Jump to content

Windows Process Manager (32 Bit) And Other Viruses


Recommended Posts

Hello, I recently downloaded a nasty virus that i can not seem to get rid of, i constantly have windows process manager eating up my cpu and other unknown processes in my task manager. any help at all would be great. I have ran avast, adwcleaner, mbar, windows malware detector all with no results ... i am having the same issue this guy had 

 

Edited by DankLord
Link to post
Share on other sites

Hi DankLord :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by trent (administrator) on DESKTOP-M6IKS03 (03-01-2018 16:27:13)
Running from C:\Users\trent\Downloads
Loaded Profiles: trent (Available Profiles: defaultuser0 & trent & Guest Account)
Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\upswhgesvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Hideout\HideoutService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Discord Inc.) C:\Users\trent\AppData\Local\Discord\app-0.0.299\Discord.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\trent\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\trent\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Discord Inc.) C:\Users\trent\AppData\Local\Discord\app-0.0.299\Discord.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Boom.tv\BoomReplay\bin\BoomReplay.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Spotify Ltd) C:\Users\trent\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\Boom.tv\BoomReplay\bin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Boom.tv\BoomReplay\bin\QtWebEngineProcess.exe
(Discord Inc.) C:\Users\trent\AppData\Local\Discord\app-0.0.299\Discord.exe
(Spotify Ltd) C:\Users\trent\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Spotify Ltd) C:\Users\trent\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\trent\AppData\Local\sbceida\snhruca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [BoomReplay] => C:\Program Files (x86)\Boom.tv\BoomReplay\bin\BoomReplay.exe [7366656 2017-11-05] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [Discord] => C:\Users\trent\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098920 2017-12-19] (Electronic Arts)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [46080 2017-04-23] (Glarysoft Ltd)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [Spotify] => C:\Users\trent\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-18] (Spotify Ltd)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-16] ()
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [HideoutClient] => C:\Program Files (x86)\Hideout\HideoutUpdate.exe [835568 2017-07-14] ()
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [Spotify Web Helper] => C:\Users\trent\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-18] (Spotify Ltd)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [GoogleChromeAutoLaunch_FF1037EBDE125C1530510DAFE2D35437] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [Windows Opressor] => "C:\Program Files (x86)\Deluxe\VB.exe"
Startup: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-12]
ShortcutTarget: Twitch.lnk -> C:\Users\trent\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
Startup: C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-04-10]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (VB-AUDIO Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-28] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\SteamLibrary\steamapps\common\Gigantic\Arc\Plugins\ArcPluginIE.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-28] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\SteamLibrary\steamapps\common\Gigantic\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://www.tunnelbear.com
CHR Profile: C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default [2018-01-03]
CHR Extension: (Slides) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (BetterTTV) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Docs) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-09]
CHR Extension: (YouTube) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-09]
CHR Extension: (Honey) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-01-03]
CHR Extension: (Adblock Plus) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Steam Inventory Helper) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-12-21]
CHR Extension: (Share on Rabbit) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2017-12-09]
CHR Extension: (Sheets) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (LoungeDestroyer) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2017-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-10]
CHR Extension: (Avast Online Security) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-21]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-09-15]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2017-07-25]
CHR Extension: (Auto HD For YouTube™) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2017-12-28]
CHR Extension: (BehindTheOverlay) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2017-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (TunnelBear Inc.) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-11-18]
CHR Extension: (Global Twitch Emotes) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2017-11-18]
CHR Extension: (Gmail) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-09]
CHR Extension: (Chrome Media Router) - C:\Users\trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\benphvk <==== ATTENTION (Rootkit!)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-26] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7782056 2017-12-16] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-08-31] (EasyAntiCheat Ltd)
R2 HideoutService; C:\Program Files (x86)\Hideout\HideoutService.exe [234480 2017-11-02] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-28] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-05-11] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
S3 ArcService; D:\SteamLibrary\steamapps\common\Gigantic\Arc\ArcService.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 Razer Chroma SDK Server; "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe" [X]
S2 Razer Chroma SDK Service; "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 36D48384; C:\WINDOWS\system32\drivers\36D48384.sys [255928 2018-01-03] (Malwarebytes)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146664 2017-12-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457400 2017-12-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [3097560 2018-01-02] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-06-06] (Glarysoft Ltd)
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-01-03] ()
R3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-03] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-03] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-03] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-03] (Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-08-17] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-03] ()
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2017-04-10] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-04-10] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-04-10] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R3 ilosvy; system32\drivers\orvybf.sys [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-03 15:16 - 2018-01-03 15:16 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-03 15:13 - 2018-01-03 15:13 - 000142672 ____N C:\WINDOWS\system32\Drivers\tibgjnqt.sys
2018-01-03 15:04 - 2018-01-03 15:15 - 002888192 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\upswhgesvc.exe
2018-01-03 14:43 - 2018-01-03 14:43 - 000005831 _____ C:\Users\trent\Downloads\Fixlog (1).txt
2018-01-03 14:37 - 2018-01-03 15:35 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-03 14:36 - 2018-01-03 14:36 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-03 14:36 - 2018-01-03 14:36 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-03 14:36 - 2018-01-03 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-03 14:36 - 2018-01-03 14:36 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-03 14:35 - 2018-01-03 14:35 - 036338320 _____ (Adlice Software ) C:\Users\trent\Downloads\setup (1).exe
2018-01-03 14:33 - 2018-01-03 14:41 - 000029714 _____ C:\Users\trent\Downloads\Fixlog.txt
