Jump to content

Mollytoohotty

Members
  • Content Count

    5
  • Joined

  • Last visited

About Mollytoohotty

  • Rank
    New Member
  1. Thanks for the help Kevin, I just noticed my pc isn't showing the performance slow downs from now, I think the scan with Malwarebytes did the right thing, if it does start again with the mistake I'll reply again, for now I think I'm done, thanks for the help
  2. Sorry for taking so long Kevin, here are the logs: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 23/04/2018 Scan Time: 19:57 Log File: b8aac932-471f-11e8-a0bf-68b599e297fa.json Administrator: Yes -Software Information- Version: 3.4.5.2467 Components Version: 1.0.342 Update Package Version: 1.0.4848 Licence: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: SARITABLUE-PC\SARITABLUE -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Cancelled Objects Scanned: 224274 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 50 min, 8 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01 Ran by SARITABLUE (administrator) on SARITABLUE-PC (23-04-2018 20:28:29) Running from C:\Users\SARITABLUE\Downloads Loaded Profiles: SARITABLUE & (Available Profiles: SARITABLUE) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2728472 2014-12-16] (Sony Corporation) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\MountPoints2: {81330e5b-8a49-11e7-a4f7-68b599e297fa} - H:\CMADownloader.exe HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\MountPoints2: {e7228655-92db-11e7-983c-68b599e297fa} - G:\autorun.exe HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\MountPoints2: {81330e5b-8a49-11e7-a4f7-68b599e297fa} - H:\CMADownloader.exe HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\MountPoints2: {e7228655-92db-11e7-983c-68b599e297fa} - G:\autorun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{A3B667EB-E1FC-4221-812E-A762C0C10A57}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-04] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-04] (Oracle Corporation) BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-06-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: bu52x60u.default FF ProfilePath: C:\Users\SARITABLUE\AppData\Roaming\Mozilla\Firefox\Profiles\bu52x60u.default [2017-12-19] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] () FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-04] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3023464165-3341198432-3267076325-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SARITABLUE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SARITABLUE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default [2018-03-13] CHR Extension: (Google Drive) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-07] CHR Extension: (YouTube) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-07] CHR Extension: (Hojas de cálculo) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Documentos de Google sin conexión) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-07] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-07] CHR Extension: (Chrome Media Router) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25] CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-16] CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-23] CHR Extension: (Presentaciones) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16] CHR Extension: (Documentos) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-16] CHR Extension: (YouTube) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-16] CHR Extension: (Hojas de cálculo) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16] CHR Extension: (Documentos de Google sin conexión) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-17] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-16] CHR Extension: (Chrome Media Router) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-07] CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-28] () R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1267984 2015-02-27] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-28] (EasyAntiCheat Ltd) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-02-19] (Hi-Rez Studios) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed] R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1282232 2018-01-19] (Bitdefender) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2018-02-13] (Bitdefender) R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2018-02-13] (Bitdefender) R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2018-02-13] (Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 PlaysService; "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [X] S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1179248 2018-03-07] (BitDefender S.R.L. Bucharest, ROMANIA) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1725800 2018-02-02] (BitDefender) R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [154888 2018-01-29] (Bitdefender) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2017-12-17] (Bluestack System Inc. ) R3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30352 2017-09-06] (Disc Soft Ltd) R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [248336 2017-11-15] (BitDefender S.R.L. Bucharest, ROMANIA) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] () R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [191784 2018-02-05] (BitDefender LLC) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-20] (REALiX(tm)) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-23] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-23] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-23] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-23] (Malwarebytes) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation ) R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.) R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-23 20:28 - 2018-04-23 20:31 - 000021553 _____ C:\Users\SARITABLUE\Downloads\FRST.txt 2018-04-23 20:07 - 2018-04-23 20:28 - 000000000 ____D C:\FRST 2018-04-23 20:06 - 2018-04-23 20:07 - 002404864 _____ (Farbar) C:\Users\SARITABLUE\Downloads\FRST64.exe 2018-04-23 19:36 - 2018-04-23 19:36 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-04-23 19:35 - 2018-04-23 19:35 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-04-23 19:04 - 2018-04-23 19:07 - 000225634 _____ C:\TDSSKiller.3.1.0.17_23.04.2018_19.04.14_log.txt 2018-04-23 19:02 - 2018-04-23 19:49 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-04-23 19:02 - 2018-04-23 19:04 - 004949824 _____ (AO Kaspersky Lab) C:\Users\SARITABLUE\Downloads\tdsskiller.exe 2018-04-23 19:02 - 2018-04-23 19:02 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-04-23 19:01 - 2018-04-23 19:01 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-23 19:01 - 2018-04-23 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-23 19:01 - 2018-04-23 19:01 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-23 19:01 - 2018-04-23 19:01 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-23 19:01 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-04-23 18:52 - 2018-04-23 19:01 - 073551144 _____ (Malwarebytes ) C:\Users\SARITABLUE\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4834.exe 2018-04-23 18:25 - 2018-04-23 19:04 - 000132894 _____ C:\Windows\ntbtlog.txt 2018-04-22 21:28 - 2018-04-22 21:30 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\DarkSoulsIII 2018-04-22 20:01 - 2018-04-22 20:02 - 074784872 _____ C:\Users\SARITABLUE\Desktop\spiral.wav 2018-04-22 19:45 - 2018-04-22 19:45 - 086016104 _____ C:\Users\SARITABLUE\Desktop\21 de septiembre.wav 2018-04-22 19:40 - 2018-04-22 19:40 - 042344552 _____ C:\Users\SARITABLUE\Desktop\frijolero.wav 2018-04-22 08:54 - 2018-04-22 08:54 - 000001116 _____ C:\Windows\system32\bddel.dat 2018-04-22 07:21 - 2018-04-22 07:21 - 000001183 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk 2018-04-22 07:21 - 2018-04-22 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free 2018-04-22 07:21 - 2018-04-22 07:21 - 000000000 ____D C:\ProgramData\Bitdefender 2018-04-22 07:21 - 2018-02-05 13:16 - 000191784 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2018-04-22 07:21 - 2017-11-15 07:28 - 000248336 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys 2018-04-22 07:20 - 2018-03-07 06:00 - 001179248 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys 2018-04-22 07:20 - 2018-02-02 05:00 - 001725800 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2018-04-22 07:20 - 2018-01-29 08:36 - 000154888 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys 2018-04-22 07:17 - 2018-04-22 07:17 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\QuickScan 2018-04-22 07:17 - 2016-06-22 15:40 - 000520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2018-04-22 07:16 - 2018-04-23 20:31 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2018-04-22 07:06 - 2018-04-23 19:37 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2018-04-22 07:04 - 2018-04-22 07:24 - 000000000 ____D C:\Program Files\Bitdefender Agent 2018-04-22 07:04 - 2018-04-22 07:04 - 000048688 _____ C:\ProgramData\agent.1524373473.bdinstall.bin 2018-04-22 07:04 - 2018-04-22 07:04 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2018-04-22 07:03 - 2018-04-22 07:04 - 010160608 _____ C:\Users\SARITABLUE\Downloads\bitdefender_online.exe 2018-04-22 06:58 - 2018-04-22 06:58 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\SlimWare Utilities Inc 2018-04-22 01:35 - 2018-04-22 01:35 - 000000222 _____ C:\Users\SARITABLUE\Desktop\DARK SOULS III.url 2018-04-21 23:31 - 2018-04-21 23:33 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\UNDERTALE 2018-04-21 23:13 - 2018-04-21 23:13 - 000000222 _____ C:\Users\SARITABLUE\Desktop\Undertale.url 2018-04-20 16:04 - 2018-04-20 16:04 - 003198147 _____ C:\Users\SARITABLUE\Downloads\video-1519596305.mp4 2018-04-18 07:49 - 2018-04-18 07:50 - 016290668 _____ C:\Users\SARITABLUE\Downloads\sa-mp-0.3.7-R2-install (1).exe 2018-04-18 07:36 - 2018-04-18 07:36 - 016290668 _____ C:\Users\SARITABLUE\Downloads\sa-mp-0.3.7-R2-install.exe 2018-04-17 20:39 - 2018-04-17 20:39 - 000000000 ____D C:\Users\SARITABLUE\Documents\dog 2018-04-14 18:01 - 2018-04-14 18:01 - 000299040 ____N C:\Windows\Minidump\041418-22932-01.dmp 2018-04-14 11:30 - 2018-04-14 11:31 - 000000000 ____D C:\Users\SARITABLUE\Downloads\Linkin Park - The Messenger 2018-04-13 22:16 - 2018-04-14 18:05 - 000000000 ____D C:\Users\SARITABLUE\Downloads\My Chemical Romance - Famous Last Words 2018-04-12 18:45 - 2018-04-12 18:45 - 000032091 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # Linkin Park - The Messenger.torrent 2018-04-12 18:44 - 2018-04-12 18:44 - 000013427 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # Slipknot - Snuff.torrent 2018-04-12 18:43 - 2018-04-12 18:43 - 000015238 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # My Chemical Romance - Famous Last Words.torrent 2018-04-12 18:41 - 2018-04-12 18:41 - 000011271 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # Johnny Cash - Ring Of Fire.torrent 2018-04-12 18:41 - 2018-04-12 18:41 - 000001200 _____ C:\Users\Public\Desktop\Play UltraStar Deluxe WorldParty.lnk 2018-04-12 18:41 - 2018-04-12 18:41 - 000000000 ____D C:\Users\SARITABLUE\Downloads\El Cuarteto de Nos - El hijo de Hernández 2018-04-12 18:40 - 2018-04-12 19:00 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\ultrastardx 2018-04-12 18:40 - 2018-04-12 18:40 - 000012183 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # El Cuarteto de Nos - El hijo de Hernández.torrent 2018-04-12 18:40 - 2018-04-12 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe WorldParty 2018-04-12 18:40 - 2018-04-12 18:40 - 000000000 ____D C:\Program Files (x86)\UltraStar Deluxe WorldParty 2018-04-12 18:38 - 2018-04-12 18:39 - 032253155 _____ C:\Users\SARITABLUE\Downloads\ultrastardx-WorldParty-12.07-installer-full.exe 2018-04-12 16:47 - 2018-04-12 16:47 - 000000000 ____D C:\Users\SARITABLUE\Documents\Mis Creaciones Spore 2018-04-12 16:46 - 2018-04-12 16:46 - 000001869 _____ C:\Users\SARITABLUE\Desktop\SporeApp - Acceso directo.lnk 2018-04-12 16:45 - 2018-04-12 16:47 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\SPORE 2018-04-11 17:29 - 2018-04-11 17:29 - 000000000 ____D C:\Program Files (x86)\Electronic Arts 2018-04-11 16:08 - 2018-04-11 16:09 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\FalloutNV 2018-04-11 14:55 - 2018-04-11 14:55 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks 2018-04-11 10:03 - 2018-04-11 10:04 - 000038335 _____ C:\Users\SARITABLUE\Downloads\Spore.%5BMULTI17%5D%5BPCDVD%5D%5BWwW.GamesTorrents.CoM%5D.t4360 (6).torrent 2018-04-04 05:59 - 2018-04-04 05:59 - 000000855 _____ C:\Users\SARITABLUE\Downloads\Molly.txt 2018-04-01 11:20 - 2018-04-01 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starbound Spacefarer 2018-04-01 11:19 - 2018-04-01 12:43 - 000000000 ____D C:\Program Files (x86)\Starbound Spacefarer 2018-03-28 17:58 - 2018-03-28 17:58 - 000000000 ____D C:\Users\SARITABLUE\Documents\Klei 2018-03-28 17:29 - 2018-03-28 17:29 - 000000222 _____ C:\Users\SARITABLUE\Desktop\Don't Starve Together.url 2018-03-28 07:42 - 2018-03-28 07:42 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2018-03-25 11:03 - 2018-03-25 11:03 - 000000000 ____D C:\Windows\pss 2018-03-25 09:47 - 2018-03-25 09:47 - 000000000 ____D C:\Windows\SysWOW64\xlive 2018-03-25 09:47 - 2018-03-25 09:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2018-03-25 09:46 - 2018-03-25 09:46 - 021598208 _____ C:\Users\SARITABLUE\Downloads\xliveredist.msi 2018-03-25 09:42 - 2018-03-25 09:42 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\Fallout3 2018-03-25 00:23 - 2018-03-25 00:23 - 000002284 _____ C:\Users\SARITABLUE\Desktop\Fallout 3 Gold Repack.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-23 19:37 - 2017-10-12 20:57 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\LogMeIn Hamachi 2018-04-23 19:35 - 2017-07-15 21:12 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2018-04-23 19:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-04-23 19:30 - 2018-03-13 11:59 - 000000000 ____D C:\Windows\System32\Tasks\Macromedia 2018-04-23 19:30 - 2017-06-18 12:15 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7 2018-04-23 18:11 - 2017-06-15 21:27 - 000000000 ____D C:\Program Files (x86)\Steam 2018-04-23 15:45 - 2009-07-14 06:45 - 000025296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-04-23 15:45 - 2009-07-14 06:45 - 000025296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-04-22 20:06 - 2017-06-23 15:14 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\audacity 2018-04-22 19:57 - 2017-06-23 14:22 - 000000016 _____ C:\Users\SARITABLUE\AppData\Roaming\msregsvv.dll 2018-04-22 19:57 - 2017-06-23 14:22 - 000000016 _____ C:\ProgramData\autobk.inc 2018-04-22 14:21 - 2017-08-03 00:57 - 000000000 ____D C:\Users\SARITABLUE\Desktop\ÇDaniel 2018-04-22 10:41 - 2017-07-13 03:39 - 000007606 _____ C:\Users\SARITABLUE\AppData\Local\Resmon.ResmonCfg 2018-04-22 07:38 - 2009-07-14 06:45 - 004998520 _____ C:\Windows\system32\FNTCACHE.DAT 2018-04-22 07:19 - 2015-01-21 08:21 - 000000000 ____D C:\Program Files\Common Files\Adobe 2018-04-22 07:19 - 2015-01-17 14:53 - 000000000 ____D C:\Program Files\Adobe 2018-04-22 07:19 - 2015-01-17 14:38 - 000000000 ____D C:\ProgramData\Adobe 2018-04-22 07:18 - 2015-01-21 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6 2018-04-22 07:18 - 2015-01-17 14:37 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\Adobe 2018-04-22 07:17 - 2015-01-17 14:54 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-04-22 07:16 - 2015-01-17 11:12 - 000093008 _____ C:\Users\SARITABLUE\AppData\Local\GDIPFONTCACHEV1.DAT 2018-04-22 07:07 - 2015-01-17 11:09 - 000000000 ____D C:\Users\SARITABLUE 2018-04-22 07:05 - 2015-01-17 14:36 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\Adobe 2018-04-22 06:28 - 2017-07-08 07:52 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\uTorrent 2018-04-22 01:35 - 2017-06-15 21:44 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2018-04-21 19:54 - 2018-03-13 20:06 - 000004512 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-04-21 19:54 - 2018-02-20 15:15 - 000002906 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SARITABLUE) 2018-04-21 19:54 - 2017-12-06 23:39 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-04-21 19:54 - 2017-12-06 23:39 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-04-21 19:54 - 2015-04-14 22:16 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-04-21 19:54 - 2015-01-24 09:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-04-21 19:54 - 2015-01-20 10:07 - 000003154 _____ C:\Windows\System32\Tasks\MirageAgent 2018-04-21 19:54 - 2015-01-18 13:07 - 000003334 _____ C:\Windows\System32\Tasks\{351EC988-1E73-4C8E-BABC-6ECC2A34DB5D} 2018-04-21 19:54 - 2015-01-18 13:05 - 000003282 _____ C:\Windows\System32\Tasks\{4B6B8A09-7F32-47F6-ADB4-D770D90F234A} 2018-04-21 19:54 - 2015-01-17 21:54 - 000004230 _____ C:\Windows\System32\Tasks\Red Giant Link 2018-04-19 17:52 - 2011-04-12 11:10 - 000035316 _____ C:\Windows\system32\perfh00A.dat 2018-04-19 17:52 - 2011-04-12 11:10 - 000014974 _____ C:\Windows\system32\perfc00A.dat 2018-04-19 17:52 - 2009-07-14 07:13 - 000812948 _____ C:\Windows\system32\PerfStringBackup.INI 2018-04-19 17:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-04-16 09:39 - 2009-07-14 07:08 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-04-15 13:44 - 2017-06-18 21:02 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\discord 2018-04-14 18:02 - 2016-02-26 18:30 - 000000000 ____D C:\Windows\Minidump 2018-04-12 18:45 - 2018-03-13 19:08 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw54bed2346383ade2.tmp 2018-04-11 17:38 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2018-04-11 17:15 - 2015-01-17 11:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-04-11 16:08 - 2017-06-16 02:01 - 000000000 ____D C:\Users\SARITABLUE\Documents\My Games 2018-04-11 09:32 - 2015-04-14 22:16 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-04-11 09:32 - 2015-04-14 22:16 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-04-11 09:31 - 2015-04-14 22:16 - 000000000 ____D C:\Windows\system32\Macromed 2018-04-11 09:31 - 2015-01-21 08:22 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-04-10 14:44 - 2018-03-13 19:08 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdb736d0b181be7f7.tmp 2018-04-10 14:44 - 2018-03-13 19:08 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2d8314db0832f639.tmp 2018-04-10 14:44 - 2018-03-13 19:08 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc68979199a857808.tmp 2018-04-10 14:44 - 2018-03-13 19:08 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9588a1445c8e0e4f.tmp 2018-04-10 14:44 - 2018-03-13 19:08 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\asw206731096a88ecab.tmp 2018-04-10 14:44 - 2018-03-13 19:08 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 1a41023caac85d2.tmp 2018-04-10 14:44 - 2018-03-13 19:08 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw addfcdf8117af2e.tmp 2018-04-10 14:42 - 2018-03-13 19:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw366fd9f36149dec7.tmp 2018-04-10 14:42 - 2018-03-13 19:08 - 000227784 _____ (AVAST Software) C:\Windows\SysWOW64\WINDOWS_ICONS_FOLDER 2018-04-04 03:42 - 2017-11-17 22:52 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\osu! 2018-03-29 21:02 - 2017-07-04 01:14 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\OBS 2018-03-25 00:35 - 2015-01-25 20:50 - 000000000 ____D C:\Windows\SysWOW64\directx 2018-03-25 00:34 - 2015-01-25 20:51 - 000000000 ___HD C:\Windows\msdownld.tmp 2018-03-25 00:07 - 2017-11-15 19:09 - 000000000 ____D C:\Users\SARITABLUE\Downloads\yeet 2018-03-25 00:03 - 2018-03-18 00:44 - 000000000 ____D C:\Program Files (x86)\VictorVal ==================== Files in the root of some directories ======= 2017-06-23 14:22 - 2018-04-22 19:57 - 000000016 _____ () C:\Users\SARITABLUE\AppData\Roaming\msregsvv.dll 2015-01-17 11:28 - 2015-01-17 11:28 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\AtStart.txt 2015-01-17 11:28 - 2015-01-17 11:28 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\DSwitch.txt 2015-01-20 10:03 - 2015-01-20 10:03 - 000002091 _____ () C:\Users\SARITABLUE\AppData\Local\FastClean.20150120.090319.txt 2015-01-17 11:28 - 2015-01-17 11:28 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\QSwitch.txt 2017-07-13 03:39 - 2018-04-22 10:41 - 000007606 _____ () C:\Users\SARITABLUE\AppData\Local\Resmon.ResmonCfg 2015-08-17 17:33 - 2015-08-17 17:33 - 000353118 _____ () C:\Users\SARITABLUE\AppData\Local\SquareClock.Production_HBMV1Icon.ico 2017-10-30 17:48 - 2016-11-23 15:37 - 000000570 _____ () C:\Users\SARITABLUE\AppData\Local\TroubleshooterConfig.json 2015-10-31 09:10 - 2015-10-31 09:10 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\{0F476025-7ADC-4BD9-824C-219B0C32DEFA} Some files in TEMP: ==================== 2018-03-14 20:36 - 2018-03-14 20:36 - 000044032 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\da1717b2d.dll 2018-03-22 09:02 - 2018-03-18 01:19 - 000363273 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\Desinstalar.exe 2018-03-13 20:23 - 2018-03-13 20:23 - 000047104 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\e59471b6b.dll 2018-03-14 20:24 - 2018-03-14 20:24 - 000034816 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\ea38797a.dll 2018-03-13 16:17 - 2018-03-13 16:17 - 000046592 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\ee5cc.