hstpctech

Members

View Profile See their activity

Posts
4
Joined
January 16, 2017
Last visited
March 9, 2017

Reputation

0 Neutral

Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

hstpctech replied to hstpctech's topic in Resolved Malware Removal Logs

ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017 Ran by hunter (17-01-2017 13:31:59) Running from C:\Users\hunter\Downloads Windows 10 Pro Version 1511 (X64) (2016-07-22 18:54:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1832001657-1478313116-2804458420-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1832001657-1478313116-2804458420-503 - Limited - Disabled) Guest (S-1-5-21-1832001657-1478313116-2804458420-501 - Limited - Disabled) hunter (S-1-5-21-1832001657-1478313116-2804458420-1000 - Administrator - Enabled) => C:\Users\hunter ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) American Truck Simulator - Arizona (HKLM-x32\...\American Truck Simulator - Arizona_is1) (Version: - ) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.2 - Angry IP Scanner) Ansel (Version: 376.33 - NVIDIA Corporation) Hidden Assassin's Creed Rogue (HKLM-x32\...\Assassin's Creed Rogue_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Atom (HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\atom) (Version: 1.12.7 - GitHub Inc.) Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.0.873.0 - Autodesk) Autodesk 3ds Max 2016 (Version: 18.0.873.0 - Autodesk) Hidden Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk) Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk) Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk) AviSynth+ 0.1.0 r1841 (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 0.1.0.1841 - The Public) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender) BootRacer (HKLM-x32\...\{AAF04580-CE8A-4C52-98B9-0394654BC5A9}) (Version: 6.0.0.407 - Greatis Software, LLC) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.) Core Temp 1.2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.2 - Alcpu) Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - IPM T3 (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - RU (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation) CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CPUID PerfMonitor 2.04 (HKLM\...\CPUID PerfMonitor2_is1) (Version: 2.04 - CPUID, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0193 - Disc Soft Ltd) DiRT 3 Complete Edition (HKLM-x32\...\Steam App 321040) (Version: - Codemasters Racing Studio) DiRT Rally v1.1 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Far Cry: Primal (HKLM-x32\...\Far Cry: Primal_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Guitar Hero: Aerosmith (HKLM-x32\...\{46F42615-BA31-45A0-BE10-2D2119749E95}) (Version: 1.0 - Aspyr) HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd) Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Mafia 3 (HKLM-x32\...\Mafia 3_is1) (Version: - ) Mafia III Update v20161109 (HKLM\...\bWFmaWFpaWk_is1) (Version: 1 - ) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment) Marvel Puzzle Quest (HKLM\...\Steam App 234330) (Version: - Demiurge Studios) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Motorsport Manager (HKLM-x32\...\Motorsport Manager_is1) (Version: - ) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) NexusFile (5.3.3.5532) (HKLM-x32\...\{ED0FB0C1-CD06-4C29-B903-8A91D4BF5B61}_is1) (Version: - xiles) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Pamela Pro 4.9 (HKLM-x32\...\Pamela) (Version: 4.9 - PamConsult GmbH) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC) RaceRoom Racing Experience (HKLM\...\Steam App 211500) (Version: - Sector3 Studios) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc) Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.1.14.12241 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder) Security Task Manager 2.1h (HKLM-x32\...\Security Task Manager) (Version: 2.1h - Neuber Software) Sentinel Advance II (HKLM-x32\...\{0DED2A7B-DAB4-4F4D-9C49-346F276D8EEF}) (Version: 2.00.0000 - Cooler Master) SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden Sid Meiers Civilization VI (HKLM-x32\...\Sid Meiers Civilization VI_is1) (Version: - ) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) SMPlayer 15.11.0 (x64) (HKLM\...\SMPlayer) (Version: 15.11.0 - Ricardo Villalba) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) System Ninja version 3.1.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.6 - SingularLabs) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer) Tixati (HKLM-x32\...\tixati) (Version: - ) Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal) Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft) Uplay (HKLM-x32\...\Uplay) (Version: 19.0 - Ubisoft) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation) World of Guns: Gun Disassembly (HKLM\...\Steam App 262410) (Version: - Noble Empire Corp.) World of Warships (HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814asia}_is1) (Version: - Wargaming.net) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.442 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00A05DFC-C1A9-4533-954A-23B708BC7789} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0723CA27-358F-49FB-8764-19999AF963DF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-06] (NVIDIA Corporation) Task: {0EA03041-2829-4FD5-B73F-F4ACBC33A906} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {11983818-B98E-425B-A5B3-72BAF353D0B7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {241C48B2-0CA6-412C-8A98-8EF34846246B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {2484F853-8FD4-401A-A0D7-926CAC3B79D9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {299977D7-74F7-4168-8D8E-0159B1A1B396} - System32\Tasks\ASUS\i-Setup203927 => C:\Windows\Intel_Chipset_Win7-8_8-1_VER9401026\AsusSetup.exe [2013-08-22] (ASUSTeK Computer Inc.) Task: {34458B52-81BD-47D3-825C-FD25AD226C12} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {345EFA29-7F7E-4419-B95F-A1F74F08A124} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation) Task: {3BCD6C96-5CF7-462C-81E4-E7954A67C9F5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3EB8BFDB-0D26-4EA7-80CE-B3E3E07B4020} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {489AAE9D-858E-4AEE-8B06-F88E46B270F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-17] (Dropbox, Inc.) Task: {4E3DD0ED-9AE0-420F-BDAD-03D895DE036F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {5AAF1A52-59E5-4549-AF85-474EB1CDC885} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-23] (Adobe Systems Incorporated) Task: {6E45DE92-A133-47FF-B2DC-8971292C342D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7C3FCC29-C8C4-489B-9259-57D0A100C04D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-17] (Dropbox, Inc.) Task: {7DA9E55D-481D-4E02-BB88-FE3CEDC3B10B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8AB19FBA-8500-42B8-A498-ED240C7E6AE5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8CB72835-224B-4F02-AAA3-01340FB26738} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {945DF62E-300F-424E-9A3F-E51A6F4A5C27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.) Task: {94BC8F82-8045-49BB-AE0D-CEA7A6AE7DD0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {9A2DE454-3107-458A-A328-D9160C1F386E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation) Task: {A5860052-67A2-40A0-9E18-984B456DE74D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A67A6FD6-AFC3-4FD5-900F-044C219C39D8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B1948019-2965-4318-AC4C-8CECB34E8221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {B4EB4E3F-ADC9-4397-9512-F7E5D68A1C3A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B998F975-D752-4E15-A886-20662B7C3699} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-06] (NVIDIA Corporation) Task: {BA530D9E-B7F0-48FF-826B-11567491B868} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {BF6CD6D7-C0E9-4B76-8390-18D94E10973D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-06] (NVIDIA Corporation) Task: {C5F73CCB-D0BD-4308-96E1-BD5046038D34} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C7F1737C-BBE1-4B75-B90C-5796FCCFAF97} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CB5ED6F0-60E2-46B7-8C3A-FE115A309A27} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-06] (NVIDIA Corporation) Task: {CE9C2341-9C06-4BDA-B047-F794C1776DC1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E480491E-77B6-4E56-B06E-E1657031E7DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {FE350EC1-9257-400F-8FA9-780E2B8A6009} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {FE754F78-F923-408B-9F06-9EE2698C7250} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Jazz Radio Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ceccemkmbbmaaaegfhafhjfbbdindaof ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spice Client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=icklgohmolmmdagbigdkhhcgdechbeje ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Unlocker for WakeLockDetector.