2018-01-03 14:22 - 2018-01-03 14:23 - 042151072 _____ (Microsoft Corporation) C:\Users\trent\Downloads\Windows-KB890830-x64-V5.55.exe
2018-01-03 14:17 - 2018-01-03 14:18 - 000107323 _____ C:\Users\trent\Downloads\Addition.txt
2018-01-03 14:16 - 2018-01-03 16:27 - 000024746 _____ C:\Users\trent\Downloads\FRST.txt
2018-01-03 14:15 - 2018-01-03 16:27 - 000000000 ____D C:\FRST
2018-01-03 14:15 - 2018-01-03 14:15 - 002393088 _____ (Farbar) C:\Users\trent\Downloads\FRST64.exe
2018-01-03 14:08 - 2018-01-03 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-01-03 14:07 - 2018-01-03 14:07 - 026194416 _____ (Razer USA Ltd) C:\Users\trent\Downloads\Razer_Synapse_Installer_v2.21.00.830 (1).exe
2018-01-03 01:33 - 2018-01-03 01:58 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\36D48384.sys
2018-01-03 01:32 - 2018-01-03 02:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-03 01:32 - 2018-01-03 02:36 - 000000000 ____D C:\Users\trent\Desktop\mbar
2018-01-03 01:22 - 2018-01-03 14:32 - 000000000 ____D C:\AdwCleaner
2018-01-03 01:22 - 2018-01-03 01:22 - 008198432 _____ (Malwarebytes) C:\Users\trent\Downloads\AdwCleaner.exe
2018-01-03 01:21 - 2018-01-03 01:22 - 014161479 _____ C:\Users\trent\Downloads\mbar-1.10.3.1001-nr.exe
2018-01-03 00:31 - 2018-01-03 15:16 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-03 00:31 - 2018-01-03 00:31 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-03 00:31 - 2018-01-03 00:31 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-03 00:31 - 2018-01-03 00:31 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-03 00:31 - 2018-01-03 00:31 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-03 00:31 - 2018-01-03 00:31 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-03 00:31 - 2018-01-03 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-03 00:31 - 2018-01-03 00:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-03 00:31 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-03 00:30 - 2018-01-03 00:30 - 083316440 _____ (Malwarebytes ) C:\Users\trent\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-02 18:40 - 2018-01-02 17:46 - 000010240 _____ C:\Users\trent\AppData\Local\trz9133.tmp
2018-01-02 17:48 - 2018-01-02 17:48 - 000002621 _____ C:\Users\trent\AppData\Local\AppVShNotifyt.txt
2018-01-02 17:46 - 2018-01-02 18:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\GooGle
2018-01-02 17:46 - 2018-01-02 17:48 - 000938008 _____ C:\Users\trent\AppData\Local\WindowsCodecsRaw.txt
2018-01-02 17:46 - 2018-01-02 17:48 - 000002584 _____ C:\Users\trent\AppData\Local\AppVShNotifytvbs.txt
2018-01-02 17:46 - 2018-01-02 17:48 - 000001778 _____ C:\Users\trent\AppData\Local\x
2018-01-02 17:46 - 2018-01-02 17:48 - 000001684 _____ C:\Users\trent\AppData\Local\XXML.txt
2018-01-02 17:46 - 2018-01-02 17:48 - 000001684 _____ C:\Users\trent\AppData\Local\XML.txt
2018-01-02 17:46 - 2018-01-02 17:48 - 000000029 _____ C:\Users\trent\AppData\Local\MCconfig.dll
2018-01-02 17:46 - 2018-01-02 17:46 - 000002621 _____ C:\Users\trent\AppData\Local\AppVShNotifytvbs.vbs
2018-01-02 17:46 - 2018-01-02 17:46 - 000001781 _____ C:\Users\trent\AppData\Local\xx
2018-01-02 17:44 - 2018-01-02 17:44 - 000000000 ____D C:\Users\trent\AppData\Local\xulrunner
2018-01-02 16:13 - 2018-01-03 15:22 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-01-02 01:08 - 2018-01-03 15:57 - 000000000 ____D C:\Users\trent\AppData\Local\sbenwvt
2018-01-02 01:04 - 2018-01-03 16:21 - 000000000 ____D C:\Users\trent\AppData\Local\sbceida
2018-01-02 01:04 - 2018-01-02 01:07 - 000000000 ____D C:\Users\trent\AppData\Local\rtnsckl
2018-01-02 01:03 - 2018-01-03 02:37 - 002888192 _____ C:\WINDOWS\system32\gay.exe
2018-01-02 01:03 - 2018-01-02 01:03 - 000000000 ____D C:\WINDOWS\SysWOW64\snmpbvl
2018-01-02 01:03 - 2018-01-02 01:03 - 000000000 ____D C:\WINDOWS\system32\snmpbvl
2018-01-02 01:03 - 2018-01-02 01:03 - 000000000 ____D C:\Users\trent\AppData\Roaming\et
2018-01-01 18:00 - 2018-01-01 18:00 - 000679198 _____ C:\Users\trent\Downloads\Loud_and_Clear.wav
2018-01-01 15:02 - 2018-01-01 15:02 - 004673196 _____ C:\Users\trent\Downloads\Skipping_shoreline (1).mp4
2018-01-01 15:00 - 2018-01-01 15:00 - 004673196 _____ C:\Users\trent\Downloads\Skipping_shoreline.mp4
2018-01-01 14:56 - 2018-01-02 00:30 - 000002460 _____ C:\WINDOWS\System32\Tasks\Host Process for Windows Task
2018-01-01 14:56 - 2018-01-01 14:59 - 000000357 _____ C:\Users\trent\AppData\Roaming\Microsoft Surrogate.config
2017-12-30 14:30 - 2018-01-02 00:30 - 000003120 _____ C:\WINDOWS\System32\Tasks\klcp_update
2017-12-30 14:30 - 2017-12-30 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-12-30 14:30 - 2017-12-30 14:30 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-12-30 14:28 - 2017-12-30 14:29 - 014611634 _____ (KLCP ) C:\Users\trent\Downloads\K-Lite_Codec_Pack_1324_Basic.exe
2017-12-30 14:24 - 2017-12-30 14:24 - 000000000 ____D C:\ProgramData\Boom.tv
2017-12-30 14:18 - 2017-12-30 14:25 - 000000000 ____D C:\ProgramData\Boom
2017-12-30 14:18 - 2017-12-30 14:18 - 000000000 ____D C:\Users\trent\AppData\Local\BoomReplay
2017-12-30 14:18 - 2017-12-30 14:18 - 000000000 ____D C:\Users\trent\.BoomReplay
2017-12-30 14:17 - 2018-01-02 00:30 - 000002936 _____ C:\WINDOWS\System32\Tasks\BoomReplayUpdater
2017-12-30 14:17 - 2017-12-30 14:17 - 000002184 _____ C:\Users\Public\Desktop\BoomReplay.lnk
2017-12-30 14:17 - 2017-12-30 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoomReplay
2017-12-30 14:17 - 2017-12-30 14:17 - 000000000 ____D C:\Program Files (x86)\Boom.tv
2017-12-30 14:16 - 2017-12-30 14:18 - 000000000 ____D C:\Users\trent\AppData\Roaming\Boom.tv
2017-12-30 14:12 - 2017-12-30 14:15 - 265765560 _____ (Boom.tv) C:\Users\trent\Downloads\BoomReplayInstaller1.1.22.exe
2017-12-28 20:29 - 2017-12-28 22:58 - 000000000 ____D C:\Users\trent\Documents\Escape from Tarkov
2017-12-28 19:51 - 2017-12-28 19:51 - 000000000 ____D C:\Users\trent\AppData\Roaming\Battlestate Games
2017-12-28 19:51 - 2017-12-28 19:51 - 000000000 ____D C:\Users\trent\AppData\Local\Battlestate Games
2017-12-28 19:51 - 2017-12-28 19:51 - 000000000 ____D C:\ProgramData\Battlestate Games
2017-12-28 19:48 - 2017-12-28 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2017-12-28 19:47 - 2017-12-28 19:47 - 000000000 ____D C:\Battlestate Games
2017-12-28 19:46 - 2017-12-28 19:47 - 068272232 _____ (Battlestate Games ) C:\Users\trent\Downloads\BsgLauncher.0.3.2.222 (1).exe
2017-12-24 17:43 - 2017-09-12 16:27 - 008339482 _____ C:\Users\trent\Desktop\Chatty.jar
2017-12-24 17:43 - 2016-04-14 21:17 - 000000000 ____D C:\Users\trent\Desktop\sounds
2017-12-24 17:41 - 2017-12-24 17:42 - 007607779 _____ C:\Users\trent\Downloads\Chatty_0.8.7 (1).zip
2017-12-24 02:55 - 2017-12-24 02:55 - 000001072 _____ C:\Users\trent\Documents\Christmas Demon.avc
2017-12-23 23:40 - 2017-12-23 23:40 - 000355540 _____ C:\Users\trent\Downloads\Record_2016-03-09_at_16h27m22s.wav
2017-12-23 23:40 - 2017-12-23 23:40 - 000355540 _____ C:\Users\trent\Downloads\Record_2016-03-07_at_19h15m16s (1).wav
2017-12-22 14:33 - 2017-12-22 14:33 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-22 14:33 - 2017-12-22 14:32 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-12-21 16:55 - 2017-12-21 16:55 - 000000000 ____D C:\Users\trent\Documents\SkidRow
2017-12-21 16:55 - 2017-12-21 16:55 - 000000000 ____D C:\Users\trent\Documents\Holotech
2017-12-21 16:55 - 2017-12-21 16:55 - 000000000 ____D C:\Users\trent\AppData\Local\CoherentLabs
2017-12-21 16:53 - 2017-12-21 16:53 - 001194185 _____ C:\WINDOWS\unins000.exe
2017-12-21 16:53 - 2017-12-21 16:53 - 000002831 _____ C:\WINDOWS\unins000.dat
2017-12-21 16:53 - 2017-12-21 16:53 - 000000000 ____D C:\Program Files (x86)\Phosgene
