-01-15 06:37 - 2016-01-27 15:49 - 00332800 _____ () E:\Steam\libavresample-2.dll

2016-01-15 06:37 - 2016-01-27 15:49 - 00485888 _____ () E:\Steam\libswscale-3.dll

2016-01-15 06:31 - 2017-03-14 06:04 - 00838944 _____ () E:\Steam\bin\chromehtml.DLL

2016-03-10 10:38 - 2016-07-05 06:17 - 00266560 _____ () E:\Steam\openvr_api.dll

2016-12-13 10:17 - 2017-01-31 05:41 - 68875552 _____ () E:\Steam\bin\cef\cef.win7\libcef.dll

2016-01-15 06:37 - 2017-03-14 06:04 - 00383776 _____ () E:\Steam\steam.dll

2016-01-15 06:37 - 2015-09-25 07:52 - 00119208 _____ () E:\Steam\winh264.dll

2017-03-12 15:42 - 2015-09-25 07:52 - 00119208 _____ () E:\Sandbox\Steambox\drive\C\S\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7932 more sites.

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12749 more sites.

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12749 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-27 22:20 - 2017-03-12 02:03 - 00454766 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 tonec.com

127.0.0.1 www.tonec.com

127.0.0.1 registeridm.com

127.0.0.1 www.registeridm.com

127.0.0.1 secure.registeridm.com

127.0.0.1 internetdownloadmanager.com

127.0.0.1 www.internetdownloadmanager.com

127.0.0.1 secure.internetdownloadmanager.com

127.0.0.1 mirror.internetdownloadmanager.com

127.0.0.1 mirror2.internetdownloadmanager.com

127.0.0.1 cap.cyberlink.com

127.0.0.1 activation.cyberlink.com127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

There are 15601 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Manectric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Electrike\AppData\Local\DisplayFusion\Wallpaper_1

DNS Servers: 8.8.8.8 - 203.12.160.35

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GBOSDV3.lnk => C:\Windows\pss\GBOSDV3.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^update_start.lnk => C:\Windows\pss\update_start.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Welcome.lnk => C:\Windows\pss\Welcome.lnk.CommonStartup

MSCONFIG\startupreg: CleanUp RzWizard => C:\Program Files (x86)\Razer\RzWizard\RzInstallerDeletion.vbs

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: SmartUpdate => C:\Program Files\Smart Update\urgent.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{ED44402E-6B9E-4DB1-B967-E19AA4AE59D5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{066D6F27-71F5-4E62-A6E1-7CBE8CC659B8}] => (Allow) LPort=2869

FirewallRules: [{DB872E6F-011D-4F33-9FAC-0FDC2FF78F8E}] => (Allow) LPort=1900

FirewallRules: [{8AA98205-C1F8-4F48-929E-28A6F5C66746}] => (Allow) E:\Steam\Steam.exe

FirewallRules: [{218FBBB7-0A07-424B-9DBA-25DEE324042F}] => (Allow) E:\Steam\Steam.exe

FirewallRules: [{BA275EC0-0E29-4CB2-851E-0DF94DD3B256}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe

FirewallRules: [{D7B7FE81-F7C1-4CC2-9A5D-3BFBC4F8B092}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe

FirewallRules: [{158CD4F6-032B-4273-826C-217282EBB367}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe

FirewallRules: [{1923CDDD-D237-42FD-8C23-BC5FB283A78E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe

FirewallRules: [{AE2A9A89-B88B-4683-B869-8B2EF65AD275}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{23E604FA-4DDA-45B1-9908-9EBFB959E3DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1B14BB29-0D4F-4A8C-8ABC-6888D216BD83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{42E4617A-5FCA-4251-8EFB-91382308D1CF}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe

FirewallRules: [{5915F504-940F-4CF9-8851-E2D9D34CCF8B}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe

FirewallRules: [{977B611B-A28C-4028-B3BC-1039ED8857E6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe

FirewallRules: [{6E11EF2F-6830-49D3-BD5C-667A4C9A40F6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe

FirewallRules: [{19406A0C-DDD7-46E7-A82F-38E6F9627D2A}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe

FirewallRules: [{2513EA08-BD87-41FE-A41B-2C727C0E0AA2}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe