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bgeplmmblegmdackkcemjkpngngocgjp ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla ShortcutWithArgument: C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 15:17 - 2015-10-30 15:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 15:12 - 2016-12-14 15:12 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2016-12-14 15:12 - 2016-12-14 15:12 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll 2017-01-05 20:59 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-05 21:00 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2017-01-05 21:00 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2015-12-16 20:37 - 2013-06-04 17:41 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2016-03-22 05:47 - 2016-03-22 05:47 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-10-26 21:15 - 2017-01-06 09:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-26 21:15 - 2017-01-06 09:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-12-16 20:34 - 2016-12-12 02:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-10 04:02 - 2016-10-25 17:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-23 06:12 - 2016-03-29 15:00 - 00235008 _____ () C:\Windows\System32\mtf.dll 2016-04-27 14:10 - 2016-04-27 14:10 - 00260608 _____ () C:\Windows\System32\mtfserver.dll 2016-11-10 04:02 - 2016-10-25 17:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-07-23 03:28 - 2016-07-23 03:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-27 14:10 - 2016-04-27 14:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-23 06:13 - 2016-07-01 11:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-11-10 04:03 - 2016-10-25 15:01 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2015-03-07 08:07 - 2015-03-07 08:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2016-09-30 05:13 - 2016-09-30 05:13 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-07 08:07 - 2015-03-07 08:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2016-09-30 05:13 - 2016-09-30 05:13 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2015-12-16 20:55 - 2012-12-09 00:03 - 01763328 _____ () C:\Program Files (x86)\NexusFile\NexusFile.exe 2016-09-29 09:08 - 2016-09-29 09:08 - 00015360 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\CompanionApp.exe 2016-09-29 09:08 - 2016-09-29 09:08 - 04148736 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\CompanionApp.dll 2016-09-29 09:08 - 2016-09-29 09:08 - 00637440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\CompanionAppDeviceManager.dll 2016-07-23 04:11 - 2016-07-23 04:12 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-11-10 04:02 - 2016-10-25 12:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-10 04:02 - 2016-10-25 12:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-10 04:02 - 2016-10-25 12:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-10 04:02 - 2016-10-25 12:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-16 20:37 - 2017-01-15 17:36 - 00033936 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2015-12-16 20:37 - 2013-06-04 17:41 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2015-11-25 04:48 - 2015-11-25 04:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-25 04:46 - 2015-11-25 04:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-25 04:48 - 2015-11-25 04:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-25 04:48 - 2015-11-25 04:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-25 04:43 - 2015-11-25 04:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-25 04:48 - 2015-11-25 04:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-25 04:48 - 2015-11-25 04:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-25 04:48 - 2015-11-25 04:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-25 04:43 - 2015-11-25 04:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-25 04:43 - 2015-11-25 04:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-25 04:43 - 2015-11-25 04:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-25 04:46 - 2015-11-25 04:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-25 04:48 - 2015-11-25 04:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-25 04:47 - 2015-11-25 04:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-08 04:57 - 2015-12-08 04:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-25 04:47 - 2015-11-25 04:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-25 04:47 - 2015-11-25 04:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-25 04:47 - 2015-11-25 04:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-25 04:43 - 2015-11-25 04:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2015-12-17 18:48 - 2017-01-06 09:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-10-26 21:15 - 2017-01-06 09:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-26 21:15 - 2017-01-06 09:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-07-23 03:28 - 2016-07-23 03:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-07-23 03:28 - 2016-07-23 03:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2010-11-23 06:56 - 2010-11-23 06:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd 2014-05-14 07:26 - 2014-05-14 07:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd 2014-05-14 07:26 - 2014-05-14 07:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd 2014-05-14 07:26 - 2014-05-14 07:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd 2014-05-14 07:26 - 2014-05-14 07:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd 2010-11-23 06:57 - 2010-11-23 06:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll 2010-11-23 06:56 - 2010-11-23 06:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd 2010-11-23 06:57 - 2010-11-23 06:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd 2010-11-23 06:57 - 2010-11-23 06:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd 2011-02-16 02:17 - 2011-02-16 02:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll 2010-11-23 06:57 - 2010-11-23 06:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd 2014-05-14 07:26 - 2014-05-14 07:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd 2015-10-22 04:29 - 2015-10-22 04:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll 2015-10-22 04:29 - 2015-10-22 04:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll 2010-11-23 06:56 - 2010-11-23 06:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd 2015-06-27 07:09 - 2015-06-27 07:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll 2010-11-23 06:57 - 2010-11-23 06:57 - 00024064 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32pipe.pyd 2010-11-23 06:56 - 2010-11-23 06:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll 2010-11-23 06:57 - 2010-11-23 06:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd 2016-09-29 05:53 - 2016-09-29 05:53 - 02620112 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\ltc_host_ex.DLL 2010-11-23 06:57 - 2010-11-23 06:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd 2016-04-20 01:08 - 2016-04-20 01:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd 2011-02-16 02:17 - 2011-02-16 02:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll 2010-11-23 07:06 - 2010-11-23 07:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll 2013-05-10 07:52 - 2013-05-10 07:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll 2013-05-10 07:52 - 2013-05-10 07:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll 2013-05-10 07:52 - 2013-05-10 07:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll 2013-05-04 02:57 - 2013-05-04 02:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll 2013-05-04 02:56 - 2013-05-04 02:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll 2013-05-04 02:56 - 2013-05-04 02:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll 2013-05-04 02:57 - 2013-05-04 02:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll 2013-05-04 02:56 - 2013-05-04 02:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll 2013-05-04 02:57 - 2013-05-04 02:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll 2013-05-04 02:57 - 2013-05-04 02:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll 2013-05-04 02:57 - 2013-05-04 02:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll 2013-05-04 02:57 - 2013-05-04 02:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll 2016-10-26 21:15 - 2017-01-06 08:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-10-26 21:15 - 2017-01-06 08:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-10-26 21:15 - 2017-01-06 08:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-10-26 