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-10 01:06 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01 Ran by SARITABLUE (23-04-2018 20:33:42) Running from C:\Users\SARITABLUE\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2015-01-17 09:09:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3023464165-3341198432-3267076325-500 - Administrator - Disabled) Invitado (S-1-5-21-3023464165-3341198432-3267076325-501 - Limited - Disabled) SARITABLUE (S-1-5-21-3023464165-3341198432-3267076325-1000 - Administrator - Enabled) => C:\Users\SARITABLUE ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.) 4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC) 64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov) 7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia) AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - ) Apple ProRes QuickTime Decoder (HKLM-x32\...\{B0870386-2559-4762-A46D-020E60FB9BA9}) (Version: 1.0.0.1 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.78 - Bitdefender) Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.11.16 - Bitdefender) bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.54.65.1755 - BlueStack Systems, Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation) Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC) Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - ) Crossout Launcher 1.0.3.25 (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\CrossOutLauncher_is1) (Version: - ) Crossout Launcher 1.0.3.25 (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\CrossOutLauncher_is1) (Version: - ) Cuphead (HKLM-x32\...\Cuphead_is1) (Version: - ) Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0484 - Disc Soft Ltd) DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version: - ) Discord (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\Discord) (Version: 0.0.300 - Discord Inc.) Discord (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\Discord) (Version: 0.0.300 - Discord Inc.) Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0ACCA8BE-C376-428E-894E-D660A07B4C69}) (Version: 1.1.139.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fallout 3 Gold Repack (HKLM-x32\...\Fallout 3 Gold Repack) (Version: - ) Far Cry 3 Blood Dragon version 1.1.0.0 (HKLM-x32\...\Far Cry 3 Blood Dragon_is1) (Version: 1.1.0.0 - Mr DJ) Far Cry 3 version 1.5.0.0 (HKLM-x32\...\Far Cry 3_is1) (Version: 1.5.0.0 - Mr DJ) Far Cry 4 version 1.10.0.0 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.10.0.0 - Mr DJ) Farming Simulator 17 KUHN (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - ) Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Frets On Fire Ultimate (HKLM-x32\...\Frets On Fire Ultimate) (Version: - ) Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ) Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.3 - Aspyr) Guitar Hero Three Control Panel (HKLM-x32\...\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}) (Version: 2.0.4 - Sigma Production Inc.) Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music) HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.6.3 - Hi-Rez Studios) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hot Keyboard Pro 2.8 (HKLM-x32\...\Hot Keyboard Pro_is1) (Version: 2.8 - Imposant) HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{F1745BCC-8CBA-4471-AB45-B361F72A115E}) (Version: 4.1.13.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{1B27BDCF-4A5B-4D70-9590-7D50247DC1D4}) (Version: 12.0.30.81 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) Hydrogen (Advanced drum machine for GNU/Linux) (HKLM-x32\...\ON) (Version: 0.9.7 - Hydrogen Developers) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT) IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.) Magic Bullet Suite 64-bit (HKLM\...\{4D2F05BB-228E-4081-B94C-50AD015EE462}) (Version: 11.4.2 - Red Giant Software) Hidden Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{4D2F05BB-228E-4081-B94C-50AD015EE462}) (Version: 11.4.2 - Red Giant Software) Malwarebytes versión 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Max Payne 3 - Complete Edition (HKLM-x32\...\Max Payne 3 - Complete Edition_is1) (Version: - ) MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{246dcb72-b18c-4ab9-9de9-8a996296b01d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 57.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 57.0 (x64 es-ES)) (Version: 57.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MTA:SA v1.5.4 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.4 - Multi Theft Auto) Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - ) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) osu! (HKLM-x32\...\{b403d160-f948-4ceb-ab35-26f039b584c0}) (Version: latest - ppy Pty Ltd) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation) ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation) PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden PMB_ServiceUploader (HKLM-x32\...\{D0A231B2-5921-45B7-A2FC-4EC937D6E020}) (Version: 9.1.00 - Sony Corporation) Hidden Progress Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.20171.26113 - Telerik) QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.107.323.2017 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Roblox Player for SARITABLUE (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Player for SARITABLUE (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) SketchUp 2018 (HKLM\...\{5EAA3D58-258D-4D24-BA22-C8D8D704F515}) (Version: 18.0.16975 - Trimble Navigation Limited) Skype versión 8.17 (HKLM-x32\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.) SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden Songr (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\Songr) (Version: 2.1 - Xamasoft) Songr (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\Songr) (Version: 2.1 - Xamasoft) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SPORE(TM) (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts) Starbound Spacefarer (HKLM-x32\...\Starbound Spacefarer_is1) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version: - ) The Long Dark v1.16 Rugged Sentinel (HKLM\...\dGhlbG9uZ2Rhcms_is1) (Version: 1 - ) Tony Hawk's Pro Skater 3 v1.01 (HKLM-x32\...\Tony Hawk's Pro Skater 3_is1) (Version: - Neversoft) UltraStar Deluxe WorldParty (HKLM-x32\...\UltraStar Deluxe WorldParty) (Version: WorldParty - USDX Team & zup3r_vock) Unity Web Player (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{DAFCD7DE-1531-4483-9F53-170766074E85}) (Version: - Microsoft) Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) (HKLM\...\B30ECD0209A21D638611F893829C8AF3A483A302) (Version: 04/29/2008 2.5.0.0 - ENE) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WinToHDD versión 2.5 (HKLM\...\WinToHDD_is1) (Version: 2.5 - Hasleo Software.) X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.3 - X Codec Pack team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32-x32-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File ContextMenuHandlers1: [HotKeyboard] -> {9493BF10-6A0A-11D3-AFB2-00C06C397814} => C:\Program Files (x86)\Hot Keyboard Pro\HkShExt64.dll [2017-06-30] (Imposant) ContextMenuHandlers1-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd) ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File ContextMenuHandlers2-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) ContextMenuHandlers4-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-12-19] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File ContextMenuHandlers6: [HotKeyboard] -> {9493BF10-6A0A-11D3-AFB2-00C06C397814} => C:\Program Files (x86)\Hot Keyboard Pro\HkShExt64.dll [2017-06-30] (Imposant) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1D1E47F7-6FB0-48EB-B319-F384879D384A} - System32\Tasks\{351EC988-1E73-4C8E-BABC-6ECC2A34DB5D} => C:\Windows\system32\pcalua.exe -a "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Red\Wifi 802.11\Intel\sp54841.exe" -d "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Red\Wifi 802.11\Intel" Task: {1F710F97-881C-498A-B1D7-E9AA69851C1A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-01-19] (Bitdefender) Task: {2D3E2A18-E3E8-44D4-8D9B-B8F88CECB595} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink) Task: {32F488F3-4EC1-4896-80EE-E719AC7B6ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard) Task: {3DB270AD-DD07-42AB-8B09-FA5CD1782BCD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-11] (Adobe Systems Incorporated) Task: {4AEF22A5-6535-4EDA-90F8-9CB094C92BFC} - System32\Tasks\{4B6B8A09-7F32-47F6-ADB4-D770D90F234A} => C:\Windows\system32\pcalua.exe -a "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Graficos\sp54471.exe" -d "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Graficos" Task: {55AF0FA9-F399-491E-BC9D-B20B59CFEDA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {5DF0C7A3-7B38-489B-AFF7-3EF1A9ED7D44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {640F4D19-B366-4057-9D3E-E39384FC7574} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {71603A60-7AE2-44B6-B323-C59EAA78171A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {71603A60-7AE2-44B6-B323-C59EAA78171A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation) Task: {754EC3C7-A8A4-47BA-9EB3-08181ADD337C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-11] (Adobe Systems Incorporated) Task: {8876A094-1CDB-46D4-9C29-B9A917D78601} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent Task: {8876A094-1CDB-46D4-9C29-B9A917D78601} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation) Task: {889D18A6-12CC-4A24-AF85-66D7DD78A44D} - System32\Tasks\Driver Booster SkipUAC (SARITABLUE) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe Task: {8E152D51-9B89-4C13-AE1E-0C9ADF8A01C1} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation) Task: {A89211F4-3AC2-4183-9C14-0A98B0932CE0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime Task: {A89211F4-3AC2-4183-9C14-0A98B0932CE0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation) Task: {C52A4F05-A891-4C4E-B1BB-9008FC41608A} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2013-01-02] () Task: {C5F1F590-2AD3-4D74-8D9F-864EC95E8137} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.) Task: {E71E90DF-3629-40EA-A217-A0EE26BB6E31} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {F580E95E-4CFC-4FEF-981C-CDA99255AC77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\SARITABLUE\Desktop\Вuild аnd Shооt Lаunсhеr.lnk -> C:\Program Files (x86)\Build and Shoot\Launcher.bat () Shortcut: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com Shortcut: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru Shortcut: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.3\Useful links\X Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File) Shortcut: C:\Users\Public\Desktop\Еpiс Gаmеs Lаunсhеr.