2017-12-21 16:45 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-12-21 16:45 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-12-21 16:45 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-12-21 16:45 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-12-21 16:45 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-12-21 16:45 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-12-21 16:45 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-12-21 16:45 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-12-21 16:45 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-12-21 16:45 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-21 16:45 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-12-21 16:45 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-12-21 16:45 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-12-21 16:45 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-12-21 16:45 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-12-21 16:45 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-12-21 16:45 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-12-21 16:45 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-12-21 16:45 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-12-21 16:44 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-12-21 16:44 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-12-21 16:44 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-12-21 16:44 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-12-21 16:44 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-12-21 16:44 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-12-21 16:44 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-12-21 16:44 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-12-21 16:44 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-12-21 16:44 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-12-21 16:44 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-12-21 16:44 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-12-21 16:44 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-12-21 16:44 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-12-21 16:44 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-12-21 16:44 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-12-21 16:44 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-12-21 16:44 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-12-21 16:44 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-12-21 16:44 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-12-21 16:44 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-12-21 16:44 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-12-21 16:44 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-12-21 16:44 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-12-21 16:44 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-12-21 16:44 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-12-21 16:44 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-12-21 16:44 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-12-21 16:44 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-12-21 16:44 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-12-21 16:44 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-12-21 16:44 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-12-21 16:44 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-12-21 16:44 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-12-21 16:44 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-12-21 16:44 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-12-21 16:44 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-12-21 16:44 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-12-21 16:44 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-12-21 16:44 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-12-21 16:44 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-12-21 16:44 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-12-21 16:44 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-12-21 16:44 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-12-21 16:44 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-12-21 16:44 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-12-21 16:44 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-12-21 16:44 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-12-21 16:44 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-12-21 16:44 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-12-21 16:44 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-12-21 16:44 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-12-21 16:44 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-12-21 16:44 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-12-21 16:44 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-12-21 16:44 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-12-21 16:44 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-12-21 16:44 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-12-21 16:44 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-12-21 16:44 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-12-21 16:44 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-12-21 16:44 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-12-21 16:44 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-12-21 16:44 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-12-21 16:44 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-12-21 16:44 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-12-21 16:44 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-12-21 16:44 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-12-21 16:44 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-12-21 16:44 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-12-21 16:44 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-12-21 16:44 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-12-21 16:44 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-12-21 16:44 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-12-21 16:44 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-12-21 16:44 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-12-21 16:44 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-12-21 16:44 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-12-21 16:44 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-12-21 16:44 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-12-21 16:44 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-12-21 16:44 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-12-21 16:44 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-12-21 16:44 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-12-21 16:44 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-12-21 16:44 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-21 16:44 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-12-21 16:44 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-12-21 16:44 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-12-21 16:44 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-12-21 16:44 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-12-21 16:44 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-12-21 16:44 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-12-21 16:44 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-12-21 16:44 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-12-21 16:44 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-12-21 16:44 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-12-21 16:44 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-12-21 16:44 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-12-21 16:44 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-12-21 16:44 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-12-21 16:44 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-12-21 16:44 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-12-21 16:44 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-12-21 16:44 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-12-21 16:44 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-12-21 16:44 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-12-21 16:44 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-12-21 16:44 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-12-21 16:44 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-12-21 16:44 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-12-21 16:44 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-12-21 16:44 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-12-21 16:44 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-12-21 16:44 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-12-21 16:43 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-12-21 16:43 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-12-21 16:43 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-12-21 16:43 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-12-21 16:43 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-12-21 16:43 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-12-21 16:43 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-12-21 16:43 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-12-21 16:43 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-12-21 16:43 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-12-21 16:43 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-12-21 16:43 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-12-21 16:43 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-12-21 16:43 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-12-21 16:43 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-12-21 16:43 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-12-21 16:43 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-12-21 16:43 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-12-21 16:42 - 2017-12-21 16:42 - 000001518 _____ C:\Users\Public\Desktop\FaceRig Pro.lnk