21:15 - 2017-01-06 08:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-10-26 21:15 - 2017-01-06 08:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-10-26 21:15 - 2017-01-06 08:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-10-26 21:15 - 2017-01-06 08:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-12-28 23:57 - 2017-01-06 08:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2016-07-23 02:56 - 2016-07-23 02:56 - 00679624 _____ () C:\Users\hunter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2013-12-13 10:47 - 2013-12-13 10:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac 2012-03-02 08:35 - 2012-03-02 08:35 - 00511488 _____ () C:\Program Files (x86)\Winamp\Plugins\lame_enc.dll 2015-12-16 21:31 - 2016-12-08 23:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-12-16 21:31 - 2016-09-01 09:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-12-16 21:31 - 2016-12-20 10:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll 2015-12-16 21:31 - 2016-09-01 09:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-12-16 21:31 - 2016-09-01 09:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-12-16 21:31 - 2016-01-27 15:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-12-16 21:31 - 2016-01-27 15:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-12-16 21:31 - 2016-01-27 15:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-12-16 21:31 - 2016-01-27 15:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-12-16 21:31 - 2016-01-27 15:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-12-16 21:31 - 2016-12-20 10:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 22:22 - 2016-07-05 06:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-13 10:49 - 2016-12-06 00:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-12-16 21:31 - 2016-12-20 10:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-12-16 21:31 - 2015-09-25 07:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2016-12-16 00:21 - 2016-12-08 15:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-16 00:21 - 2016-12-08 15:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\hunter\Downloads\autodetectutility.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\marvelheroesinstaller.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\OBS_0_657b_Installer.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\solutoinstaller-_wf2R6Jtq7HQ.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\Stagelight_2.4.5_Installer.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\UplayInstaller.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\vc_redist.x64.exe:BDU [0] AlternateDataStreams: C:\Users\hunter\Downloads\Windows10Upgrade9252.exe:BDU [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hunter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdAppMgrSvc => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{A3FE43B7-AD42-4551-8145-E85F2C99216B}] => C:2\win\SteamLibrary\SteamApps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe FirewallRules: [{BA2B28B1-7E55-44DF-B4C8-26A9D00EBFA8}] => C:2\win\SteamLibrary\SteamApps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe FirewallRules: [{486041ED-6118-433E-BE36-0D210AB3995B}] => C:2\win\SteamLibrary\SteamApps\common\WOG\disasm.exe FirewallRules: [{33DE9EEB-3E19-4ED6-9580-0F03C8667FB0}] => C:2\win\SteamLibrary\SteamApps\common\WOG\disasm.exe FirewallRules: [{075A4C19-088F-43A2-9B22-212EEA506DD7}] => C:2\win\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe FirewallRules: [{3C87B82D-2D95-4D1F-A6BE-3405A0349CA5}] => C:2\win\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe FirewallRules: [UDP Query User{271D9BBB-E20A-46BB-8C1B-078AAFD7C1DC}C:1\win\guitar hero aerosmith\guitar hero aerosmith.exe] => C:1\win\guitar hero aerosmith\guitar hero aerosmith.exe FirewallRules: [TCP Query User{C6F6FEB0-7F63-4E1A-84A8-3BA9CF7F8D26}C:1\win\guitar hero aerosmith\guitar hero aerosmith.exe] => C:1\win\guitar hero aerosmith\guitar hero aerosmith.exe FirewallRules: [{FEAB9451-1371-4302-88CF-95051FC7DB83}] => D:\win\War for the Overworld Heart of Gold\WFTOGame.exe FirewallRules: [{4521E4B8-3A7A-477D-B42A-604B60F04152}] => C:\win\Tom Clancy's The Division\TheDivision.exe FirewallRules: [{A476C640-5E92-41B3-A60B-0CA8483E841F}] => C:\Users\hunter\Downloads\solutoinstaller-_wf2R6Jtq7HQ.exe FirewallRules: [{0BB2846C-48DA-4ED3-ABBD-6FDAE744BCE8}] => C:\Users\hunter\Downloads\solutoinstaller-_wf2R6Jtq7HQ.exe FirewallRules: [{78A1A209-97C3-4042-9E25-05BE43AA38A3}] => C:2\win\SteamLibrary\SteamApps\common\Pinball FX2\Pinball FX2.exe FirewallRules: [{41745219-CE9A-46BE-849A-F97FD9504302}] => C:2\win\SteamLibrary\SteamApps\common\Pinball FX2\Pinball FX2.exe FirewallRules: [{41A4CE5A-9FA0-44FE-91A8-28350A177C48}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{1C5E733C-CCEA-49ED-BE09-959C7CB86459}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [UDP Query User{CCFA2DFF-7947-4940-89F6-A50CB4B7C148}C:1\win\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => C:1\win\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe FirewallRules: [TCP Query User{7A3F1940-A1EF-4D99-ACCE-9D25658E6AE4}C:1\win\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => C:1\win\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe FirewallRules: [UDP Query User{E472CB57-0888-4C78-B43F-42D00FEFC829}C:1\win\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => C:1\win\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe FirewallRules: [TCP Query User{A9A422DB-91C4-48BC-9156-36B1ACEFFC7E}C:1\win\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => C:1\win\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe FirewallRules: [UDP Query User{6B8FB306-4E1E-495E-9618-11C4F95B1145}C:\win\total war. attila\attila.exe] => C:\win\total war. attila\attila.exe FirewallRules: [TCP Query User{13A26D5C-1D0B-4A0A-A58E-57DC2873E2B1}C:\win\total war. attila\attila.exe] => C:\win\total war. attila\attila.exe FirewallRules: [{E7B22D01-642D-4721-92D4-77BE6C4BEB11}] => C:2\win\SteamLibrary\SteamApps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{65B72571-C3DF-416F-AE6B-4C88AD3FA238}] => C:2\win\SteamLibrary\SteamApps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [UDP Query User{C1366E73-80C9-454B-8811-40829262F9FF}C:1\win\armored warfare mycom\bin64\armoredwarfare.exe] => C:1\win\armored warfare mycom\bin64\armoredwarfare.exe FirewallRules: [TCP Query User{FF92D8D7-FD97-41D5-B9A1-99054CC90F2D}C:1\win\armored warfare mycom\bin64\armoredwarfare.exe] => C:1\win\armored warfare mycom\bin64\armoredwarfare.exe FirewallRules: [UDP Query User{CC21F6BE-17F7-4DE6-8770-0A91AAB76D58}C:\users\hunter\appdata\local\mycomgames\mycomgames.exe] => C:\users\hunter\appdata\local\mycomgames\mycomgames.exe FirewallRules: [TCP Query User{7147C411-C824-41AB-AE43-F1ACBFE7B4D1}C:\users\hunter\appdata\local\mycomgames\mycomgames.exe] => C:\users\hunter\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{915C8943-86BB-4135-8354-5DBE8CE32625}C:1\win\max payne 3\maxpayne3.exe] => C:1\win\max payne 3\maxpayne3.exe FirewallRules: [TCP Query User{46EEE7A2-88B6-4D28-9C21-F12F9FC9A047}C:1\win\max payne 3\maxpayne3.exe] => C:1\win\max payne 3\maxpayne3.exe FirewallRules: [UDP Query User{8AAA289A-A4B0-4593-89B8-41C6DA533305}C:\win\total war attila\attila.exe] => C:\win\total war attila\attila.exe FirewallRules: [TCP Query User{D70ADEB1-294E-4C76-9B2A-D49A311B6FCE}C:\win\total war attila\attila.exe] => C:\win\total war attila\attila.exe FirewallRules: [UDP Query User{346C497B-6F8A-4575-BD39-2D61021514BB}I:\win\total war - rome ii\rome2.exe] => I:\win\total war - rome ii\rome2.exe FirewallRules: [TCP Query User{50750C6F-36E9-4982-BA7E-B9F0C2CCB02B}I:\win\total war - rome ii\rome2.exe] => I:\win\total war - rome ii\rome2.exe FirewallRules: [UDP Query User{F4032074-65B3-4C18-8712-D06493236AC1}C:1\win\xcom 2\binaries\win64\xcom2.exe] => C:1\win\xcom 2\binaries\win64\xcom2.exe FirewallRules: [TCP Query User{D874D858-1641-4F70-ABC0-D018C1D275C0}C:1\win\xcom 2\binaries\win64\xcom2.exe] => C:1\win\xcom 2\binaries\win64\xcom2.exe FirewallRules: [UDP Query User{33A23CE2-D00B-4CC1-A3FB-9B0B3EE6DF7B}C:1\win\company of heroes 2 - ardennes assault\reliccoh2.exe] => C:1\win\company of heroes 2 - ardennes assault\reliccoh2.exe FirewallRules: [TCP Query User{DE453E6F-7420-42A0-8CB7-8E8CCEE0567E}C:1\win\company of heroes 2 - ardennes assault\reliccoh2.exe] => C:1\win\company of heroes 2 - ardennes assault\reliccoh2.exe FirewallRules: [UDP Query User{AB33FCCA-EE79-446A-8EB6-44770D3B8486}C:\win\xcom 2\binaries\win64\xcom2.exe] => C:\win\xcom 2\binaries\win64\xcom2.exe FirewallRules: [TCP Query User{721F25E6-F2FA-4061-A4E7-11BB51D1B3A2}C:\win\xcom 2\binaries\win64\xcom2.exe] => C:\win\xcom 2\binaries\win64\xcom2.exe FirewallRules: [UDP Query