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat (No File) ShortcutWithArgument: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () -> -extoff <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2018-04-22 07:20 - 2017-11-21 12:29 - 000280568 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll 2018-04-22 07:20 - 2017-02-07 12:29 - 001008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl 2018-04-22 07:20 - 2017-02-07 12:29 - 000541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl 2018-04-22 07:20 - 2017-02-07 12:29 - 003243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl 2018-04-22 07:20 - 2017-02-07 12:29 - 001544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl 2018-04-23 19:01 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-04-23 19:01 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2011-08-09 08:44 - 2011-08-09 08:44 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2018-03-21 00:46 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll 2018-03-21 00:46 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll 2016-05-12 03:46 - 2016-05-12 03:46 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInterop.ni.dll 2015-01-18 13:18 - 2011-05-20 11:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [0] AlternateDataStreams: C:\Users\SARITABLUE:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0] AlternateDataStreams: C:\Users\Public\AppData:CSM [462] AlternateDataStreams: C:\Users\SARITABLUE\Cookies:t9osjQ9djrQtsr5BDV [2554] AlternateDataStreams: C:\Users\SARITABLUE\Cookies:YvP2AbZurBPMxi6WljP1nCUL8 [2298] AlternateDataStreams: C:\Users\SARITABLUE\AppData\Local\IYyMjLK0:e3TIeNSl6P8VqiWXV [2352] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-03-13 12:30 - 2018-04-23 19:30 - 000000431 _____ C:\Windows\system32\Drivers\etc\hosts 139.99.6.25 blackxat.com 139.99.6.25 www.blackxat.com 139.99.6.25 black-xat.com 139.99.6.25 www.xlack-xat.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{83D12DC9-A05C-43A8-BF20-31272BB9C884}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe FirewallRules: [{03665137-AC9F-4DB5-A6AA-9FCA939C3BB3}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe FirewallRules: [{416EEC89-764F-4A6B-B1BC-293C8B34024D}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe FirewallRules: [{3D451C6C-49ED-4E02-8180-9B71CA8DCA64}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{7033F95A-EAEE-4F59-A064-C51F7CFF137F}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{F136A13E-B7BA-4F3E-BB53-7C5566424510}] => (Allow) LPort=7935 FirewallRules: [TCP Query User{1B755AE6-443E-4FB4-BBFD-3315210CB5C2}C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe FirewallRules: [UDP Query User{7ABEF533-A5B6-490F-9564-50D1584360B6}C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe FirewallRules: [TCP Query User{B730D13C-FB83-4F9C-AC8F-54B1A7C022AC}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{B9C78564-91A2-4309-BC9B-D0967BCF2F43}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{7F15815B-46D8-40FC-8A9C-02D216F7220F}C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe FirewallRules: [UDP Query User{6F1AA7D7-0A64-4936-B1DD-B335A7586C22}C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe FirewallRules: [{F0488960-D7E8-4731-84A9-FF082F229DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{598AA594-B32B-4F60-8405-5FF7F982E29E}] => (Allow) LPort=2869 FirewallRules: [{CD41222E-1A48-4718-BBCB-5762FC5FD755}] => (Allow) LPort=1900 FirewallRules: [{6521477D-9A60-4D2D-8DB6-272E175DF790}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{002DCA48-F6A8-484A-B4D8-35E77F536586}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0FF25AE2-A281-4AFC-B064-96F423475BA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6952AA98-8F8E-40A5-9F9D-40483E96652F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{145B05F2-5F99-4899-8813-6E5EE73FE600}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DFD05193-ADAD-4EE1-83E7-5BC644D4458B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{28C70081-EF6F-42A0-8E01-01A028C5158E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5477CF69-D360-493C-9B3C-6D746F0A1905}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A2DD58FF-D56F-471C-A917-54A383339BB9}] => (Allow) C:\Users\SARITABLUE\AppData\Local\Temp\7zS53A7\HPDiagnosticCoreUI.exe FirewallRules: [{A8A58BB4-0B69-4907-839C-34683DC7C10A}] => (Allow) C:\Users\SARITABLUE\AppData\Local\Temp\7zS53A7\HPDiagnosticCoreUI.exe FirewallRules: [{ABEE0011-A5B7-4526-9C9B-C222E0E2D1C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{606104B7-471F-41DA-B6BE-A5B553F94BD8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{D96A978A-00F2-478D-B123-AD481183AAC2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{3F73652F-806D-42A2-BCE7-EC59CBC254DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{960CAFE6-E424-43D9-8217-48E7AFB24BB5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{0137F9EB-F5B6-442A-8128-E9E0E5B573EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{C5089577-7ECA-4ADC-8A83-63D0B3677D08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{6FDB881C-434F-4427-9749-0ECB78EE81C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{D7433CDB-B286-4C12-9704-A2F44AFB438A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{0E23658F-9C4E-4159-8EBF-E6684CA0F0DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{AF5CC4C8-F78A-4E49-89E8-EB90C30308B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{8668D6EB-DFB2-473F-9446-11570A5864E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{3F89807D-C66F-4BB2-A4EA-79EE08E640C0}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{9B24261D-28AF-4502-A220-180805EEBE77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{FB5717B7-22D8-4E90-BB4E-DAF90A45BCA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{F3F917F4-FC5B-415C-9C5E-67989155A32D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{E8BF46E8-5B7A-4E8E-9BF1-EC06A034DBE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{0F5C341A-4BAF-47FD-A8F8-98F1F3E2F1EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{12BBA083-7283-477A-A620-CE7A7B4AC158}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{86A314AF-584F-4CDF-8659-111DEFA34FB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{BF82D3EF-992F-4C41-A332-027D3AB4AB5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{C0D5A670-814C-4458-AEBA-B8CC6FF77468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{D94E16E6-3DDD-4FB9-8D2D-55A61A8820E5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{1069038C-4A70-4909-BE70-9BB30E4D0BCF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [TCP Query User{8ED0178B-2C18-4105-AD90-9BFC81E96085}C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe] => (Allow) C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe FirewallRules: [UDP Query User{C2EDEBAA-4002-4437-BD88-9F49A1EB27DD}C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe] => (Allow) C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe FirewallRules: [TCP Query User{99732D68-8067-43F0-9043-5B1D0501D2F0}C:\program files (x86)\emule\emuletorrent.exe] => (Allow) C:\program files (x86)\emule\emuletorrent.exe FirewallRules: [UDP Query User{EED42492-1313-4FF1-87BE-B843310225CC}C:\program files (x86)\emule\emuletorrent.exe] => (Allow) C:\program files (x86)\emule\emuletorrent.exe FirewallRules: [{B0B1B96A-1067-4B3E-8010-5496BFC4F5D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3CE163C7-2A03-4DAB-BB3E-B5774EE671FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9B6AAB7E-D8A7-4006-8706-EE1BF0BF9653}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A57657A1-1694-42E7-AD67-9D9C4F192019}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D3E5A57A-0F11-41F0-AB05-BB7F4BCAAC31}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{E531048C-C4EA-4557-8CC9-70B440CE68AB}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{B2A332D1-E277-4F00-9F53-AF2D8BC088AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7DFE8E7E-3C39-498E-B95E-D39A8F77C23A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3F16CAFE-A526-451B-9092-5506875832EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{DF0FB848-FE79-4703-9F3B-CEB7A00F5345}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{EC7CD87A-1690-467B-9BC8-3CFBD29C10A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{5D5A377A-D3AB-41E0-B827-84B364D2D751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{41353C13-B5D1-4981-B2B4-28C7EA99FA45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{DB4A3DD6-D4C2-43D8-B560-0204399C2EE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{DA10C514-FD0E-4041-943D-24653D022160}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{57F4A72F-E42A-4484-91B9-7B34D6278AED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{87CC53D0-4EE2-4BB5-B325-3ED6C755A157}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{C22EB17B-3334-4422-82AB-B92557D035D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{4730F121-A266-4F55-BC8F-934031E1F644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{B75814EE-3351-4A31-8E4D-6A9CC0CD4CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{DA8BAFDE-C15C-485F-8636-3AD6EF9F51AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{1E90CFB7-9C25-49B1-95CD-359ADE0A4466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe FirewallRules: [{B94D68AE-B5A7-4482-9DD3-344ED70087FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe FirewallRules: [{2977F436-B2E9-4A44-9B85-6CB10F4CCC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{0E9D02C2-6F66-4D0A-863F-F11B6025F4C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{C3D840D2-48A5-4B41-BEA3-034A7365F622}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe FirewallRules: [{56C4FE0E-FAFC-440C-B5DF-DE5ADB677E73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe FirewallRules: [{9F9B613B-07DF-451B-9EB2-3739721BEE62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe FirewallRules: [{5DDA7BC4-A299-400D-9495-9A1C1E8872F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe FirewallRules: [{7E55DB95-EA7E-4FE8-9377-80EFC22AD4AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe FirewallRules: [{2769FFB5-5423-427E-8BA6-BDA46E3074BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe FirewallRules: [{5087A14D-6572-42A7-9A82-93A0821E1178}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B6960C5B-F708-4210-9C67-3D1A40CB5AAC}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0C2142D0-F2CC-4A4F-AAC0-9575090010F1}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0137D8B0-7E34-44B8-A311-F5E67B2EC4F7}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C3751757-A44E-4FE7-92B9-FD8643DF7886}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7C486542-E8E5-48F6-B3BF-AF5A711C4F8B}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{23BE01EB-32CC-4874-BF36-6106F26DBB91}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{09B521CD-36CF-4E9F-A485-85767E5BCFC9}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{FEB33481-419D-447A-B03C-B35A746653E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{9E3B220B-9FDA-4DA7-9B66-D48B7AB5C91E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{D3BE691D-27A8-4E86-996B-EA0AD9CAE0BC}C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe] => (Allow) C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe FirewallRules: [UDP Query User{41416FFD-9083-4587-84ED-163C22CB3806}C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe] => (Allow) C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe FirewallRules: [TCP Query User{EBBB97D5-A14A-454B-886A-BCE68ED762E5}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{AA8AA397-4BE9-458D-A4C5-973FD6B58989}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [TCP Query User{853CC22D-B5B8-46F1-8D78-13B6A969E121}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8350F46A-4844-44E7-83D9-1FF1AA6C0DDB}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [TCP Query User{88F93E0F-9E90-492B-876C-D7552E66B261}C:\users\saritablue\desktop\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\pump\step_f2.exe FirewallRules: [UDP Query User{FA89EAED-DC9E-46A9-8AE0-A9D44F8EDE63}C:\users\saritablue\desktop\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\pump\step_f2.exe FirewallRules: [{2F40F8E9-2C0E-4317-A3DE-1A9B55B54F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe FirewallRules: [{1B040DBD-64BB-420C-B23E-E4CBED338CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe FirewallRules: [{50CDF626-04DE-4945-87AA-D8DC9478C4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe FirewallRules: [{B8E93B40-7E81-45CB-8F72-0A507F25F98D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe FirewallRules: [{41A43E63-ED3F-4BD3-B56B-709AE42528E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{FAC49E3C-ECF5-471A-B222-9C530AF9C52C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{C3532276-A5D7-4DDF-B97E-589D14FB48FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{445CE641-EFCF-4044-A9E4-062E396E15DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{3C9B3588-3928-45AF-B0FD-D798F259E21C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{2B45D61D-BE42-4423-8BB7-7F39F2FC79B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{AB75B100-0B88-49C3-8CC4-C67781629D5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{FC4BC1DE-454D-40C7-B215-27AB8B75BE61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{9D3D5DA1-925F-4E89-816A-1BD9C0B65415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{388E48B9-1AA1-4175-A95D-A6F9F8DE79E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E45843A4-E946-4434-AA9E-96966B24462F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{D303A9AB-884D-4922-9EF4-0D1183F72234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{0362AB7F-FC4F-4E2C-838A-1937A2A9D437}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 4\bin\FarCry4.exe FirewallRules: [{230440C3-FA66-4861-AAA5-4974DFB41EF1}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 4\bin\FarCry4.exe FirewallRules: [{FA381140-81B4-4036-B338-48540C04A07D}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3.exe FirewallRules: [{E4715FD4-C747-4D4D-A29D-EA2DDB8D51B0}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3.exe FirewallRules: [{FF84E8AA-2E7E-43AC-8F6D-43A695F9973F}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3_d3d11.exe FirewallRules: [{5F0A5A9C-DC7E-47D5-A889-B94A0D19441F}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3_d3d11.exe FirewallRules: [{4C4472AB-E654-4B22-B096-D7F151BAEF96}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe FirewallRules: [{5DE3E037-68B0-4CA1-BA69-123291B9A2C5}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe FirewallRules: [{D7300B27-E0E5-4102-8785-74268CB66CF5}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe FirewallRules: [{A2E35505-A99F-43B7-850A-C53A774E8FCE}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe FirewallRules: [TCP Query User{7BEF5ECA-EEFF-4A16-918A-965FCAEBE92C}C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe] => (Allow) C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe FirewallRules: [UDP Query User{92EE00D2-BA44-4759-B793-9D70A78B0570}C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe] => (Allow) C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe FirewallRules: [TCP Query User{D2671313-75E7-4597-B130-809E09B9E9C2}C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest by fugta v 0.64\theforest.exe] => (Allow) C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest by fugta v 0.64\theforest.exe FirewallRules: [UDP Query User{DD33C730-9C6F-419E-857B-F1CE895813A4}C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest by fugta v 0.64\theforest.exe] => (Allow) C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest by fugta v 0.64\theforest.exe FirewallRules: [TCP Query User{8234D98F-77AB-477B-8B3C-AEB7764D75B0}C:\games\max payne 3\maxpayne3.exe] => (Allow) C:\games\max payne 3\maxpayne3.exe FirewallRules: [UDP Query User{675FB05C-9EC0-4C62-A184-DC36EAF85DB4}C:\games\max payne 3\maxpayne3.exe] => (Allow) C:\games\max payne 3\maxpayne3.exe FirewallRules: [{AFE825E0-4227-4B53-9D2F-8079AC9998E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{4073D2F1-6455-4C74-8862-5499AF36AF2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{606D62E1-5C58-4046-BB84-4DF2BE0E5864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{9166B87F-5527-4FC3-925C-1B68CCDDD287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{C79D01B0-CE12-4F52-B4D5-50DE8A905316}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4F5D3476-8AD2-420B-8EC5-F4FEE1792081}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{2C1F0F91-759F-46FF-BD5F-32E9F04ECCBE}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) C:\program files (x86)\aspyr\guitar hero iii\gh3.exe FirewallRules: [UDP Query User{E4289B85-3E73-4135-A99A-5D16F025B08A}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) C:\program files (x86)\aspyr\guitar hero iii\gh3.exe FirewallRules: [{3A63B9C7-67BB-43EE-9E73-922C2E409270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe FirewallRules: [{8137596C-5EF4-4AEA-8592-7C75B5444FDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe FirewallRules: [{281AECFC-A719-43FF-93B2-2F8B32D7D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{66F9712C-BDAA-4432-A2B2-8562DFC8C468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [TCP Query User{D64C6947-C050-4DEC-A51B-EE0AF30B8BB7}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{11EA4D23-230E-4FF9-BDC7-854C75D40B9B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [TCP Query User{89E4C77E-8032-4200-917E-BF89359CFF6B}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe FirewallRules: [UDP Query User{FFD10410-89DB-4779-B6A0-CC86553A552B}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe FirewallRules: [{F48F0858-2CFD-4111-AC50-0CD1AB04CBAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe FirewallRules: [{3F6A1ED0-51FE-4028-B663-1CF7553795A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe FirewallRules: [TCP Query User{6804A402-16D4-430A-B7E8-47B4C92F13C1}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe FirewallRules: [UDP Query User{EDAF00CC-0AE7-4AAA-A6B8-70A6837AF04E}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe FirewallRules: [{4816D60E-3785-46CB-A15D-1F72DA278AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{20CAC6C5-E491-4591-AF99-356205A36D06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{871AFC22-2F41-4EF9-B1DE-76D355F150CA}C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe FirewallRules: [UDP Query User{A1379CAC-CFD4-4254-B06C-AAC3CF3197F7}C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe FirewallRules: [{F0B39D72-0482-42EB-810B-CDD4A9F9623E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{218A2D1A-B768-4CE3-B4BD-C3400D185294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{493B950A-F59D-4D00-9A86-BCD902E9EC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{8416244A-DF7B-48EE-BF25-676D38EA2A2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{6E6B3F29-CB36-4910-B437-C5400CECE850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe FirewallRules: [{81F9FB93-F9A3-4D99-A927-728B108933DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe FirewallRules: [{427D9AD1-1A59-4742-B332-B91FFC401DA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{7159BF42-72AE-4F70-9890-07899790B43F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{B58BEEAA-E8B3-46DD-8C6B-0711881F0003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe FirewallRules: [{6F2E4FBA-AA7F-4F5A-9CAA-4F6399B7AC36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe FirewallRules: [{2FB2125A-3EF4-48A1-9285-094C5B91A0FE}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe FirewallRules: [{CAE5F4BC-7D9A-4A04-A6A4-87E45E2A3747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{97F358BA-EA82-42B0-9EA0-07917DE819C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{0FFD1CD7-5A7E-4B7B-A999-38CF19E79D28}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{333E27CC-06A8-4585-B07A-18B76EE34084}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{3184FD83-5DAF-4115-801B-84D6FA427946}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{56A81617-66CE-42EA-9D38-4E709588FA28}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{80E8B1B6-0626-485F-AA47-C94C6320C561}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{6E3F2BCF-C0AD-4B7D-BC91-4A2CD7A3B3BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{FB5A0908-54CC-42C8-B808-078CAF0026AA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{0C310819-05E5-49CC-BE78-BBEE1DF9803A}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{869F26D4-1FFA-4BC2-A9A1-2BB515C867BB}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{C723FA43-79E1-41D6-BDB6-F10DEFC4FEC5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [TCP Query User{C9C7C4F1-62EC-4586-8AD9-B8B5D3EBCF3E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{321930D6-842E-4003-A975-884E48EF33EB}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{DDF5AB5A-F2F7-4E6F-A232-23787E8FB4C2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{7794E646-F318-4FC8-AFC8-175E39404A69}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{CF696CB2-701D-43F8-8153-453915D1D550}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{CAE675D2-C48C-4479-BA8A-7C8C4ECF8CD9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [TCP Query User{E42352E8-B370-4341-95ED-99AFF578339C}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe FirewallRules: [UDP Query