2017-12-21 16:42 - 2017-12-21 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holotech Studios
2017-12-21 16:42 - 2017-12-21 16:42 - 000000000 ____D C:\Program Files (x86)\directx
2017-12-21 16:40 - 2017-12-21 16:40 - 000000000 ____D C:\Program Files (x86)\Holotech Studios
2017-12-21 14:33 - 2017-12-21 14:33 - 000000000 ____D C:\Users\trent\Documents\mods
2017-12-21 13:40 - 2017-12-21 14:32 - 000000000 ____D C:\Program Files (x86)\DZLauncher
2017-12-21 13:40 - 2017-12-21 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DZLauncher
2017-12-21 13:37 - 2017-12-21 13:37 - 014140288 _____ (Maca134 ) C:\Users\trent\Downloads\setup_dzlauncher.exe
2017-12-20 16:26 - 2017-12-20 16:28 - 000000000 ____D C:\Users\trent\AppData\Roaming\streamlabels
2017-12-20 16:26 - 2017-12-20 16:26 - 000002387 _____ C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2017-12-20 16:26 - 2017-12-20 16:26 - 000002379 _____ C:\Users\trent\Desktop\StreamLabels.lnk
2017-12-20 16:25 - 2017-12-20 16:25 - 065355320 _____ (Streamlabs) C:\Users\trent\Downloads\streamlabels+setup.exe
2017-12-20 02:03 - 2018-01-02 00:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2017-12-20 02:03 - 2017-12-22 14:33 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-20 02:03 - 2017-12-20 02:03 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-12-20 02:03 - 2017-12-20 02:03 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-20 02:03 - 2017-12-20 02:03 - 000000000 ____D C:\Users\trent\AppData\Roaming\AVAST Software
2017-12-20 02:03 - 2017-12-20 02:03 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-20 02:02 - 2018-01-03 15:26 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-12-20 02:02 - 2017-12-22 14:33 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-20 02:02 - 2017-12-22 14:33 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-12-20 02:02 - 2017-12-22 14:32 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-20 02:02 - 2017-12-22 14:32 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-12-20 02:02 - 2017-12-22 14:32 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-12-20 02:02 - 2017-12-22 14:32 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-12-20 02:02 - 2017-12-22 14:32 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-12-20 01:55 - 2017-12-20 01:55 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-20 01:54 - 2017-12-20 03:21 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-20 01:54 - 2017-12-20 01:54 - 006654960 _____ (AVAST Software) C:\Users\trent\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-12-19 16:03 - 2017-12-19 16:03 - 022660464 _____ (Microsoft Corporation) C:\Users\trent\Downloads\LifeCam3.60 (3).exe
2017-12-19 16:03 - 2017-12-19 16:03 - 003274608 _____ (Microsoft Corporation) C:\Users\trent\Downloads\HD5000FW1033.exe
2017-12-19 15:43 - 2017-12-19 15:43 - 022660464 _____ (Microsoft Corporation) C:\Users\trent\Downloads\LifeCam3.60.exe
2017-12-19 15:36 - 2017-12-19 15:36 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
2017-12-19 15:35 - 2017-12-19 15:35 - 000000000 ____D C:\Program Files\Microsoft LifeCam
2017-12-19 15:35 - 2017-12-19 15:35 - 000000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2017-12-18 13:30 - 2017-12-18 16:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-17 22:49 - 2017-11-29 22:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-17 22:49 - 2017-11-29 22:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-17 22:49 - 2017-11-29 22:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-17 22:49 - 2017-11-29 22:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-17 22:49 - 2017-11-29 22:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-17 22:49 - 2017-11-29 22:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-17 22:49 - 2017-11-29 22:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-17 22:49 - 2017-11-29 22:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-17 22:49 - 2017-11-29 22:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-17 22:49 - 2017-11-29 21:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-17 22:49 - 2017-11-29 21:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-17 22:49 - 2017-11-29 21:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-17 22:49 - 2017-11-29 21:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-17 22:49 - 2017-11-29 21:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-17 22:49 - 2017-11-29 21:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-17 22:49 - 2017-11-29 21:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-17 22:49 - 2017-11-29 21:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-17 22:49 - 2017-11-29 21:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-17 22:49 - 2017-11-29 21:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-17 22:49 - 2017-11-29 21:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-17 22:49 - 2017-11-29 21:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-17 22:49 - 2017-11-29 21:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-17 22:49 - 2017-11-29 21:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-17 22:49 - 2017-11-29 21:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-17 22:49 - 2017-11-29 21:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-17 22:49 - 2017-11-29 21:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-17 22:49 - 2017-11-29 21:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-17 22:49 - 2017-11-29 21:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-17 22:49 - 2017-11-29 21:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-17 22:49 - 2017-11-29 21:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-17 22:49 - 2017-11-29 21:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-17 22:49 - 2017-11-29 21:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-17 22:49 - 2017-11-29 21:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-17 22:49 - 2017-11-29 21:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-17 22:49 - 2017-11-29 21:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-17 22:49 - 2017-11-29 21:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-17 22:49 - 2017-11-29 21:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-17 22:49 - 2017-11-29 21:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-17 22:49 - 2017-11-29 21:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-17 22:49 - 2017-11-29 21:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-17 22:49 - 2017-11-29 21:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-17 22:49 - 2017-11-29 21:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-17 22:49 - 2017-11-29 21:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-17 22:49 - 2017-11-29 21:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-17 22:49 - 2017-11-29 21:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-17 22:49 - 2017-11-29 21:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-17 22:49 - 2017-11-29 21:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-17 22:49 - 2017-11-29 21:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-17 22:49 - 2017-11-29 21:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-17 22:49 - 2017-11-29 21:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-17 22:49 - 2017-11-29 21:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-17 22:49 - 2017-11-29 21:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-17 22:49 - 2017-11-29 21:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-17 22:49 - 2017-11-29 21:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-17 22:49 - 2017-11-29 21:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-17 22:49 - 2017-11-29 21:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-17 22:49 - 2017-11-29 21:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-17 22:49 - 2017-11-17 04:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-17 22:49 - 2017-11-17 04:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-17 22:49 - 2017-11-17 04:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-17 22:49 - 2017-11-17 04:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-17 22:49 - 2017-11-17 04:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-17 22:49 - 2017-11-17 04:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-17 22:49 - 2017-11-17 04:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-17 22:49 - 2017-11-17 04:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-17 22:49 - 2017-11-17 04:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-17 22:49 - 2017-11-17 04:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-17 22:49 - 2017-11-17 04:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-17 22:49 - 2017-11-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-17 22:49 - 2017-11-17 03:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-11 14:24 - 2017-12-11 14:24 - 000000475 _____ C:\Users\trent\Downloads\new_keyboard.txt
2017-12-06 02:09 - 2017-12-21 16:35 - 000000000 ____D C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-03 18:14 - 2017-03-18 06:40 - 020971520 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-03 16:21 - 2017-07-08 14:43 - 000000000 ____D C:\Users\Guest Account
2018-01-03 16:21 - 2017-07-08 14:43 - 000000000 ____D C:\Users\defaultuser0
2018-01-03 16:21 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-03 16:20 - 2017-04-10 13:28 - 000000000 ____D C:\Users\trent\AppData\Roaming\Spotify
2018-01-03 15:32 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-03 15:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-03 15:30 - 2017-07-08 14:41 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-03 15:21 - 2017-04-10 13:28 - 000000000 ____D C:\Users\trent\AppData\Local\Spotify
2018-01-03 15:19 - 2017-04-17 22:21 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-03 15:17 - 2017-04-09 21:34 - 000000000 __SHD C:\Users\trent\IntelGraphicsProfiles
2018-01-03 15:15 - 2017-07-08 14:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-03 15:13 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-01-03 15:12 - 2017-04-09 23:00 - 000031382 _____ C:\Users\trent\AppData\Roaming\VoiceMeeterDefault.xml
2018-01-03 14:59 - 2017-09-28 09:18 - 000000000 ____D C:\Users\trent\AppData\Roaming\obs-studio
2018-01-03 14:59 - 2017-07-08 14:43 - 000000000 ____D C:\Users\trent
2018-01-03 14:23 - 2017-10-10 13:46 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-03 14:23 - 2017-04-10 00:04 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-03 14:08 - 2017-07-08 14:40 - 000000000 ____D C:\Program Files (x86)\Razer
2018-01-03 14:07 - 2017-07-08 14:40 - 000000000 ____D C:\ProgramData\Razer
2018-01-03 12:54 - 2017-07-08 14:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-03 01:58 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2018-01-03 01:52 - 2017-08-10 00:57 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-03 01:52 - 2017-04-09 23:54 - 000360713 ____N C:\WINDOWS\Minidump\010318-37718-01.dmp
2018-01-03 01:33 - 2017-04-09 21:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-03 01:14 - 2017-11-30 21:07 - 000000000 ____D C:\Users\trent\AppData\Local\Razer
2018-01-02 23:59 - 2017-09-28 09:58 - 000000000 ____D C:\Users\trent\.chatty
2018-01-02 23:52 - 2017-04-09 21:26 - 000000000 ____D C:\Users\trent\AppData\Local\CrashDumps
2018-01-02 21:07 - 2017-06-13 18:17 - 000000000 ____D C:\Program Files\Epic Games
2018-01-02 16:20 - 2017-05-28 16:54 - 000000000 ____D C:\Users\trent\Desktop\Games&Stuff
2018-01-02 01:20 - 2017-04-09 22:43 - 000000000 ____D C:\Users\trent\AppData\Local\Battle.net
2018-01-02 00:30 - 2017-07-08 14:57 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-02 00:30 - 2017-07-08 14:57 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-02 00:30 - 2017-07-08 14:57 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1584117033-2172017321-2951850606-1001
2018-01-02 00:30 - 2017-07-08 14:57 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-02 00:30 - 2017-07-08 14:57 - 000002666 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2018-01-02 00:30 - 2017-07-08 14:57 - 000002526 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2018-01-02 00:30 - 2017-07-08 14:57 - 000002518 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2018-01-02 00:30 - 2017-07-08 14:57 - 000002226 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2018-01-01 18:17 - 2017-04-09 22:42 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-01-01 14:20 - 2017-06-06 13:46 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-12-30 19:44 - 2017-04-29 00:19 - 000000000 ____D C:\Users\trent\AppData\Local\UnrealEngine
2017-12-30 14:21 - 2017-04-10 18:09 - 000000000 ____D C:\Users\trent\Documents\Voicemeeter
2017-12-28 20:05 - 2017-04-12 18:00 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-24 15:15 - 2017-11-15 16:43 - 000000000 ____D C:\Users\trent\AppData\Roaming\Battlerite
2017-12-22 03:01 - 2017-05-06 16:29 - 000000000 ____D C:\Users\trent\AppData\Roaming\BitTorrent
2017-12-22 01:53 - 2017-04-09 21:28 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-21 17:48 - 2017-05-08 00:15 - 000000000 ____D C:\Users\trent\Documents\My Games
2017-12-21 15:04 - 2017-05-06 19:52 - 000000000 ____D C:\Users\trent\AppData\Local\ArmA 2 OA
2017-12-20 20:41 - 2017-04-26 23:15 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-20 00:38 - 2017-04-09 21:23 - 000002367 _____ C:\Users\trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-20 00:38 - 2017-04-09 21:23 - 000000000 ___RD C:\Users\trent\OneDrive
2017-12-18 19:19 - 2017-04-09 21:21 - 000000000 ____D C:\Users\trent\AppData\Local\Packages
2017-12-18 17:00 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-18 13:58 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-18 13:56 - 2017-05-11 15:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 13:37 - 2017-07-08 14:59 - 001680918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-18 13:33 - 2017-04-09 21:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-18 13:31 - 2017-07-08 14:38 - 000419056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-18 01:13 - 2017-06-14 09:24 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-18 01:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-17 22:58 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-17 22:54 - 2017-04-10 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-17 22:09 - 2017-04-09 21:35 - 000000000 ____D C:\Users\trent\AppData\Roaming\discord
2017-12-17 22:08 - 2017-04-09 21:35 - 000000000 ____D C:\Users\trent\AppData\Local\Discord
2017-12-07 21:23 - 2017-04-09 21:29 - 000000000 ____D C:\Users\trent\AppData\Local\NVIDIA
2017-12-07 19:36 - 2017-04-28 13:41 - 000007605 _____ C:\Users\trent\AppData\Local\Resmon.ResmonCfg
2017-12-07 12:17 - 2017-07-08 14:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-07 00:02 - 2017-07-08 14:41 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-07 00:02 - 2017-07-08 14:41 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-07 00:02 - 2017-05-23 20:00 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-12-06 18:20 - 2017-05-22 14:11 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-06 18:20 - 2017-05-22 14:11 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-06 15:24 - 2017-04-09 21:31 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-05 23:15 - 2017-05-22 20:27 - 000821416 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys

==================== Files in the root of some directories =======

2018-01-01 14:56 - 2018-01-01 14:59 - 000000357 _____ () C:\Users\trent\AppData\Roaming\Microsoft Surrogate.config
2017-04-09 23:00 - 2018-01-03 15:12 - 000031382 _____ () C:\Users\trent\AppData\Roaming\VoiceMeeterDefault.xml