User{E9406013-80B0-4233-BEE6-EADB76CB8180}C:1\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => C:1\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe FirewallRules: [TCP Query User{F8F91D40-33C5-4B99-8005-14FEB4A70CDD}C:1\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => C:1\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe FirewallRules: [UDP Query User{3B5BF6C1-51B0-4820-B02A-221252853A1B}C:1\win\bombshell\binaries\win64\bombshell.exe] => C:1\win\bombshell\binaries\win64\bombshell.exe FirewallRules: [TCP Query User{5C0640B2-CDAC-493D-8B4D-FF74445BDD5C}C:1\win\bombshell\binaries\win64\bombshell.exe] => C:1\win\bombshell\binaries\win64\bombshell.exe FirewallRules: [{560C5AEA-DA5B-44D5-9C2D-21720E5690E6}] => C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe FirewallRules: [{02BE516E-8AFC-4777-9718-F09325B176C3}] => C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe FirewallRules: [UDP Query User{9F85E532-C76D-4DED-B8DC-526863F19EE1}C:\win\call of duty - black ops 3\blackops3.exe] => C:\win\call of duty - black ops 3\blackops3.exe FirewallRules: [TCP Query User{36D9FF78-F31C-49B3-9445-52B6E0ED7E87}C:\win\call of duty - black ops 3\blackops3.exe] => C:\win\call of duty - black ops 3\blackops3.exe FirewallRules: [UDP Query User{C9B65B24-A7EB-48A8-8C57-A2879B71C96E}C:\win\assassin s creed chronicles india\binaries\win32\accgame-win32-shipping.exe] => C:\win\assassin s creed chronicles india\binaries\win32\accgame-win32-shipping.exe FirewallRules: [TCP Query User{285D6FA4-7E50-429A-ABC2-816983F64116}C:\win\assassin s creed chronicles india\binaries\win32\accgame-win32-shipping.exe] => C:\win\assassin s creed chronicles india\binaries\win32\accgame-win32-shipping.exe FirewallRules: [UDP Query User{9D3F0F2D-0808-4AC0-AC7F-3957CD391B7A}C:\win\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => C:\win\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe FirewallRules: [TCP Query User{810A500E-BB1E-4A3A-AA45-7A1D4BB9F565}C:\win\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => C:\win\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe FirewallRules: [{001A0CAB-1477-46E5-A2FF-C11273123E69}] => C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{2EBC1EAC-B32C-4A56-9FC1-F9FC061C0028}] => C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{D9529FA9-0056-4904-8EBA-A63B6263F1FE}] => C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{ACFADD15-DCE9-43BD-93B4-595E99BB295A}] => C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [UDP Query User{54AB51E4-83F2-4B4E-A5A9-03A3E6285FE7}C:0\win\total war - shogun 2\shogun2.exe] => C:0\win\total war - shogun 2\shogun2.exe FirewallRules: [TCP Query User{7E9785A6-C2FC-41E5-8947-B621844170D6}C:0\win\total war - shogun 2\shogun2.exe] => C:0\win\total war - shogun 2\shogun2.exe FirewallRules: [{A53D4CD3-7338-4E18-8347-51C952A0C1B2}] => C:2\win\SteamLibrary\SteamApps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe FirewallRules: [{BDE810E3-F0D1-4137-B6F3-2522B628B8FF}] => C:2\win\SteamLibrary\SteamApps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe FirewallRules: [UDP Query User{AFE40476-BD9A-4A64-816B-80432B0D0E44}I:\win\nfsmw\nfs13.exe] => I:\win\nfsmw\nfs13.exe FirewallRules: [TCP Query User{6DF2581A-ADE8-4D53-A5DD-694FA48C49C0}I:\win\nfsmw\nfs13.exe] => I:\win\nfsmw\nfs13.exe FirewallRules: [{70F8FBA7-C15B-4B7A-A7AB-4AD4986A0D22}] => i:\win\World_of_Warships\worldofwarships.exe FirewallRules: [{11D0CD69-DEAD-4C75-B7E7-E9078E056588}] => i:\win\World_of_Warships\worldofwarships.exe FirewallRules: [{C565B29E-8EAA-48E6-B827-01931AA7FFC7}] => i:\win\World_of_Warships\WoWSLauncher.exe FirewallRules: [{31191B2C-D280-4640-8329-A93CB68C0FEB}] => i:\win\World_of_Warships\WoWSLauncher.exe FirewallRules: [{00D19A37-3D85-41EA-9B18-7782A0F5A04C}] => C:\win\World_of_Warships\worldofwarships.exe FirewallRules: [{09A376B2-023D-4D3B-BC13-0A0240D04F5E}] => C:\win\World_of_Warships\worldofwarships.exe FirewallRules: [{96E54791-7721-48E6-BA32-A6D8DC6DE702}] => C:\win\World_of_Warships\WoWSLauncher.exe FirewallRules: [{620D36E7-3AC1-4F2B-9350-623DFE080A0C}] => C:\win\World_of_Warships\WoWSLauncher.exe FirewallRules: [{D74E94E0-220D-4340-BF79-6BE00832989E}] => C:0\win\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe FirewallRules: [{B84628A3-C1E4-43DC-8208-CC960D07B3E9}] => C:0\win\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe FirewallRules: [{23F9BA15-D360-4D96-9A91-61CC7CB280B5}] => C:0\win\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe FirewallRules: [{CA5FBB53-4C98-448B-818B-BD45E7D8BAE3}] => C:0\win\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe FirewallRules: [UDP Query User{74E037B6-76F2-4F9D-A43B-A30B9405B7E1}C:0\win\dying light\dyinglightgame.exe] => C:0\win\dying light\dyinglightgame.exe FirewallRules: [TCP Query User{207AE11A-C3A6-4AA8-9CFA-7FA0FF259C1C}C:0\win\dying light\dyinglightgame.exe] => C:0\win\dying light\dyinglightgame.exe FirewallRules: [{9DBE6E21-A71E-4434-9A7D-2683603EC8E0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9765D15B-26CE-4523-BAAE-9841219DC0B2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{77B42F3B-48C5-4C50-9EC4-76AFEA8E17B5}C:\program files\tixati\tixati.exe] => C:\program files\tixati\tixati.exe FirewallRules: [TCP Query User{D012B574-4FF0-40F4-B45F-0ACA6DF3AFED}C:\program files\tixati\tixati.exe] => C:\program files\tixati\tixati.exe FirewallRules: [{6C1B8A72-CF98-4472-B22A-C54354B05F86}] => C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe FirewallRules: [{4C48492B-4550-4169-A3CE-54A027CF324F}] => C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe FirewallRules: [{7FC5EED5-84F0-4E17-96EE-8BFA9EBE0D64}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{280BEC8F-967F-4527-B511-8C66DFC71957}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A720C95D-BD1E-40F9-9848-AA8DD06A3153}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6E6B5640-E9F3-4D8C-A3DB-AC85661F974E}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8D6A24A8-9887-4D80-8B53-508AE73982A9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1FAB3B41-F4A4-4E9B-A7E2-E7575F9BA790}] => C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{17477ADA-7E9E-42EB-ABC7-D72FEE621A9D}] => C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{327E314B-84E5-41CA-A823-329BCBBB7E3F}C:2\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => C:2\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe FirewallRules: [UDP Query User{3614C5F0-95AF-4A0C-8930-4F852BFC6CD5}C:2\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe] => C:2\win\marvel heroes game\unrealengine3\binaries\win64\marvelheroes2016.exe FirewallRules: [{567167DF-B06B-4DBC-9145-34AC8D2CEA93}] => C:1\win\ABZU\Steam\Steam.exe FirewallRules: [{D7147501-B65C-45E7-A17A-F7FE05B8414D}] => C:1\win\ABZU\Steam\Steam.exe FirewallRules: [{35962BE7-92B2-4E3F-BB15-A0A719557794}] => C:1\win\ABZU\Steam\bin\steamwebhelper.exe FirewallRules: [{2A348761-54D0-4829-90EB-684181790114}] => C:1\win\ABZU\Steam\bin\steamwebhelper.exe FirewallRules: [{D373F08F-120D-4928-97EE-344398F56E62}] => C:3\win\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe FirewallRules: [{9901B59C-D38F-4871-9FDB-0525A26F06E7}] => C:3\win\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe FirewallRules: [{2F03D2B1-6BFE-4B70-BC34-78FDBCFACAAA}] => C:3\win\SteamLibrary\SteamApps\common\Pinball FX2\Pinball FX2.exe FirewallRules: [{AF3C1C3E-C1A6-4DC3-B8F6-84528D0DF120}] => C:3\win\SteamLibrary\SteamApps\common\Pinball FX2\Pinball FX2.exe FirewallRules: [{275C4617-A3F9-4A02-865E-B4775DCA581E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E6220AD6-23EF-4392-BE5B-5FE841E8B736}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3135B878-BB0C-40FB-81A7-B17F8F75325C}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0B86CCE1-969A-48F0-9746-D2E422017608}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7DCE367A-1796-431B-B60A-C4DB36D9413B}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{5B01C03C-903E-4C59-805F-B1899164DD8A}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{422CB5BD-CEE2-469F-81D0-EA6BAEF1CCAB}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0D78E931-2D90-467B-B1CF-F666CA425476}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0D96FD59-B181-4EB8-AA38-5CA2CF1616CD}] => C:0\win\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{34662A3E-EB5C-4584-8B55-F5DD9BB7B9C1}] => C:0\win\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{A533B5CA-B247-47FC-B4C5-F3A86F787A58}] => C:0\win\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{BA2DD18A-2745-4FD8-A02D-24B9FF267A69}] => C:0\win\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [TCP Query User{C2C59019-1D42-4F4B-864E-C74847783831}C:1\win\total war - shogun 2\shogun2.exe] => C:1\win\total war - shogun 2\shogun2.exe FirewallRules: [UDP Query