User{F48E4F80-F004-4817-8D0A-17D919454559}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe FirewallRules: [{2060877B-2D1E-479A-B0B1-88C4BC52222C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe FirewallRules: [{FF6F2943-14F0-4F5A-B99A-4C921470ABF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe FirewallRules: [{F33F8D35-4952-42C4-A2E0-982F8A23C916}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe FirewallRules: [{4FA8B9E5-8FD5-45E0-AB0D-2BD97E807695}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe FirewallRules: [TCP Query User{DB6AADEF-AD8D-4835-8B12-D6D49E8784DA}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe FirewallRules: [UDP Query User{2C6105C0-987A-4483-A41F-2F47FD8D19BB}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe FirewallRules: [TCP Query User{E35E49D5-BB5A-43CF-84D3-46E70867A5DE}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe FirewallRules: [UDP Query User{56149C32-37E4-492F-BC3F-A859D1FCE599}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe FirewallRules: [{90769771-6CA5-458B-B12E-BD2E96548DA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{F0C2900A-5434-4703-8FB3-6AD9101B71BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [TCP Query User{78EBFABB-F50F-4CD9-99DF-CBE0C46E3181}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe FirewallRules: [UDP Query User{7E4E2139-B4AA-4BBF-B0DD-E53E2A4F94A0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe FirewallRules: [{DAB74EBB-0E9E-4764-BE11-E1578AB58C95}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{5D721ADD-C6E4-4EA0-9D7A-B6834CC3EF15}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [TCP Query User{98AAD45D-83CB-446C-B64C-2CC94EA10E1C}C:\program files\the long dark\tld.exe] => (Allow) C:\program files\the long dark\tld.exe FirewallRules: [UDP Query User{5C074674-9D22-454E-8423-83E1C3AC621F}C:\program files\the long dark\tld.exe] => (Allow) C:\program files\the long dark\tld.exe FirewallRules: [{1E0D30DF-3C42-40A9-A9A5-71ADDD17E16F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{FB74E142-FBFB-47FB-9459-7E0E3F055DE9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe FirewallRules: [UDP Query User{E0B156FB-2ABC-4058-91AF-4E4D1CD77550}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe FirewallRules: [TCP Query User{C1F8A178-2A45-429E-93E5-B30F56A07995}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe FirewallRules: [UDP Query User{A47A5A3A-C4BF-4F96-A2BA-5A2969B05042}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe FirewallRules: [TCP Query User{78DA32F8-5566-42B9-8441-C2038C2F67FF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe FirewallRules: [UDP Query User{91E633D4-DA15-48BA-8118-06C7C8C087C7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe FirewallRules: [{C704B91D-9F07-4C4B-A8B7-263A1AE4FCDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{AD92FCD9-61E6-4501-A216-57D387AFF52E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [TCP Query User{707E2B93-6C4B-4B8D-B478-3BEB2A24B8A9}C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe] => (Allow) C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe FirewallRules: [UDP Query User{38E67478-0D16-431E-A6BA-89C27CD5D110}C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe] => (Allow) C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe FirewallRules: [TCP Query User{D1875BAF-C6A5-4BB6-936B-591440BCD21A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe FirewallRules: [UDP Query User{205E521B-905E-48DC-B229-B5E21CC0113E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe FirewallRules: [TCP Query User{C405402F-0517-4E8B-8A79-A92C2367B373}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe FirewallRules: [UDP Query User{6F2E39DF-A3D8-46CA-AC85-08BE520FEBDC}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe FirewallRules: [TCP Query User{594E8FC9-22ED-48AD-8359-217548B299E9}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe FirewallRules: [UDP Query User{FA719B32-7208-491B-BFB8-AD94D1F8CB2D}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe FirewallRules: [TCP Query User{3E58F651-AAD0-47FA-91AF-07BA0DCBCA56}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe FirewallRules: [UDP Query User{FDD090E0-FA1A-4AFF-B3C1-76D46364AA1F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe FirewallRules: [TCP Query User{C37D45CD-CF59-4C21-B7F5-B321F2757D29}C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe FirewallRules: [UDP Query User{6FF35B81-3C16-4FE6-9EA3-148EFD40D1FB}C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe FirewallRules: [{85CF2A6E-EB1C-4A6E-943F-57E30B23FB43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe FirewallRules: [{1A28CC8C-FBFE-4311-8B5D-21F8012D8871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe FirewallRules: [{461F0681-0B51-4606-AE88-979A0F2695EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{3AF847BF-E64A-44B0-B537-1007E8488D7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Hamachi Network Interface Description: Hamachi Network Interface Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn, Inc. Service: hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/23/2018 07:52:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S. . Error: (04/23/2018 07:46:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S. . Error: (04/23/2018 07:45:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S. . Error: (04/23/2018 07:42:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S. . Error: (04/23/2018 07:36:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Error al generar el contexto de activación para "C:\Users\SARITABLUE\Desktop\ÇDaniel\weas\dajhkjfmklg\DANY\audacity-win-2.1.3\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (04/23/2018 07:36:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Error al generar el contexto de activación para "C:\Users\SARITABLUE\Desktop\ÇDaniel\weas\dajhkjfmklg\DANY\audacity-win-2.1.3\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (04/23/2018 07:35:06 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Error de activación de la licencia de Windows. Error 0x80070005. Error: (04/23/2018 06:30:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: DTShellHlp.exe, versión: 6.1.0.484, marca de tiempo: 0x54f09b29 Nombre del módulo con errores: DTShellHlp.exe, versión: 6.1.0.484, marca de tiempo: 0x54f09b29 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x0000000000008621 Id. del proceso con errores: 0x670 Hora de inicio de la aplicación con errores: 0x01d3db1fc2aa56c8 Ruta de acceso de la aplicación con errores: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe Ruta de acceso del módulo con errores: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe Id. del informe: a2b1b569-4713-11e8-89ad-68b599e297fa System errors: ============= Error: (04/23/2018 08:06:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: El servicio Servicio de notificación de SSP se cerró con el siguiente error: Acceso denegado. Error: (04/23/2018 07:44:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Se recibió la siguiente alerta irrecuperable: 70. Error: (04/23/2018 07:44:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Se recibió la siguiente alerta irrecuperable: 70. Error: (04/23/2018 07:42:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: El servicio Windows Update no respondió después de iniciar. Error: (04/23/2018 07:40:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: El servicio Sony Digital Media Server se cerró con el siguiente error: %%-2147195036 Error: (04/23/2018 07:39:24 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: No se puede iniciar un servidor DCOM: {995C996E-D918-4A8C-A302-45719A6F4EA7} como /. Error "5" al iniciar este comando: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding Error: (04/23/2018 07:37:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio HPWMISVC. Error: (04/23/2018 07:36:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: El servicio Sony Digital Media Server se cerró con el siguiente error: %%-2147195036 Windows Defender: =================================== Date: 2016-11-18 11:05:16.724 Description: El examen de Windows Defender se detuvo antes de completarse. Id. de examen:{68B5AAC7-1A0F-4430-B286-62336294C66A} Tipo de examen:AntiSpyware Parámetros de examen:Examen rápido Usuario:NT AUTHORITY\Servicio de red Date: 2016-01-14 23:56:58.164 Description: El examen de Windows Defender se detuvo antes de completarse. Id. de examen:{D2D8AD27-333C-4C16-B70F-ECAAB5DABD2E} Tipo de examen:AntiSpyware Parámetros de examen:Examen rápido Usuario:NT AUTHORITY\Servicio de red Date: 2016-05-12 02:29:37.128 Description: El motor de %1 se detuvo debido a un error inesperado. Tipo de error:%5 Código de excepción:%6 Recurso:%3 Date: 2015-08-20 00:35:33.514 Description: Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas. Firmas intentadas:Actual Código de error:0x80070002 Descripción de error:El sistema no puede encontrar el archivo especificado. Versión de firma:0.0.0.0 Versión de motor:0.0.0.0 Date: 2015-08-18 15:56:18.598 Description: Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas. Firmas intentadas:Actual Código de error:0x80070002 Descripción de error:El sistema no puede encontrar el archivo especificado. Versión de firma:0.0.0.0 Versión de motor:0.0.0.0 Date: 2015-08-18 14:04:39.776 Description: Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas. Firmas intentadas:Actual Código de error:0x80070002 Descripción de error:El sistema no puede encontrar el archivo especificado. Versión de firma:0.0.0.0 Versión de motor:0.0.0.0 Date: 2015-08-16 20:49:36.973 Description: Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas. Firmas intentadas:Actual Código de error:0x80070002 Descripción de error:El sistema no puede encontrar el archivo especificado. Versión de firma:0.0.0.0 Versión de motor:0.0.0.0 CodeIntegrity: =================================== Date: 2017-12-05 17:41:01.624 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-05 11:08:53.945 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-04 14:30:23.681 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-04 07:11:16.617 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-03 13:13:43.600 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-02 16:47:36.069 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-02 10:53:22.790 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2017-12-02 10:41:32.023 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 60% Total physical RAM: 6091.86 MB Available physical RAM: 2383.97 MB Total Virtual: 15226.04 MB Available Virtual: 10849.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:683.31 GB) (Free:116 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:15.03 GB) (Free:1.79 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 \\?\Volume{760239dd-9e27-11e4-98f6-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 52075CAE) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=683.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================ thanks for the help