2017-06-08 01:33 - 2017-06-08 01:33 - 000001456 _____ () C:\Users\trent\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-01-02 17:48 - 2018-01-02 17:48 - 000002621 _____ () C:\Users\trent\AppData\Local\AppVShNotifyt.txt
2018-01-02 17:46 - 2018-01-02 17:48 - 000002584 _____ () C:\Users\trent\AppData\Local\AppVShNotifytvbs.txt
2018-01-02 17:46 - 2018-01-02 17:46 - 000002621 _____ () C:\Users\trent\AppData\Local\AppVShNotifytvbs.vbs
2018-01-02 17:46 - 2018-01-02 17:48 - 000000029 _____ () C:\Users\trent\AppData\Local\MCconfig.dll
2017-04-28 13:41 - 2017-12-07 19:36 - 000007605 _____ () C:\Users\trent\AppData\Local\Resmon.ResmonCfg
2018-01-02 18:40 - 2018-01-02 17:46 - 000010240 _____ () C:\Users\trent\AppData\Local\trz9133.tmp
2018-01-02 17:46 - 2018-01-02 17:48 - 000938008 _____ () C:\Users\trent\AppData\Local\WindowsCodecsRaw.txt
2018-01-02 17:46 - 2018-01-02 17:48 - 000001778 _____ () C:\Users\trent\AppData\Local\x
2018-01-02 17:46 - 2018-01-02 17:48 - 000001684 _____ () C:\Users\trent\AppData\Local\XML.txt
2018-01-02 17:46 - 2018-01-02 17:46 - 000001781 _____ () C:\Users\trent\AppData\Local\xx
2018-01-02 17:46 - 2018-01-02 17:48 - 000001684 _____ () C:\Users\trent\AppData\Local\XXML.txt

Some files in TEMP:
====================
2017-11-28 00:25 - 2017-12-24 18:14 - 000000000 _____ () C:\Users\trent\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-11-28 00:25 - 2017-12-24 18:14 - 000000016 _____ () C:\Users\trent\AppData\Local\Temp\a96bda426f39268ba924df749c045acf.dll
2018-01-03 14:36 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\trent\AppData\Local\Temp\dllnt_dump.dll
2017-08-15 01:54 - 2017-11-04 20:10 - 063036240 _____ (Forge, Inc.                                                 ) C:\Users\trent\AppData\Local\Temp\hideout_update.exe
2017-09-28 09:58 - 2018-01-02 21:21 - 000000000 _____ () C:\Users\trent\AppData\Local\Temp\JIntellitype.dll
2018-01-01 14:21 - 2018-01-01 14:21 - 000958976 _____ (Deluxe VB) C:\Users\trent\AppData\Local\Temp\MHVNZ.exe
2017-05-23 20:08 - 2017-07-18 17:38 - 000758472 _____ (NVIDIA Corporation) C:\Users\trent\AppData\Local\Temp\nvSCPAPI.dll
2017-05-23 20:08 - 2017-07-18 17:38 - 000873136 _____ (NVIDIA Corporation) C:\Users\trent\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-23 20:08 - 2017-05-18 00:21 - 000485856 _____ (NVIDIA Corporation) C:\Users\trent\AppData\Local\Temp\nvStereoApiI64.dll
2017-08-10 02:00 - 2017-07-18 17:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\trent\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\tibgjnqt.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-30 12:40

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by trent (03-01-2018 16:28:08)
Running from C:\Users\trent\Downloads
Windows 10 Pro Version 1703 15063.786 (X64) (2017-07-08 20:06:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1584117033-2172017321-2951850606-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1584117033-2172017321-2951850606-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1584117033-2172017321-2951850606-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1584117033-2172017321-2951850606-501 - Limited - Disabled)
Guest Account (S-1-5-21-1584117033-2172017321-2951850606-1002 - Limited - Enabled) => C:\Users\Guest Account
trent (S-1-5-21-1584117033-2172017321-2951850606-1001 - Administrator - Enabled) => C:\Users\trent

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«The Walking Dead»  1.0.0.23 (HKLM-x32\...\The Walking Dead_is1) (Version: 1.0.0.23 - Telltale Games)
A3Launcher version 0.1.5.0 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.5.0 - Maca134)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.4.1 - Mirillis)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.4.1.901 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Battlestate Games Launcher 0.3.2.222 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 0.3.2.222 - Battlestate Games)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BitTorrent (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BoomReplay (HKLM-x32\...\{3C7FCB88-992B-4E1B-B7AC-2028BFF06062}) (Version: 1.1.22 - Boom.tv)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.4.9 - Andrew Sampson)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
CCProxy 8.0 (HKLM\...\CCProxy_is1) (Version:  - Youngzsoft, Inc.)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
DayZ Commander (HKLM-x32\...\{668B7711-6DAF-465F-9BE2-F3C07C962131}) (Version: 0.92.117 - Dotjosh Studios)
Dead Island Definitive Edition (HKLM-x32\...\Dead Island Definitive Edition_is1) (Version:  - )
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Divinity - Original Sin 2 v.3.0.141.716 (HKLM-x32\...\Divinity - Original Sin 2_is1) (Version:  - )
Divinity Original Sin 2 version 2.3.0 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version: 2.3.0 - Larian Studios)
Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version:  - GOG.com)
DZLauncher version 0.1.5.8 (HKLM-x32\...\{1E299AE2-74C8-4CD8-6B17-A86E0ED3C4D2}_is1) (Version: 0.1.5.8 - Maca134)
Epic Games Launcher (HKLM-x32\...\{0AECAA10-30A7-4141-B9BB-7B1FF339F469}) (Version: 1.1.111.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FaceRig Pro v1.312 (HKLM-x32\...\FaceRig Pro v1.312_is1) (Version:  - )
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Firestorm Launcher version 1.3 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.3 - Firestorm)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gigantic Launcher (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Git version 2.13.0 (HKLM\...\Git_is1) (Version: 2.13.0 - The Git Development Community)
Glary Utilities 5.74 (HKLM-x32\...\Glary Utilities 5) (Version: 5.74.0.95 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hazard Ops version 1.0 (HKLM-x32\...\Hazard Ops_is1) (Version: 1.0 - Infernum Games GmbH)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hideout version 13.139 (HKLM-x32\...\{3A5E0EAB-2E3F-4602-B9F9-0949DB845EF0}_is1) (Version: 13.139 - Forge, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 13.2.4 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.4 - KLCP)
Kodi (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Kodi) (Version:  - XBMC-Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8827.2082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\OneDriveSetup.exe) (Version: 17.3.7289.1207 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8827.2082 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8827.2082 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8827.2082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8827.2082 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PS4 Remote Play (HKLM-x32\...\{7D35E02C-305D-4CBE-899F-E584CF2AA679}) (Version: 2.0.0.02211 - Sony Interactive Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (64-bit) (HKLM\...\{2690DE23-49CD-4973-AA74-F77C4C852189}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (HKLM\...\{70D9C8DA-F1A1-43B0-B325-6263CD21E535}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (HKLM\...\{5C8D887B-998A-4708-9120-CE040C4A5B47}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (HKLM\...\{39F30A3E-99D9-46E3-8582-7422FE54A1FB}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (HKLM\...\{E98CFF92-01E0-4E30-8C72-3C82111091C2}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (HKLM\...\{0F774261-D55F-4180-B266-A9E1C6F4CD7A}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (HKLM\...\{A47BAF5B-53CC-4E60-847A-E13CAF26F467}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (HKLM\...\{A1B06412-F898-47C9-968F-D3B331ABB202}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (HKLM\...\{34E72E6D-77E8-4C17-99B8-42497B7308C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.2.0 - Rockstar Games)
RogueKiller version 12.11.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.31.0 - Adlice Software)
Soda Player (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\sodaplayer) (Version: 1.1.4 - Soda Player)
Spotify (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamLabels 0.2.8 (only current user) (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.8 - Streamlabs)
The Walking Dead - Season 2 (HKLM-x32\...\1432208124_is1) (Version: 2.0.0.1 - GOG.com)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version: 1.0.0.0 - Motiga)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-4ba46ba7-f913-4d94-81c6-44cbe30551ef) (Version:  - Epic Games, Inc.)