User{D0873DEC-3F20-49F0-88CB-53D966ACFBC5}C:1\win\total war - shogun 2\shogun2.exe] => C:1\win\total war - shogun 2\shogun2.exe FirewallRules: [{D6DC4568-CF16-442D-96B2-6AE1747E71B2}] => C:3\win\SteamLibrary\SteamApps\common\DiRT 3\dirt3.exe FirewallRules: [{8E487A06-A687-42B1-81A7-A99AC5E7C658}] => C:3\win\SteamLibrary\SteamApps\common\DiRT 3\dirt3.exe FirewallRules: [TCP Query User{6C0B415E-234D-4500-ABE9-E185CF20BB57}C:3\win\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe] => C:3\win\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe FirewallRules: [UDP Query User{733FA201-AAC7-4C5F-BF73-40F7CAF96F8D}C:3\win\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe] => C:3\win\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe FirewallRules: [{22A84353-0980-447A-9FCD-D0ED77975452}] => C:3\win\SteamLibrary\SteamApps\common\WOG\disasm.exe FirewallRules: [{C1D1EEA6-42DF-4073-9458-FD4E35641D59}] => C:3\win\SteamLibrary\SteamApps\common\WOG\disasm.exe FirewallRules: [TCP Query User{4FC7EE6D-3423-4660-8DF4-AED8A2805F9A}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{0A839126-92CB-4695-8AFB-99BB0041B706}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe FirewallRules: [{D21DFB00-EC5F-41C8-A0C5-B4884D66147C}] => C:3\win\SteamLibrary\SteamApps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe FirewallRules: [{58ACAD8F-C56E-457A-9151-25D45FD4B1CD}] => C:3\win\SteamLibrary\SteamApps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe FirewallRules: [TCP Query User{4B260C69-0F04-4D24-8B17-B3F0E1F583AA}C:1\win\call of duty infinite warfare\iw7_ship.exe] => C:1\win\call of duty infinite warfare\iw7_ship.exe FirewallRules: [UDP Query User{B80319A8-72E0-4C4E-A7DF-907D36B8AD79}C:1\win\call of duty infinite warfare\iw7_ship.exe] => C:1\win\call of duty infinite warfare\iw7_ship.exe FirewallRules: [{F5280505-7F60-4C3D-9723-86903AB76725}] => G:\win\SteamLibrary\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe FirewallRules: [{13763057-4FA5-445B-9D37-D70FE129CA27}] => G:\win\SteamLibrary\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe FirewallRules: [TCP Query User{1F4296DF-0033-49DB-B3EA-490361CFD8AE}G:\win\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => G:\win\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe FirewallRules: [UDP Query User{0E97F8E9-E301-4949-B4C0-3F6857433682}G:\win\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => G:\win\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe FirewallRules: [{9A57FB0A-76B8-4487-985D-67619237EA34}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{93CE3A8F-51A3-4D8F-9807-4AAF4950281E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7A965FF1-06F2-42C8-B4DE-CA1DF69991F1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{75CA61D3-E34C-40CD-BCD1-2B4631671050}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{5C84622B-326C-4B4E-9E75-E04AE8E16A19}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{8EEA6C87-2FC6-4B1D-BF0B-E745251BA14D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{F5152743-00A0-4AAC-953D-C67D5C969414}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CD8143F3-4C2F-44B1-B552-8B8A9F9340EE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DB2ABDD8-7B18-4868-966E-AD3B96DD77B4}] => C:0\win\SteamLibrary\steamapps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe FirewallRules: [{6AAC3E9E-3A57-4562-9C49-C5B3381DE7B2}] => C:0\win\SteamLibrary\steamapps\common\Marvel Puzzle Quest\Binaries\PC\Ship\Marvel Puzzle Quest.exe FirewallRules: [TCP Query User{D317CC85-FD9B-43E8-A4FD-C80018A6852D}C:\win\far cry - primal\bin\fcprimal.exe] => C:\win\far cry - primal\bin\fcprimal.exe FirewallRules: [UDP Query User{BAE4C70F-AE11-418A-B858-54A61C599428}C:\win\far cry - primal\bin\fcprimal.exe] => C:\win\far cry - primal\bin\fcprimal.exe FirewallRules: [{5B2B223B-CD55-44DC-8CF1-03A1CB356094}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 06-01-2017 14:46:47 Scheduled Checkpoint 10-01-2017 18:21:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 15-01-2017 16:31:58 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/16/2017 08:39:15 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2. The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid. Error: (01/15/2017 07:21:07 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "aspnet_state" in DLL "aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/15/2017 07:21:07 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/15/2017 07:21:07 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ASP.NET" in DLL "aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/15/2017 05:36:43 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (01/15/2017 05:22:31 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2. The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid. Error: (01/15/2017 05:15:27 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2. The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid. Error: (01/15/2017 04:32:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (01/15/2017 04:18:32 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2. The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid. Error: (01/12/2017 09:14:55 AM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. System errors: ============= Error: (01/15/2017 05:36:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_558c3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/15/2017 05:36:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_558c3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/15/2017 05:36:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_558c3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/15/2017 05:36:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_558c3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/15/2017 05:36:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (01/15/2017 05:35:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the NVIDIA LocalSystem Container service, but this action failed with the following error: An instance of the service is already running. Error: (01/15/2017 05:35:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (01/15/2017 05:35:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (01/15/2017 05:35:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/15/2017 05:35:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-01-16 03:48:39.877 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-14 15:07:54.718 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-12 04:29:33.876 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-11 08:15:09.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-11 01:39:33.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-09 11:26:20.428 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-09 02:47:07.791 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-27 03:59:39.779 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-17 02:20:28.535 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-16 04:44:56.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Percentage of memory in use: 73% Total physical RAM: 8130.75 MB Available physical RAM: 2178.12 MB Total Virtual: 16322.75 MB Available Virtual: 6781.46 MB ==================== Drives ================================ Drive c: (mx100) (Fixed) (Total:238.03 GB) (Free:43.12 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (sys_640) (Fixed) (Total:125.88 GB) (Free:12.5 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (win7) (Fixed) (Total:117.18 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (dropbox_0) (Fixed) (Total:97.66 GB) (Free:20.6 GB) NTFS Drive g: (dat_0) (Fixed) (Total:3139.96 GB) (Free:15.1 GB) NTFS Drive h: (games) (Fixed) (Total:1462.63 GB) (Free:28.13 GB) NTFS Drive i: (DT290) (Fixed) (Total:283.2 GB) (Free:3.69 GB) NTFS Drive w: (ntfs1t) (Fixed) (Total:1562.5 GB) (Free:35.16 GB) NTFS ==>[system with boot components (obtained from drive)] Drive x: (dat_640) (Fixed) (Total:382.4 GB) (Free:66.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: DD2438DB) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D90AAFA1) Partition 1: (Active) - (Size=1562.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=300.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 99E9633E) Partition 1: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1745.8 GB) - (Type=OF Extended) ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: EFE7F7D4) Partition 1: (Active) - (Size=125.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=382.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=55.9 GB) - (Type=83) Partition 4: (Not Active) - (Size=32 GB) - (Type=05) ==================== End of Addition.txt ============================
- January 17, 2017
- 4 replies
Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