  3. It might be relevant the fact that in the first scan, the Malwarebytes detected a lot of threats and I'm going to paste the logs of that scan and then the ones with the next. Sorry for bothering. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 23/04/2018 Scan Time: 19:02 Log File: 29c20354-4718-11e8-89d7-68b599e297fa.json Administrator: Yes -Software Information- Version: 3.4.5.2467 Components Version: 1.0.342 Update Package Version: 1.0.4848 Licence: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: SARITABLUE-PC\SARITABLUE -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 324292 Threats Detected: 350 Threats Quarantined: 350 Time Elapsed: 25 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 13 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Macromedia\ERRORCHECK, Quarantined, [510], [453498],1.0.4848 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D1699F6C-1840-43F3-B787-455BCD4E6A4B}, Quarantined, [510], [453498],1.0.4848 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D1699F6C-1840-43F3-B787-455BCD4E6A4B}, Quarantined, [510], [453498],1.0.4848 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [241], [183362],1.0.4848 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [241], [183362],1.0.4848 PUP.Optional.SearchManager, HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [241], [183362],1.0.4848 Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ECFBCEDC-1410-4F3C-A675-E93157C2D7D5}, Quarantined, [3037], [512626],1.0.4848 Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{ECFBCEDC-1410-4F3C-A675-E93157C2D7D5}, Quarantined, [3037], [512626],1.0.4848 Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft LocalManager, Quarantined, [3037], [512626],1.0.4848 PUP.Optional.WinYahoo, HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [244], [182758],1.0.4848 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [244], [182758],1.0.4848 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [244], [182758],1.0.4848 PUP.Optional.YTConv, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YTConv, Quarantined, [2681], [465604],1.0.4848 Registry Value: 4 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [244], [182758],1.0.4848 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [244], [182758],1.0.4848 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D1699F6C-1840-43F3-B787-455BCD4E6A4B}|PATH, Quarantined, [510], [453495],1.0.4848 Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ECFBCEDC-1410-4F3C-A675-E93157C2D7D5}|PATH, Quarantined, [3037], [512627],1.0.4848 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Rogue.Agent.D.Generic, C:\USERS\SARITABLUE\APPDATA\ROAMING\65921884, Quarantined, [597], [371980],1.0.4848 File: 332 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage, Quarantined, [1705], [443124],1.0.4848 PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage-journal, Quarantined, [1705], [443124],1.0.4848 Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\MACROMEDIA\ERRORCHECK, Quarantined, [510], [453498],1.0.4848 PUP.Optional.SearchManager, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [241], [183362],1.0.4848 PUP.Optional.SearchManager, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, [241], [183362],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk, Quarantined, [14990], [303357],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.BAT, Replaced, [14990], [303357],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\PUBLIC\DESKTOP\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\ImplicitAppShortcuts\69639df789022856\Dаniеl - Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848 PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.BAT, Replaced, [14990], [303355],1.0.4848 PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, Quarantined, [8247], [393793],1.0.4848 HackTool.CheatEngine, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\CHEAT ENGINE.EXE, Quarantined, [8301], [513708],1.0.4848 PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$R1LANRX.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848 PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$R82W0WY.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848 PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$R8IXFMT.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848 PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$RJYE5PI.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848 PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$RWZFQK9.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848 PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$RXM2ZV7.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{3KUCR-TJ2ZJ-HW7RC-XCPDR-XM6K8-DW1W3}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{3LO08-VFSR9-GZNGN-C5SNH-YRMMV-75TMU}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{4LARR-YRCK5-LW530-W56YG-WX371-QE2CG}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{4VSMA-GUX6X-TRHT5-JRRVK-5GGZQ-6AT9T}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{0L2VX-5BAFT-KXBBQ-RN3RB-GX6YY-P5RAC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{0UBO7-A4444-C4GZT-Q04PE-D19ZJ-VWFFF}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{1HURQ-31AWT-S5RRJ-ANV65-CL2GP-XBPA4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{KB4U5-BHDUD-02B4H-8GHRN-ME7P6-0OU2A}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{5HOXY-EQKZ5-NBMVW-5JUMX-DLY36-J06PQ}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{28ZC7-PODKY-QMXMT-68TA0-Y09HU-WP3UU}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{LM6SV-UOOHB-03GSG-TVTZW-AC42J-CPMYS}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{LT7C3-85NKF-U05D2-QO0OA-5PNXC-4WC3T}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{M2T0W-VVXMS-7MYCY-SP687-DXO0S-P5QO7}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{9C1X9-NF273-VH1GS-LU6RF-K2G4T-XGPRJ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{6RF6K-9R3BK-XPZJV-AV1GX-5RWYG-VZ858}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{9HEEQ-39Y05-6W1FC-MHEF7-WPTGJ-RNKEO}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{9V9D5-SPLRG-CQDA2-0R1L8-RURHA-Y413R}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{AVUZZ-805V2-F51VM-N9YZM-6NTFZ-4LNUY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{8RW20-00C2Q-OM0MS-H0CKO-5DGJH-C8STL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{CJ0MY-5N59O-42GHH-8L2R5-EBGTE-HSEKS}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{CL4LX-20LYS-95BMM-45R1R-3MY6B-H4Q18}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{FAYNP-B1UK0-6NVGT-6TKQD-3F4KF-RBY3X}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{FCAVO-P3K4P-P596Y-KFQY5-ZHGRK-4ZH5S}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{EB008-RD44M-G0UL1-H5WVK-2W42N-BCGHQ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{G1MYJ-YEG79-TV7BM-6QRRW-LADQ2-KAC7B}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NZ423-858RC-XONNX-TN33J-DFAEZ-W1UO5}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{GQD7O-RSBPD-Z4P7V-LWUU3-3LPU8-4JAM1}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{GZE82-5TVSO-4EFFX-XL7MR-V84ZG-4CQ7U}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{O0943-U0YOT-L84SF-S0C7K-AW4HK-RGUCO}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{H9H52-Z5DVB-E7MX9-OO5M8-Y3G4M-Y9ULA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{JR0YK-EMD6P-19Y6K-NC5YZ-O1QB5-XO26E}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{KO004-Y9T2E-KP5F2-6C6HN-31ZYY-UJ4RR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OSXRV-M1WZ5-DWR09-40C2J-4ZJVC-161C8}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NBBEC-DR4J5-6EZ7G-AZFVD-VWWNG-8UMEM}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{P12V9-Z0O38-6O93M-LAKEW-5HJB5-R86CO}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NHWRJ-2CRK0-5R8EZ-PS627-M5U90-TH7N7}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NQYHD-6YH1T-68Z03-CRL9S-XUFJ3-1LAA3}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OENOQ-P37T9-Y79E5-71B9R-X32OS-VCW2H}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NROMF-6C8Y5-RJVKV-P6KX7-DJSYD-T9Q88}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OJPX6-A6MKY-T3WSJ-0NPTS-768O3-QZQQQ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PEOMP-DMCZ1-FB99L-2BZ2Y-1OHMC-XO0PR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OK6MR-QE14L-TGRON-LRNYX-N9OPL-P2OTD}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OPPF8-OA6AU-A5UO8-7OFE5-CZYBQ-PC41E}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PETR8-QWJV7-OGH82-KX64O-3A1V0-YEG41}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PF2SA-05N73-FBCR7-8OYX6-O468B-TZEUG}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OW2HR-PHWL4-4UU5C-V9K0F-O5XMK-SKC5D}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OYQ6K-U8VS2-U9DTA-WV354-V8KKE-EZS64}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OYTYZ-KYG8O-7S6XV-78Z3Z-9EDRF-MOC52}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{P6XO9-8DDB8-EPN4O-MYZC8-TGPKD-SYW00}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PFRWL-B1C5D-5GDGM-CDA0Y-XLAPH-9SV4D}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PKF6G-92POA-ZEALJ-AGYRG-RFUJR-1ZOLX}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PMBB4-OTN69-PQQQW-ZEZY7-QK79T-U55ZP}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PGP62-RRK1O-JEJNJ-G1WS6-ROSCF-1LFUR}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQVZN-5NGAQ-XMVU8-NYDNE-R7F89-5FOOH}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQWYM-S2N0V-XBWJA-TTD2C-4FA0C-J7X3E}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PWLB0-0HN36-4K1ZY-NO5DN-016X7-MSLTM}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QJ5XB-2YEXZ-JFU8F-EN4WQ-RD421-K2XWV}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QPQYX-T8ASF-ACVH5-YP2Q0-B6FX8-BQBVP}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQ9BL-595EN-Y6VUW-7P9U6-RM0LP-K77NV}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QYMCO-DGOFL-L3U1C-A5UF4-XQCHP-X79MT}\VDS.EXE, Quarantined, [912], [500062],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQF2M-9VGMP-4DWB8-684MX-Z9EFO-FQ8P4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QUO5E-HTWJR-F5MQH-M7252-TZKJM-YE1RH}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QZGNY-HBD9T-COLQU-E6Z72-KCLSZ-S87DZ}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QZUN8-PR46C-4PD5K-G0KWJ-5WDRT-P5SZY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{R2FXN-CV0NS-R9E13-0Y2AJ-HVW5K-7ZDAX}