FirewallRules: [{31FED2C9-495D-4342-8B10-7966E278394C}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe

FirewallRules: [{61BC3A19-BF39-4DD6-A1A6-0D58AEE19178}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe

FirewallRules: [{106113F8-9421-4270-820D-CC76EEA2A2B3}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe

FirewallRules: [{DBF93726-DD05-4DD9-BC9F-9948951E75B1}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe

FirewallRules: [{D0CE9C82-7250-46DC-94CF-0CA3B4E0A5AC}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{B70D3706-95ED-49E3-AF67-CBE783281915}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{B7138CFE-00E4-4F1A-B081-EAF371CC90C5}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{2DC418BB-D092-44D7-B9D5-2AAF21966D87}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{080F40DB-3587-4EB6-818C-FE2225702188}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{441B589F-AC8B-4E86-9F8A-536B5BB1D1BB}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{1AC40D78-85FC-44D5-97B1-05DE752CE4AB}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe

FirewallRules: [{16E5442B-B244-434D-89BC-122C4DC23666}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe

FirewallRules: [{0659532C-2FC0-41DE-A1FE-F884355EFCA2}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe

FirewallRules: [{E7546CF8-5893-4099-B834-70CE3F0A815D}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe

FirewallRules: [{0E8AC9E3-CCC1-4B56-A403-CAF7318C1872}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe

FirewallRules: [{0B8EAF10-34D3-4982-97C4-7B8909D7ABA1}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe

FirewallRules: [{4B4DA01D-819F-4EFF-A0FD-2C0BE6406682}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe

FirewallRules: [{54884BF2-8338-451F-B9E7-46AB96619750}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe

FirewallRules: [{E61D0B2A-5D79-4977-AF7D-2F0B7106C268}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe

FirewallRules: [{3DCB6A24-1389-4942-92D5-3843075404E4}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe

FirewallRules: [{DBA18D9C-8ACA-49E2-AAC4-3562035A8C57}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{BBEFBE26-BED3-48B4-B121-E489A3ADF5B1}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{33926AC4-D51F-4479-8FC0-6A47B2055EEF}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe

FirewallRules: [{1C996CF8-6816-406F-B0E0-7F5346B9A085}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe

FirewallRules: [{8EB3D9BC-0F02-45D3-9DAB-C24D00AB72C1}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{11A7FAF0-73F9-4D6F-BE83-AE1B847685DE}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{9BD875E2-2851-4332-AE83-1C609C0F596E}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe

FirewallRules: [{B64A9B7C-6C69-4C35-B792-9697435EB025}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe

FirewallRules: [{C7B05986-D0C4-4108-BF55-AA0DB2F9B964}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe

FirewallRules: [{86B27BFA-B00C-4819-AC2E-2698A8D1D867}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe

FirewallRules: [{0CB72F27-4441-44FA-9C5A-5441E38EE959}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{1D8F9B21-75A4-4095-925D-37EF588122EC}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{D1FBB2F4-3AEB-4A10-B314-1997BF169FD9}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe

FirewallRules: [{746B90D7-A441-49B8-9D00-634C77BA026A}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe

FirewallRules: [{DBE2503B-EFAA-4652-A651-B03A21CBF6F6}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe

FirewallRules: [{2DF07BBF-0773-4A95-9F7F-1E5853B86F17}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe

FirewallRules: [{53DFE6F9-4512-43A8-9878-0A28C814363E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe

FirewallRules: [{79D7B79F-14C8-41B4-AF2B-E5A83CD0A94E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe

FirewallRules: [{BE1625A0-5C22-4012-B36E-CBEB9D1D0B44}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe

FirewallRules: [{732E4072-52AD-437F-832B-8788A54BC722}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe

FirewallRules: [{B8112D4F-B895-48FD-A761-07233224E301}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe

FirewallRules: [{7B73DB18-60C1-48C2-8BC7-EDB9EA198B1A}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe

FirewallRules: [{DBB54C42-A404-4750-9EA6-CE7EC5EBF23F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe

FirewallRules: [{4394EE80-8ACE-407E-952B-CC4B6719971F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe

FirewallRules: [{ACA46DCF-C461-4ED4-BED5-2C3C4850A8F3}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe

FirewallRules: [{273E2CC8-617A-48CB-9CCF-B94AA9D96ECD}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe

FirewallRules: [{172E3FBA-DEE4-43F4-8A2D-B9B8D68CACA0}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe

FirewallRules: [{E94AD05B-C733-4A92-B5A2-BD09EB05A410}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe

FirewallRules: [{5D6F89F7-F555-4AFF-87D7-8917694FB047}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe

FirewallRules: [{4881C23D-6B79-4AC8-8E02-130174DB56C6}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe

FirewallRules: [{3FE16417-2CD9-440A-BB2C-706CE915A875}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe

FirewallRules: [{36087A05-0CF8-4B27-BDF8-9CF302C67AA5}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe

FirewallRules: [{1019BCF9-BD0D-4A13-9E3C-06A6AC454A6E}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe

FirewallRules: [{A00A786A-C640-42D3-BECB-E15D111B895D}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe

FirewallRules: [{085CECB5-F16A-4FEA-A367-635ECAF8AE68}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe

FirewallRules: [{9B0C99E4-2915-4FF2-808A-3D312E5B96A5}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe

FirewallRules: [{91F06AFB-8E75-44AB-B0C6-96E7EA655247}] => (Allow) E:\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe

FirewallRules: [{0967B77F-C7CF-4CB1-B661-58A2C9D4BD8A}] => (Allow) E:\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe

FirewallRules: [{283F00F6-FC06-4202-A2BC-1D6A71A602D5}] => (Allow) E:\Steam\steamapps\common\NZA\bin\NZA.exe

FirewallRules: [{DC835193-8257-4F17-8766-DF1FB666B42D}] => (Allow) E:\Steam\steamapps\common\NZA\bin\NZA.exe

FirewallRules: [{3E197E6E-E3C9-40F3-9604-1AB1DDD83215}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{262CE7D0-859A-4BCB-BF53-863D3E54387D}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{AE3F9038-B0B2-484A-A0B1-3D461F707A25}] => (Allow) E:\Steam\steamapps\common\DisplayFusion\DisplayFusionLauncher.exe

FirewallRules: [{88FFB1AB-B4BB-4CB1-8339-5C300B57DF88}] => (Allow) E:\Steam\steamapps\common\DisplayFusion\DisplayFusionLauncher.exe

FirewallRules: [{00D6D883-169F-4CD5-A134-1E5E3108437F}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe

FirewallRules: [{46943071-DCB0-4546-972B-D4B05FDE06AC}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe

FirewallRules: [{F980B93B-B3F1-4AA1-AD53-E7B190E3AAD7}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{A2B82D57-252F-4C4F-A1A7-A1188351003D}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{EAE36BAF-20C0-4176-B891-C93AAB4ED7DA}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe

FirewallRules: [{67C6681C-C526-4AC0-BED8-57D394792A05}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe

FirewallRules: [{EBD6F8DB-25EB-4CF6-9090-B5F73AD0A7D1}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe

FirewallRules: [{17F768BA-5DE3-4570-8749-48DE6DEE3874}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe

FirewallRules: [{F0BF232F-0E90-43F5-BAB8-9E1936900147}] => (Allow) E:\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe

FirewallRules: [{D8856E62-B3BA-457A-A248-9959B0346D43}] => (Allow) E:\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe

FirewallRules: [{AB2AE5A7-16A8-4447-A239-51F2FE8E1FF8}] => (Allow) E:\Steam\steamapps\common\Broforce\Broforce_beta.exe

FirewallRules: [{D0A56F3B-A64F-49EE-A0B5-9A4C1887BC00}] => (Allow) E:\Steam\steamapps\common\Broforce\Broforce_beta.exe

FirewallRules: [{554683F5-2875-4102-866B-E2927BD9EFF1}] => (Allow) E:\Steam\steamapps\common\Grid\grid.exe

FirewallRules: [{1DBBC372-00BA-42C8-BEFE-3B3A884381D7}] => (Allow) E:\Steam\steamapps\common\Grid\grid.exe

FirewallRules: [{E83FF4F2-6B3F-4B21-B9DC-9F432AE9D98B}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{D77029EA-9252-4050-A4DE-5A2CC74A9EA4}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{B776EDE2-9CD3-45DE-A25A-22B3D50AC5C1}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFEditor.exe