hstpctech replied to hstpctech's topic in Resolved Malware Removal Logs

FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017 Ran by hunter (administrator) on HUNTER-PC (17-01-2017 13:31:29) Running from C:\Users\hunter\Downloads Loaded Profiles: hunter (Available Profiles: hunter) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe () C:\Program Files (x86)\NexusFile\NexusFile.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\CompanionApp.exe (Tixati Software Inc.) C:\Program Files\tixati\tixati.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-30] (Logitech Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14109936 2017-01-13] (Zemana Ltd.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-29] (Raptr, Inc) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-06] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\Bootrace.exe [4774840 2016-05-23] (Greatis Software) HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1 HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation) HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-07-29] (Disc Soft Ltd) HKU\S-1-5-21-1832001657-1478313116-2804458420-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [1251 2017-01-15] () ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{04542c21-587c-485b-97ea-9fb504cf6a03}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{d5ed222a-7ca3-4b21-82ee-d141301c22a6}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\S-1-5-21-1832001657-1478313116-2804458420-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation) Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File FireFox: ======== FF DefaultProfile: ssfl1jgc.default FF ProfilePath: C:\Users\hunter\AppData\Roaming\Mozilla\Firefox\Profiles\ssfl1jgc.default [2017-01-16] FF Homepage: Mozilla\Firefox\Profiles\ssfl1jgc.default -> about:home FF Session Restore: Mozilla\Firefox\Profiles\ssfl1jgc.default -> is enabled. FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\hunter\AppData\Roaming\Mozilla\Firefox\Profiles\ssfl1jgc.default\Extensions\artur.dubovoy@gmail.com [2017-01-07] FF Extension: (Video DownloadHelper) - C:\Users\hunter\AppData\Roaming\Mozilla\Firefox\Profiles\ssfl1jgc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-31] FF Extension: (Flash and Video Download) - C:\Users\hunter\AppData\Roaming\Mozilla\Firefox\Profiles\ssfl1jgc.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-11-02] FF Extension: (DownThemAll!) - C:\Users\hunter\AppData\Roaming\Mozilla\Firefox\Profiles\ssfl1jgc.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-30] FF Extension: (Bitdefender QuickScan) - C:\Users\hunter\AppData\Roaming\Mozilla\Firefox\Profiles\ssfl1jgc.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-01-16] FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-23] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-23] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default [2017-01-17] CHR Extension: (Google Slides) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-16] CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-07-01] CHR Extension: (Google Docs) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16] CHR Extension: (Google Drive) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16] CHR Extension: (TV) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-12-16] CHR Extension: (Web Developer) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-07-23] CHR Extension: (Unlocker for WakeLockDetector) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeplmmblegmdackkcemjkpngngocgjp [2016-11-03] CHR Extension: (YouTube) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16] CHR Extension: (Jazz Radio Player) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceccemkmbbmaaaegfhafhjfbbdindaof [2016-08-20] CHR Extension: (TrafficLight) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-12-16] CHR Extension: (uBlock Origin) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20] CHR Extension: (Videostream for Google Chromecast™) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-12-26] CHR Extension: (Google Search) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16] CHR Extension: (Dropbox for Gmail) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-14] CHR Extension: (Blur) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2017-01-06] CHR Extension: (Google Sheets) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-16] CHR Extension: (Word Online) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-03-14] CHR Extension: (Google Docs Offline) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (AdBlock) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29] CHR Extension: (Avast Online Security) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-18] CHR Extension: (Pinterest Save Button) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-03] CHR Extension: (CloudConvert) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-03] CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-12-16] CHR Extension: (Spice Client) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\icklgohmolmmdagbigdkhhcgdechbeje [2015-12-16] CHR Extension: (Dropbox) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-12-16] CHR Extension: (Shodan) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjalcfnidlmpjhdfepjhjbhnhkbgleap [2015-12-16] CHR Extension: (Grammarly for Chrome) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-12-21] CHR Extension: (Autodesk Homestyler) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-08-18] CHR Extension: (Codenvy) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefigjbiimiemfhjmibbgemkpenelmag [2016-08-04] CHR Extension: (Sketchpad) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-12-16] CHR Extension: (Lightshot (screenshot tool)) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-09-05] CHR Extension: (NodeFire HTML5 Menu Builder) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mejleipjfgbhnkmedifmppclnbofncdp [2015-12-16] CHR Extension: (OneDrive) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-12-16] CHR Extension: (WeatherBug) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-12-16] CHR Extension: (LocalChromecast Player) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2015-12-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-12-29] CHR Extension: (100,000 Stars) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkpogjemoijmdgemngpdohpcclgegjg [2015-12-16] CHR Extension: (Simple EPUB Reader) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-05-19] CHR Extension: (Gmail) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16] CHR Extension: (Chrome Media Router) - C:\Users\hunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-11] () R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [87992 2016-05-10] (Greatis Software, LLC) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-17] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-17] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-06] (Dropbox, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-12-14] (Bitdefender) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-30] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) S3 mi-raysat_3dsmax2016_64; H:\win\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-12] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-06] (NVIDIA Corporation) R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-28] (Plays.tv, LLC) S4 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-03-22] () R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-06] (Razer Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14109936 2017-01-13] (Zemana Ltd.) S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [34416 2016-03-24] (AnvSoft Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-06-04] () S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 Capsax64Drv; C:\WINDOWS\System32\Drivers\Capsax64Drv.sys [35976 2014-08-15] (Colasoft Co., Ltd.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-16] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-24] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] () R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-30] (Logitech Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-10] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-15] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-15] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-15] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-17] (Malwarebytes) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] () R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-03-11] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-03-31] (Razer, Inc.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed] S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-16] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-16] (Zemana Ltd.) U3 aspnet_state; no ImagePath S3 dbx; system32\DRIVERS\dbx.sys [X] S3 RTTEAMPT; \SystemRoot\system32\DRIVERS\RtTeam620.sys [X] S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-17 13:31 - 2017-01-17 13:31 - 00030210 _____ C:\Users\hunter\Downloads\FRST.txt 2017-01-17 13:31 - 2017-01-17 13:31 - 00000000 ____D C:\FRST 2017-01-17 13:30 - 2017-01-17 13:31 - 02419200 _____ (Farbar) C:\Users\hunter\Downloads\FRST64.exe 2017-01-17 05:25 - 2017-01-17 05:25 - 00155276 _____ C:\Users\hunter\Downloads\1093402698399664255.webp 2017-01-17 05:25 - 2017-01-17 05:25 - 00109046 _____ C:\Users\hunter\Downloads\minghueiw 1025266758401672036.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00373978 _____ C:\Users\hunter\Downloads\17602454582584541963.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00370196 _____ C:\Users\hunter\Downloads\18058817096185415201.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00214288 _____ C:\Users\hunter\Downloads\14484548253208868903.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00169986 _____ C:\Users\hunter\Downloads\2148400260250035046.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00126874 _____ C:\Users\hunter\Downloads\2744415668020239603.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00117592 _____ C:\Users\hunter\Downloads\858426505526435004.