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{R37XN-UKTUW-TESW8-Z4SK8-V6Y6K-LDG6G}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RC7JE-KEXJ9-KL00Y-UBNXM-HU2UT-4HNFH}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RDL3Z-B746A-BFM22-PFNLH-NH6B3-80021}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QYZ03-96PH3-K7KPG-3CN4R-SZ5FQ-419FT}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QT9BU-4Z0S0-NQO0X-6H8WV-4UVMQ-LLR6U}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RY8L9-TXAP3-8FT8L-HD4DQ-KWAZG-MOTKZ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{S21DL-ML5HP-QZ4FN-XOEM9-2XB27-1HGLR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{S7SWA-KFBDJ-1KACW-4NATP-2OCVR-QOF2F}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RVW51-48PFM-H646R-RR69N-FA2EH-UUUVY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SLCZ2-14N50-N5TNN-KO328-32EJ8-GBH86}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RWA3O-F3BQ4-PF5JL-XCKLG-L5RHZ-Z96GJ}\VDS.EXE, Quarantined, [912], [500062],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SRKYR-3CSP2-XTHG6-09T1J-565DT-MRARL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SWZTD-FZ8KE-7FCQM-89FH0-RMG1E-JU02B}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SAFNB-KPWLU-6MG05-Y609U-BDWTY-JGJA0}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U1ZLJ-WLK2B-NTRKW-Q5K5A-J6Q1U-DBKLY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{T3S70-DRRR3-JKUUB-WU5DZ-YG42B-DXHW4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TDKXW-79UUN-1JS8W-39T6W-U9U0B-8E3W0}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TX93O-K9RA5-X4OKQ-M6SVP-NSUAP-2LPPM}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U2X79-RE8MM-JQ2NB-F2FL5-BZ4GH-EEPXF}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U5XB2-K9XQ2-R5H2R-OP40A-7HNNS-RMMPP}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U4ZTK-1FKBE-4T34N-VAOKC-79HE3-B53BP}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U6DVJ-S188Q-4OMZN-6NGLA-QK6BX-G66EN}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U8JSA-4KV62-DD0TC-0LQGA-2U42Q-CBSFC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U9FH2-LSBCM-MN9QY-E19YC-BEDZ3-5GK99}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UECE2-C5ATK-V1BF1-YU9PA-0PGME-5FLOP}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UAG69-E1HL4-04OB9-66POF-8Q7Y8-O6E48}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UG4PL-SNCWL-G1Q1F-ZZKX2-MWWGY-R3MWR}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{URDON-6TJBE-UNYTV-J616U-M5O16-A7BJ1}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UH38Y-6QFSH-Z1KLC-HUJJ7-KMWLV-J9A9M}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{URJFO-9CUAU-414Z7-MN1NP-D9OXO-G0AUN}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UWKL4-4GXX7-YP8LH-UJO6Q-FESED-Z3VY7}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{V8U53-LSSUW-E3D3L-Y26PX-NDSCF-OHR2L}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{V5LNV-0YLXW-3XRQG-2H0BW-FRP7C-VFAOB}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UX2R3-58PMR-7YZ9K-6EMKA-QMFGU-6UB4L}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VEENM-93UF1-LP432-7T0VP-5S4OO-HSNKR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VHG25-4L02X-STUGE-DHSSH-WFEMA-15B2X}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VJA7H-Y48ZP-7W7N2-Z5S4G-3RTTA-OG7QC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VNP0L-SR2YU-LHBSB-DPLP4-D1EBV-DN4WS}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VU7AL-57F9R-72DH8-U1GG2-JT7NL-0EDJ4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{W44WJ-CBYQZ-1FJLR-5M5Z1-0PQSB-GY558}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{W8FH0-R9LEM-N2425-N0E2H-K0PEN-QMAPF}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WZEQ0-WN9D9-7GD45-2G7KY-ZN1SW-VMPBL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WZFP2-2YTFT-D1SWJ-MBERQ-01JL5-C0ZXA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y2Q2D-WOJ66-PGE5B-EHK24-WAB8X-J99XT}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y2SSA-LRF9Y-LUXQ9-F351E-CLCR0-WDRYC}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WFQDZ-G94K9-8Q26J-1X0X0-6DBHS-ZG41V}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WKXFA-H14KM-SH8T0-SSY3S-459GY-1LPJK}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YBK5O-Y0L3J-42A24-E2387-7ENFM-GPNUC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WM98N-9MP51-2EY18-6T0S2-ZNP7W-Y077B}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YBWL4-1D8X1-8KJS3-E06XD-97F5J-6O9E5}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WPVO5-22O35-DUXPV-F7BWY-73AOW-CCQPO}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y4EYW-4VNQO-ZD9UV-39RTL-QKC9T-VE2LP}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{XMND2-Q64DF-33LQ4-EB2N0-UDKDF-RGYYD}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y8GHK-XNYFD-R22SY-VOGS7-1Y23A-0HF51}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{XNL7B-7MKFT-V9CF4-A6B7Z-RZQZV-RQNB2}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YA1F0-3LC6B-W2Y00-CUMUD-4UKNP-BG7X6}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{XXMTT-7ED40-3H5ED-5NVO0-8HJ69-48Q04}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YHFTX-WXEZM-VY7AV-VKWFA-1BH0E-USEDB}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y1NPN-J549L-2XSSE-V3R3W-S7TGE-63HEJ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YJ0AH-PB3RN-ASB7W-5SUOD-P7F0V-6G10U}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z923K-06AMP-WP15R-1YH3S-B09L4-JVKL0}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZQPJB-10T7N-8TANG-3KXRH-KM5XB-KQ8YL}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZR8PX-TAUNQ-R3JX4-OQNYY-PJYW2-GOOQ1}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZEKON-0LVBE-XFD5O-A9GW2-84PBS-469HL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZWOMW-ERJ8D-DY8ZZ-A59EG-8G4Y3-M8BEA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YSO8H-GOEH4-D4XSR-DSVFD-C8Z3L-LARXO}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZJ3U9-Z70ZA-41FO3-NKOKV-C06JW-0P4GE}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YXSAM-2PWTE-JORPY-4YXRO-28CW4-GRDZA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZXF7K-VLAVH-WXUKD-ATXXV-C5OFV-S10SK}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z3CAY-F2N8U-68X8M-SGNMO-2L4S7-K32BJ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZXP9E-GPQXG-LTT29-O9HAG-UMVJ9-TEJV9}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z7B0L-GBROW-68KSD-CNZA8-P7FYU-UP2VK}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z9G5H-7WM05-S7DJY-ZYJGM-WMBNW-B5QA7}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZBA5D-M6UAP-V4QYV-R0QEA-USFQX-162VM}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZWUT8-ZKBT9-RRN42-ZAY71-X148Z-AAM4L}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848 RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZY2YQ-LP75M-YLEE4-EDSLW-VOU8Z-NZA1O}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848 Adware.Elex.ShrtCln, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [245], [454727],1.0.4848 Adware.Elex.ShrtCln, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [245], [454727],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{KOE0F-R0NXE-U79V3-P48XW-SECXU-UTU0P}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OFV93-J79O3-WGCSZ-FGGW2-00QB3-H5UJM}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{MHBES-A990T-9TB1L-BBGGE-CA0JZ-OPXY2}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{N0LGY-VEJ3E-AYLUC-34ZCM-2TB7H-PPPTZ}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OP8E3-RKZ2B-BRUX9-3R6YZ-U17FC-J8HBQ}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PBQYM-1F1VX-0TL48-FKE9N-56SZA-HY0CH}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{3DY7M-TK5T4-69K3R-06TNN-9VZQ1-0W8JP}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PUT20-45ZEU-H7NCG-NLEOF-0Z5R6-3OG22}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{R7XDR-K8H1S-8S1DA-FU8QA-P3GJ4-9SXE2}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RDWNA-Y3FAH-BU5XE-7PJ0R-DOELB-EQOKA}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RJQHA-9PZQ3-P1PAE-ZR2LA-ODXGZ-ME1U1}\VDS.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SXYSW-OLYM3-62777-JF1KE-NAH8K-2A1W9}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RU5Q1-M4BXH-C4QX7-GTF6B-MZOX9-HVTNP}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TAVXP-W2P0V-H1CD2-NMPBZ-N718X-N2TNQ}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TFN1X-04TH2-4ND18-2XSES-AQTAL-FXO71}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NS007-N6981-4XK1X-QUREV-OZYA7-F8196}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VB9EB-VHGJA-76D1F-7XXKE-5O8Q0-M2XWO}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VXG79-J95NT-CALE5-3G53S-53QWR-BD9OV}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RKLJP-9WXHR-3GTOF-7XTWJ-H5P0A-TKKPR}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WCVSX-6QX5B-J0TZ6-532BS-BFVPG-H1971}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VPFRE-X4HFJ-NESW6-ZOES7-G1OE5-U4OPY}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y4KOS-WUURW-G37RE-DNQSR-5K0VL-HS10S}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y2Q3N-VM2JL-QZVQ8-Q5HAD-XLWSU-VHOLW}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YBELK-UW5UR-MJ3JF-93GE3-PFDHH-VH5GP}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848 Physical Sector: 0 (No malicious items detected) (end)
  4. I made one scan before because it went into my mind to install malwarebytes but I made a mistake and didn't scanned with Rootkits, I'm making a second scan currently, I'll send you the logs in the next reply.
  5. Hello, I come here to ask about my problem and what type of fix could I get. To start with, I'm currently running Windows 7 In an HP laptop with the safe mode. The issue started a couple weeks ago where I started to notice my pc was acting strangely, I downloaded Avast's free antivirus to try and fix the problem with a full scan. The problem was gone for like an hour then it came back again. I started to notice also that my pc, whenever I started it, had the automatic antivirus protection option disabled and I had to manually enable it, the pc started to run very slowly and the last couple days it began to show problems as strong performance slow downs and they came with some net disconnect issues, I'm not really sure if the performance issue can affect the wi-fi but usually the pc disconnected like a minute or two. However, I uninstalled Avast, and installed Bitdefender, the same issue is giving me problems and it's even stronger lately, I hope I can get an answer about this problem. PD: Whenever the slow downs start I can't even open the task manager or it takes a couple of minutes to show and sometimes, programs like the Bitdefender or Steam do not open.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.