FirewallRules: [{4E67D89B-1B83-41DA-B727-2B2874D0239F}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFEditor.exe

FirewallRules: [{19A0D37B-FA82-4321-AE25-55588203A217}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\SDKFrontend.exe

FirewallRules: [{559BF878-03EA-4C81-A386-2C3BFC462225}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\SDKFrontend.exe

FirewallRules: [{66496B66-92ED-44AA-A642-DA5C257C9123}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{918EB967-F962-4314-BD81-2F28F8521144}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{8FDB7ABE-5DCF-4542-A141-3C9793D7DC3D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{3A591451-8A66-4923-A9AB-6346E9F97557}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{526EE4AE-3507-4266-B353-17A721CEC874}] => (Allow) E:\Steam\steamapps\common\XCom UFO Defense\dosbox.exe

FirewallRules: [{AC5DE1F3-4BE0-4DBD-B24D-B445FBEE3B09}] => (Allow) E:\Steam\steamapps\common\XCom UFO Defense\dosbox.exe

FirewallRules: [{512F06A7-AFB7-4145-AD29-42794DDD341E}] => (Allow) E:\Steam\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe

FirewallRules: [{8DC36634-33C8-4E4B-874E-894ED4F2B1FB}] => (Allow) E:\Steam\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe

FirewallRules: [{E1AF0320-DDA2-45D7-8071-AD597B84097F}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe

FirewallRules: [{15D6FF85-65B8-4C2C-9829-FD57567056D4}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

FirewallRules: [{87CA3F26-AE3E-445A-AD8E-2FA27074829A}] => (Allow) E:\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe

FirewallRules: [{53AB99E8-63AB-414E-AD57-CD1420A53428}] => (Allow) E:\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe

FirewallRules: [{6B1058F9-48A7-43A0-B735-FF3E11DCEFE3}] => (Allow) E:\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe

FirewallRules: [{25FC8068-B1D3-4219-BE8E-399467389486}] => (Allow) E:\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe

FirewallRules: [{464199AF-E7E6-4394-B850-124D7B616A2C}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe

FirewallRules: [{26767745-BC9E-4ADF-8146-5BEDAE24A855}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe

FirewallRules: [{5C7714B4-02FF-4607-94E0-9FB515E5E531}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe

FirewallRules: [{1B1E2960-FB4C-4BBB-A142-8B6C503C9A02}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe

FirewallRules: [{FD9CFDF3-17E1-4711-A3D2-06D9648D82C8}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe

FirewallRules: [{7BEEAB4F-9A78-41D2-AD8E-67AD02241823}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe

FirewallRules: [{4A22E1D3-267E-41B8-BD28-BA6D78667A89}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe

FirewallRules: [{6BEA73E4-3F8B-41BE-90D7-5CB88A72D889}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe

FirewallRules: [{5A5EA93C-58AF-486E-9DE6-74CA542004DF}] => (Allow) E:\Steam\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe

FirewallRules: [{7459045A-6894-4297-9CEF-43A8B0D9781F}] => (Allow) E:\Steam\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe

FirewallRules: [{89D2E6FA-5EB4-4CA2-8A3F-5E386B6A67D2}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe

FirewallRules: [{B02A18C5-A6EB-4EB8-B1A9-866D8F9F74A2}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe

FirewallRules: [{E9972893-BD74-4117-BB06-5F9EF2CAF303}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe

FirewallRules: [{D7916A5A-2760-44DC-970A-7D60E36FF048}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe

FirewallRules: [{0DC80C9F-6D3D-4913-AF9E-CE4002B8ED3A}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe

FirewallRules: [{0AAEAADE-CBD3-46C7-9CE0-CB92F4E77DA3}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe

FirewallRules: [{F5589897-B5DE-4A27-9919-D5E825B0C52C}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe

FirewallRules: [{C50E1C8E-2BC2-4EC3-8135-EB81498AC855}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Npcap Loopback Adapter

Description: Microsoft Loopback Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: msloop

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/14/2017 04:02:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64