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00066420 _____ C:\Users\hunter\Downloads\6572949114969316327.webp 2017-01-17 04:51 - 2017-01-17 04:51 - 00051034 _____ C:\Users\hunter\Downloads\huashao 7278796810487259511.webp 2017-01-16 20:37 - 2017-01-17 13:31 - 00155306 _____ C:\WINDOWS\ZAM.krnl.trace 2017-01-16 20:37 - 2017-01-17 13:31 - 00144185 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-01-16 20:37 - 2017-01-16 20:37 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-01-16 20:37 - 2017-01-16 20:37 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-01-16 20:37 - 2017-01-16 20:37 - 00001226 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-01-16 20:37 - 2017-01-16 20:37 - 00000000 ____D C:\Users\hunter\AppData\Local\Zemana 2017-01-16 20:37 - 2017-01-16 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-01-16 20:37 - 2017-01-16 20:37 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-01-16 20:36 - 2017-01-16 20:37 - 05477392 _____ ( ) C:\Users\hunter\Downloads\Zemana.AntiMalware.Setup.exe 2017-01-15 19:32 - 2017-01-15 19:32 - 00850671 _____ C:\Users\hunter\Downloads\2017-01-15 - Amberloom Website Checker Report.pdf 2017-01-15 18:25 - 2017-01-15 18:25 - 00880920 _____ (www.privacyroot.com) C:\Users\hunter\Downloads\setup_wipe.exe 2017-01-15 17:25 - 2017-01-15 17:36 - 00000000 ____D C:\AdwCleaner 2017-01-15 17:14 - 2017-01-15 17:22 - 00000000 ____D C:\Program Files (x86)\System Ninja 2017-01-15 17:14 - 2017-01-15 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja 2017-01-15 16:17 - 2017-01-15 17:19 - 00000000 ____D C:\Program Files (x86)\Security Task Manager 2017-01-15 16:17 - 2017-01-15 16:17 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk 2017-01-15 16:17 - 2017-01-15 16:17 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk 2017-01-12 09:14 - 2017-01-12 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-01-12 00:18 - 2017-01-06 09:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-01-12 00:18 - 2017-01-06 09:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-01-12 00:18 - 2017-01-06 09:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-01-10 20:09 - 2017-01-10 20:09 - 00000000 ____D C:\CPY_SAVES 2017-01-10 18:05 - 2017-01-10 18:05 - 00001515 _____ C:\Users\Public\Desktop\Far Cry - Primal.lnk 2017-01-07 04:53 - 2017-01-07 04:53 - 00000000 ____D C:\Users\hunter\Documents\Sound recordings 2017-01-06 08:04 - 2017-01-06 08:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2017-01-06 07:48 - 2017-01-06 07:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2017-01-06 07:48 - 2017-01-06 07:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2017-01-06 07:48 - 2017-01-06 07:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2017-01-05 21:00 - 2017-01-17 13:08 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-01-05 21:00 - 2017-01-15 17:36 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-05 21:00 - 2017-01-15 17:36 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-01-05 21:00 - 2017-01-15 17:36 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-01-05 21:00 - 2017-01-10 23:26 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-01-05 21:00 - 2017-01-05 21:00 - 00001917 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-05 21:00 - 2017-01-05 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-05 21:00 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-01-05 20:59 - 2017-01-05 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-05 20:59 - 2017-01-05 20:59 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-05 20:56 - 2017-01-05 20:59 - 54199488 _____ (Malwarebytes ) C:\Users\hunter\Downloads\mb3-setup-2005.2005-3.0.5.1299.exe 2017-01-05 20:54 - 2017-01-05 20:54 - 00000000 ____D C:\quardata 2017-01-05 20:51 - 2017-01-05 20:51 - 00000000 ____D C:\Users\hunter\AppData\Roaming\PCProtect 2017-01-05 15:10 - 2017-01-05 15:10 - 00000000 ____D C:\Users\hunter\AppData\Local\SquirrelTemp 2017-01-04 02:10 - 2017-01-04 02:10 - 00484436 _____ C:\Users\hunter\Downloads\FIVB_BVE_OG_AthletesUniform_Guidelines.pdf 2017-01-02 19:05 - 2017-01-02 19:05 - 00000000 ____D C:\Users\hunter\Documents\Criterion Games 2016-12-31 23:19 - 2016-12-31 23:19 - 00451010 _____ C:\Users\hunter\Downloads\20161231_165032.jpg 2016-12-31 22:57 - 2016-12-31 22:57 - 01745925 _____ C:\Users\hunter\Downloads\20161231_171909-PANO.jpg 2016-12-29 00:02 - 2017-01-15 17:36 - 00000000 ___SH C:\pagefile.sys 2016-12-28 23:57 - 2017-01-12 00:18 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log 2016-12-28 23:57 - 2017-01-10 23:37 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1 2016-12-28 23:57 - 2017-01-06 08:09 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2016-12-25 16:54 - 2016-12-25 16:54 - 00107506 _____ C:\Users\hunter\Downloads\5121.jpg 2016-12-25 16:44 - 2016-12-25 16:44 - 00193023 _____ C:\Users\hunter\Downloads\5007.jpg 2016-12-25 16:37 - 2016-12-25 16:37 - 01114363 _____ C:\Users\hunter\Downloads\5168.jpg 2016-12-25 16:11 - 2016-12-25 16:11 - 01716292 _____ C:\Users\hunter\Downloads\5178.jpg 2016-12-25 16:00 - 2016-12-25 16:00 - 00034963 _____ C:\Users\hunter\Downloads\5130 Chaps Long standard.jpg 2016-12-25 15:46 - 2016-12-25 15:46 - 00006738 _____ C:\Users\hunter\Downloads\5127 Chaps short Equigear.jpg 2016-12-25 15:33 - 2016-12-25 15:38 - 00106853 _____ C:\Users\hunter\Downloads\5177.jpeg 2016-12-25 15:30 - 2016-12-25 15:30 - 00005480 _____ C:\Users\hunter\Downloads\5123.jpg 2016-12-24 02:36 - 2016-12-24 02:36 - 00152830 _____ C:\Users\hunter\Downloads\How to create a professional and clean web layout (with PSD-to-HTML conversion).html 2016-12-24 02:36 - 2016-12-24 02:36 - 00000000 ____D C:\Users\hunter\Downloads\How to create a professional and clean web layout (with PSD-to-HTML conversion)_files 2016-12-23 23:04 - 2016-12-23 23:04 - 00111814 _____ C:\Users\hunter\Downloads\Lomocam by SparkleStock.zip 2016-12-23 03:56 - 2016-12-23 03:56 - 00017539 _____ C:\Users\hunter\Downloads\5005 Snaffle Eggbutt Stainless Steel.jpg 2016-12-23 03:56 - 2016-12-23 03:56 - 00009605 _____ C:\Users\hunter\Downloads\417 Rein Woven Rib leather.jpg 2016-12-23 03:54 - 2016-12-23 03:54 - 00072517 _____ C:\Users\hunter\Downloads\5000 Bridle Equigear Hannoverian.jpg 2016-12-20 02:02 - 2016-12-20 02:02 - 00000000 ____D C:\Users\hunter\AppData\Local\SpaceHulkGame 2016-12-20 01:55 - 2017-01-10 18:21 - 00000000 ____D C:\WINDOWS\SysWOW64\directx 2016-12-18 12:11 - 2016-12-18 12:46 - 256638310 _____ C:\Users\hunter\Downloads\_net.2.8.0.9-GOG.rar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-17 13:31 - 2014-11-21 23:12 - 00000000 ____D C:\Users\hunter\AppData\Roaming\tixati 2017-01-17 13:24 - 2014-11-21 23:28 - 00000000 ____D C:\Users\hunter\AppData\Roaming\Skype 2017-01-17 13:19 - 2016-04-10 13:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-17 13:13 - 2016-02-17 18:53 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2017-01-17 11:12 - 2016-10-15 18:29 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC9749B5-7391-4B94-8ECD-592BCF1C518C} 2017-01-17 07:04 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-17 05:37 - 2014-11-21 23:20 - 00000000 ____D C:\Users\hunter\AppData\Roaming\Raptr 2017-01-16 21:28 - 2016-11-20 06:04 - 00000000 ____D C:\Users\hunter\AppData\LocalLow\Mozilla 2017-01-16 20:37 - 2016-07-23 02:48 - 00000000 ____D C:\Users\hunter 2017-01-16 17:38 - 2015-12-16 21:30 - 00000000 ____D C:\Program Files (x86)\Steam 2017-01-16 15:13 - 2016-02-17 18:53 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2017-01-15 19:21 - 2016-07-23 06:14 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-01-15 19:19 - 2015-12-16 20:26 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-01-15 19:19 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-15 17:42 - 2016-07-23 02:58 - 00860396 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-15 17:42 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF 2017-01-15 17:39 - 2015-12-16 20:34 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-15 17:37 - 2016-07-23 02:51 - 00462848 _____ C:\Users\Public\Documents\bootracer.his 2017-01-15 17:37 - 2016-07-23 02:51 - 00000731 _____ C:\Users\Public\Documents\bootracer.ini 2017-01-15 17:37 - 2015-12-19 02:13 - 00000000 ____D C:\ProgramData\BootRacer 2017-01-15 17:36 - 2016-06-01 11:35 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-01-15 17:36 - 2016-04-27 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-15 17:36 - 2015-12-16 22:37 - 00000000 ____D C:\Program Files (x86)\BootRacer 2017-01-15 17:36 - 2015-10-30 14:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2017-01-15 17:19 - 2016-09-22 22:21 - 00000000 ____D C:\Users\hunter\AppData\Local\CrashDumps 2017-01-15 17:19 - 2016-07-23 17:35 - 00000000 ____D C:\WINDOWS\Minidump 2017-01-14 11:45 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-13 15:14 - 2016-01-26 19:13 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-01-13 15:14 - 2016-01-26 19:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-12 09:14 - 2016-02-17 18:53 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-01-12 00:18 - 2016-10-26 21:15 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-12 00:18 - 2016-10-26 21:15 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-12 00:18 - 2016-10-26 21:15 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-12 00:18 - 2016-10-26 21:15 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-12 00:18 - 2016-10-26 21:15 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-12 00:18 - 2016-10-26 21:15 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-12 00:18 - 2015-12-16 20:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-01-12 00:18 - 2015-12-16 20:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-01-12 00:18 - 2015-12-16 20:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-01-10 18:44 - 2016-09-21 00:23 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-10 18:22 - 2015-12-16 21:11 - 00000000 ____D C:\Users\hunter\Documents\My Games 2017-01-10 18:22 - 2015-12-16 20:33 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-10 18:05 - 2014-11-21 23:16 - 00000000 ____D C:\win 2017-01-06 09:10 - 2016-10-26 21:15 - 01855544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2017-01-06 09:10 - 2016-10-26 21:15 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2017-01-06 09:10 - 2016-10-26 21:15 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2017-01-06 09:10 - 2016-10-26 21:15 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2017-01-06 09:10 - 2016-10-26 21:15 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2017-01-06 09:10 - 2016-05-14 15:08 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2017-01-06 07:42 - 2016-10-26 21:15 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2017-01-05 23:53 - 2015-06-23 12:03 - 00000000 ____D C:\Users\hunter\AppData\Local\Ubisoft Game Launcher 2016-12-29 01:04 - 2015-12-17 18:48 - 00000000 ____D C:\Users\hunter\AppData\Local\NVIDIA Corporation 2016-12-28 23:58 - 2015-12-17 18:48 - 00000000 ____D C:\Users\hunter\AppData\Local\NVIDIA 2016-12-28 23:56 - 2016-07-04 08:05 - 00000000 ____D C:\ProgramData\WinZip 2016-12-26 20:32 - 2015-12-24 23:59 - 00007601 _____ C:\Users\hunter\AppData\Local\Resmon.ResmonCfg 2016-12-23 06:48 - 2015-10-30 15:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-23 06:48 - 2015-10-30 15:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-19 19:18 - 2016-07-23 02:48 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{4d1fc6ff-0c3e-11e6-80cc-b8ca3aecf11c}.TMContainer00000000000000000002.regtrans-ms 2016-12-18 20:56 - 2016-11-20 05:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-18 20:56 - 2016-04-27 14:29 - 05137784 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-18 20:56 - 2015-12-17 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2015-12-18 14:56 - 2015-12-23 23:17 - 0000132 _____ () C:\Users\hunter\AppData\Roaming\Adobe GIF Format CS6 Prefs 2016-06-08 22:36 - 2016-09-16 22:11 - 0000132 _____ () C:\Users\hunter\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-06-04 11:36 - 2016-10-12 20:32 - 0001456 _____ () C:\Users\hunter\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-12-24 23:59 - 2016-12-26 20:32 - 0007601 _____ () C:\Users\hunter\AppData\Local\Resmon.ResmonCfg 2016-07-23 02:47 - 2016-07-23 02:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-05-10 13:08 - 2016-05-17 02:15 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2016-12-28 23:57 - 2017-01-12 00:18 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-28 23:57 - 2017-01-10 23:37 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-13 13:24 ==================== End of FRST.txt ============================
- January 17, 2017
- 4 replies
Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

hstpctech replied to hstpctech's topic in Resolved Malware Removal Logs

Thank you! I have been poring over past threads but yet to find a solution for myself. I don't recall of any Windows 10 infection cases here..
- January 16, 2017
- 4 replies
Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

hstpctech posted a topic in Resolved Malware Removal Logs

Hi, I was trying my hands on the latest version of MalwareBytes 3.0 for 10 days now. My Windows 10 Pro system was pretty much clean of malwares except one persistent pop up reporting intermittent outbound traffics from svchost.exe to several suspicious IP addresses on port 52350. Google confirmed the destination IPs are located in Kazakhstan and India. One of the IP was also confirmed in the positive blacklist addresses. My question is obviously how to disinfect the malware(s). Hoping someone on the forum can help. I have reviewed several other svchost.exe infections in the forum but still cannot manage to clean my own. So far I have ran: 1. MalwareBytes scan several times and flagged SecurityTaskManager as malware. Cleaned it. 2. Zemana 2.70 Free. Zemana caught a suspicious Chrome setting of Conduit. Cleaned it. Additionally, I suspect the blocked outgoing traffics were originated from Tixati but I cannot prove it yet. Currently I am trying to stop Tixati from running and see if the pop-up notices come back. Logs from MalwareBytes and Zemana: Zemana AntiMalware 2.70.2.442 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2017/1/16 Operating System : Windows 10 64-bit Processor : 4X Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz BIOS Mode : Legacy CUID : 12184745C2545F13225DC0 Scan Type : System Scan Duration : 1m 46s Scanned Objects : 217996 Detected Objects : 1 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Chrome Startup Url Status : Scanned Object : http://search.conduit.com/?ctid=CT3220468&SearchSource=48 MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Startup Url Cleaning Result ------------------------------------------------------- Cleaned : 1 Reported as safe : 0 Failed : 0 Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/16/17 Protection Event Time: 7:52 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: Update Package Version: License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 46.19.97.206 Port: [52350] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/16/17 Protection Event Time: 7:39 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: Update Package Version: License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 217.23.187.43 Port: [52350] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/16/17 Protection Event Time: 7:18 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: Update Package Version: License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 217.118.90.62 Port: [52350] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/16/17 Protection Event Time: 6:13 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: Update Package Version: License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 109.232.104.162 Port: [52350] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/5/17 Protection Event Time: 9:01 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: Update Package Version: License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 91.217.34.64 Port: [52350] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/5/17 Protection Event Time: 9:01 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: Update Package Version: License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 91.217.34.64 Port: [52350] Type: Outbound File: C:\Windows\System32\svchost.exe (end)
- January 16, 2017
- 4 replies

Sign In

hstpctech

Posts

Joined

Last visited

Reputation

Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

Windows 10 - blocked outbound svchost.exe on port 52350 by Malwarebytes 3.0 Free

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information