Faulting module name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64

Exception code: 0xc0000005

Fault offset: 0x0004e010

Faulting process id: 0xf44

Faulting application start time: 0x01d29c98ae0b1fdf

Faulting application path: C:\Users\Electrike\Desktop\aswMBR.exe

Faulting module path: C:\Users\Electrike\Desktop\aswMBR.exe

Report Id: 931de159-088c-11e7-baa7-f81654f7d0d1

Error: (03/14/2017 03:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64

Faulting module name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64

Exception code: 0xc0000005

Fault offset: 0x0004e010

Faulting process id: 0x1d78

Faulting application start time: 0x01d29c97a57760f9

Faulting application path: C:\Users\Electrike\Downloads\aswMBR.exe

Faulting module path: C:\Users\Electrike\Downloads\aswMBR.exe

Report Id: 913c5637-088b-11e7-baa7-f81654f7d0d1

Error: (03/14/2017 03:49:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64

Faulting module name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64

Exception code: 0xc0000005

Fault offset: 0x0004e010

Faulting process id: 0x1f84

Faulting application start time: 0x01d29c96e1ec1386

Faulting application path: C:\Users\Electrike\Downloads\aswMBR.exe

Faulting module path: C:\Users\Electrike\Downloads\aswMBR.exe

Report Id: c9f865c4-088a-11e7-baa7-f81654f7d0d1

Error: (03/14/2017 11:48:56 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (03/14/2017 11:48:56 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (03/14/2017 11:48:56 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (03/13/2017 05:02:58 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (03/13/2017 05:02:58 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (03/13/2017 05:02:58 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (03/13/2017 04:48:25 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)

Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

System errors:

=============

Error: (03/14/2017 03:59:27 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer CHARMANDER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0326CB5A-1274-4DD9-8EB4-1BE8C95AE083}.

The master browser is stopping or an election is being forced.

Error: (03/14/2017 01:35:30 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer CHARMANDER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0326CB5A-1274-4DD9-8EB4-1BE8C95AE083}.

The master browser is stopping or an election is being forced.

Error: (03/14/2017 12:06:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Error: (03/14/2017 12:06:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/14/2017 11:52:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/14/2017 11:49:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Superfetch service terminated with the following error:

The system cannot find the file specified.

Error: (03/14/2017 11:49:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

VBoxNetAdp

Error: (03/14/2017 11:48:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Kaspersky Anti-Virus Service 16.0.0 service failed to start due to the following error:

The system cannot find the path specified.

Error: (03/14/2017 11:48:49 AM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (03/13/2017 07:28:14 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer CHARMANDER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0326CB5A-1274-4DD9-8EB4-1BE8C95AE083}.

The master browser is stopping or an election is being forced.

CodeIntegrity:

===================================

Date: 2016-01-22 13:37:14.199

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.198

Date: 2016-01-22 13:37:14.196

Date: 2016-01-22 13:37:14.194

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.193

Date: 2016-01-22 13:37:14.192

==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz

Percentage of memory in use: 34%

Total physical RAM: 16302.39 MB

Available physical RAM: 10661.18 MB

Total Virtual: 16300.58 MB

Available Virtual: 10371.83 MB

==================== Drives ================================

Drive b: (FRAPS) (Fixed) (Total:931.51 GB) (Free:867.86 GB) NTFS

Drive c: (SYSTEM) (Fixed) (Total:103.99 GB) (Free:21.62 GB) NTFS

Drive e: (Game Drive) (Fixed) (Total:1863.01 GB) (Free:1332.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 1863 GB) (Disk ID: E71727C5)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AEFDE666)

Partition 1: (Not Active) - (Size=15 GB) - (Type=27)

Partition 2: (Active) - (Size=260 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 69318C77)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 March 2017 - 05:04 AM

You have a lot going on on this system, not all bad but just so many games and programs it could be hard to try to determine whats causing the issues

Is your audio working ok, its possible that the file is infected, you can try uploading it to Jotti

You need to Enable Windows to Show all Files and Folders, you can find the instructions Here

Go to Jotti's Malware Scan and submit this file for analysis. Just Choose file and then Submit file , when done and the report loads just copy and paste the URL back into this thread for me to see

C:\Windows\system32\Audiosrv.dll<--This file

Did you set these group policies ?