Unreal Tournament 2004 (HKLM-x32\...\GOGPACKUT2004_is1) (Version: 2.0.0.6 - GOG.com)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\WinDirStat) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.7 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Auto Shutdown 1.61 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.61 - WiseCleaner.com, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: 1.12.1.5875 - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1584117033-2172017321-2951850606-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-05-17] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0346440B-88E9-4B85-B0DC-13C7CB513361} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {2DC8D741-CBD9-4E79-8042-DA6650150180} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {4415D1D3-CB18-4C19-8EEA-3385708B7338} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {471CFC54-BDCB-4257-976E-EAF95AEB9855} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)
Task: {5DE071F6-8EE8-4F4E-8816-3466283E34ED} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-04-23] (Glarysoft Ltd)
Task: {5FEF525C-834A-4ABC-B0B6-C785B19DAECA} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-04-23] (Glarysoft Ltd)
Task: {67857E1B-739B-4ADF-BE87-EAFDDD52E258} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {6E09FEE8-1EA9-4380-8D06-D3A89D4B3D3A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-16] (Microsoft Corporation)
Task: {74614F34-C2AF-4F0A-B7D7-2CF1A280C4CD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {766EE698-6DDB-43FA-8928-F7E85F202B1F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)
Task: {7E09F07D-84B5-49DC-B556-FEFA75BD1AA0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation)
Task: {824DD30C-D6D7-47B4-9CC5-971563FDA130} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {82BCC8D4-59D7-418E-8E69-83181536AB23} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)
Task: {850A0AF9-F537-4678-9F8A-A57524E1B0D4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-06-06] ()
Task: {97C9B9BA-373F-401A-9608-D5A49727B20C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-18] (Microsoft Corporation)
Task: {9F6C3E37-80D3-4ACF-BB5A-656B79EBCEF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-18] (Microsoft Corporation)
Task: {A8B602C1-378B-4AD3-98F4-B2BCC25DA562} - System32\Tasks\BoomReplayUpdater => C:\Program Files (x86)\Boom.tv\BoomReplay\BoomReplayUpdater.exe [2017-11-05] (Boom.tv)
Task: {BB9FC6AC-BA8E-465D-BFDB-9DD11ED9E364} - System32\Tasks\Host Process for Windows Task => C:\Program Files (x86)\Deluxe\VB.exe
Task: {BF7724EA-E986-4FBB-B2CF-637299E400CE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-16] (Microsoft Corporation)
Task: {CC1F84B4-463E-4114-BD18-10252CD4CB63} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)
Task: {D53C2822-EADD-405E-8C56-C72D4F5CF99B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation)
Task: {D9473265-507A-4029-8D9E-94FA30885CAC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-20] (AVAST Software)
Task: {DAC7AFA0-B087-4A80-BF30-F4727B2284C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-09] (Google Inc.)
Task: {E776456C-EC26-4812-8FDF-34009FC714F5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {F1FF70DE-4EAA-4648-B246-4F9ADB1FDA0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-08-15 01:53 - 2017-11-02 14:24 - 000234480 _____ () C:\Program Files (x86)\Hideout\HideoutService.exe
2017-04-09 21:29 - 2017-11-15 20:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-19 18:09 - 2017-07-19 18:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-11 18:26 - 2017-05-11 18:26 - 000066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-01-03 00:31 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-04-26 11:32 - 2017-04-26 11:32 - 000598528 _____ () C:\Users\trent\AppData\Local\MEGAsync\ShellExtX64.dll
2017-05-11 15:15 - 2017-12-18 13:55 - 008934568 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-17 19:05 - 2017-05-17 19:05 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-02 18:39 - 2014-05-19 18:10 - 003386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2017-11-05 00:08 - 2017-11-05 00:08 - 007366656 _____ () C:\Program Files (x86)\Boom.tv\BoomReplay\bin\BoomReplay.exe
2017-07-04 03:27 - 2017-07-04 03:27 - 000190208 _____ () C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
2016-06-13 01:58 - 2016-06-13 01:58 - 000019472 _____ () C:\Program Files (x86)\Boom.tv\BoomReplay\bin\QtWebEngineProcess.exe
2018-01-03 15:31 - 2018-01-03 15:32 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 15:31 - 2018-01-03 15:32 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 15:31 - 2018-01-03 15:32 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 15:31 - 2018-01-03 15:32 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 15:31 - 2018-01-03 15:31 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-12-22 14:33 - 2017-12-22 14:33 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-22 14:33 - 2017-12-22 14:33 - 000067920 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-06 15:24 - 2017-12-05 23:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-06 15:24 - 2017-12-05 23:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-04-09 21:29 - 2017-11-15 20:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-17 22:07 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\trent\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-17 22:09 - 2017-12-17 22:09 - 001886712 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-17 22:08 - 2017-12-17 22:08 - 001773560 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-04-10 13:28 - 2017-12-18 13:35 - 068214160 _____ () C:\Users\trent\AppData\Roaming\Spotify\libcef.dll
2017-12-22 14:33 - 2017-12-22 14:33 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 14:32 - 2017-12-22 14:32 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 14:32 - 2017-12-22 14:32 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-20 02:02 - 2017-12-20 02:02 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 14:33 - 2017-12-22 14:33 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 14:32 - 2017-12-22 14:32 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-12-17 22:07 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\trent\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-17 22:07 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\trent\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-04-10 13:51 - 2017-04-10 13:51 - 000454656 _____ () C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2017-08-02 18:39 - 2014-05-19 18:10 - 000028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll
2016-09-28 10:00 - 2016-09-28 10:00 - 000198144 _____ () C:\Program Files (x86)\Boom.tv\BoomReplay\bin\sphinxbase.dll
2017-04-19 15:21 - 2017-04-19 15:21 - 000151040 _____ () C:\Program Files (x86)\Boom.tv\BoomReplay\bin\BoomCrashReport.dll
2016-09-07 09:22 - 2016-09-07 09:22 - 000140288 _____ () C:\Program Files (x86)\Boom.tv\BoomReplay\bin\quazip.dll
2016-09-28 10:00 - 2016-09-28 10:00 - 000183808 _____ () C:\Program Files (x86)\Boom.tv\BoomReplay\bin\pocketsphinx.dll
2017-12-17 22:09 - 2017-12-17 22:09 - 009802232 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-17 22:09 - 2017-12-17 22:09 - 001505784 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-17 22:08 - 2017-12-17 22:08 - 000513016 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-17 22:08 - 2017-12-17 22:08 - 002662904 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-17 22:08 - 2017-12-17 22:08 - 001517048 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-17 23:09 - 2017-12-17 23:09 - 002749944 _____ () \\?\C:\Users\trent\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-04-10 13:28 - 2017-12-18 13:34 - 003112848 _____ () C:\Users\trent\AppData\Roaming\Spotify\libglesv2.dll
2017-04-10 13:28 - 2017-12-18 13:34 - 000089488 _____ () C:\Users\trent\AppData\Roaming\Spotify\libegl.dll
2017-04-09 21:29 - 2017-11-15 20:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\trent\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2017-04-10 13:33 - 000001111 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\trent\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\StartupApproved\Run: => "HideoutClient"
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\StartupApproved\Run: => "TSMApplication"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2B33A4C1-026A-42CE-8F84-BF99BF9F0E1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{22A65015-1203-48C3-A368-88B3C4923A83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{FA98721D-B04F-48D2-B813-55E84D6CF2F7}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{112CFDC6-DB6B-439C-9BE3-BDEA90FA424E}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [UDP Query User{5B421B17-F3A8-4ECC-8623-BD894FF56835}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7EB6BE07-17C6-43D2-AD2B-5F51A60B7B36}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{72873CB3-DBC7-4E8F-9413-167BF2F71480}D:\steamlibrary\steamapps\common\newz\thenewz.exe] => (Allow) D:\steamlibrary\steamapps\common\newz\thenewz.exe
FirewallRules: [TCP Query User{1EA0D5E0-AC14-4DB1-A5E2-B8ACF145CC43}D:\steamlibrary\steamapps\common\newz\thenewz.exe] => (Allow) D:\steamlibrary\steamapps\common\newz\thenewz.exe
FirewallRules: [UDP Query User{563EBD3C-832B-4376-8E03-71CB74138ED0}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{00DFB25D-0B24-4174-845B-1767CCA2DFC2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{A65CA3DD-EE40-4C86-9674-50741609787C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{09669C3A-D655-4F5E-A124-3FD4548F0E19}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{151D035F-60A1-458E-8A4D-D9126D5384BB}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{C74AD9DB-8E5C-4DA4-AA8B-4087D0FC6005}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{6071B899-00A9-4EAB-9DA2-5CBE0F1D380E}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FDF691E-1CA0-4A60-AC57-BFC163A79CD0}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{BA5CBD45-BB3E-4C54-A3AB-241A7E2D65CA}D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{1CC8F0D9-B9CD-49C6-853B-89D0C00656C4}D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{BDED9F6C-9591-4AAA-AA07-6B0C5277CEA1}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{444D0C0E-1192-4AE1-AB9B-31EF9907E655}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [UDP Query User{5A2F9FF0-EE24-43BB-B514-85FEE7FCEC09}C:\users\trent\desktop\games\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\trent\desktop\games\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [TCP Query User{05C4712F-BF00-42CE-B69A-5CBDB699B845}C:\users\trent\desktop\games\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\trent\desktop\games\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [{57F462A7-5088-4905-93D0-DFCFC5F7D6B4}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{7FBEE8E5-AFEF-4BFC-B48A-61C3BD7481E2}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{5C207C06-A667-4A86-B520-216C6BFACBC3}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [{995B4964-0B38-4E53-A9CD-8449300C25D2}] => (Allow) C:\Users\trent\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{55291059-65D2-48B6-9421-592B30BEC452}] => (Allow) C:\Users\trent\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{345E9BD2-5572-4997-B05B-CCA7B24C9262}] => (Allow) C:\Users\trent\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{C7D9ABC4-67CF-44A4-9875-E41F3000471A}] => (Allow) C:\Users\trent\Downloads\bin\BlackDesert32.exe
FirewallRules: [UDP Query User{56650DDD-0CE6-47CF-9CDB-110118F083E5}C:\users\trent\desktop\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe] => (Allow) C:\users\trent\desktop\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe
FirewallRules: [TCP Query User{8FA527E0-7297-4EA1-B8AB-A5A9858D415A}C:\users\trent\desktop\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe] => (Allow) C:\users\trent\desktop\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe
FirewallRules: [{4761B33E-E9CE-4438-B3ED-1EDA0B00708F}] => (Allow) D:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{56D0E69C-C9A4-4A66-A92F-8D39AE30EF8C}] => (Allow) D:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{A9FBE39D-5DEF-45C6-ABF2-E03D44AB5E22}] => (Allow) D:\SteamLibrary\steamapps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll
FirewallRules: [{DD7B080C-5F2E-41C7-81CA-029489899E12}] => (Allow) D:\SteamLibrary\steamapps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll
FirewallRules: [{84BA8B97-9782-4345-AA23-88E4D6EFC373}] => (Allow) D:\SteamLibrary\steamapps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{3CF55456-895C-4F6C-B768-69823D6D269E}] => (Allow) D:\SteamLibrary\steamapps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{1A7B6753-AD85-4A03-B95C-846DD377865B}] => (Allow) D:\SteamLibrary\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{63497D88-DC91-4ED1-AA27-EF6852457871}] => (Allow) D:\SteamLibrary\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [UDP Query User{3941F3CD-FC1B-4EC7-83A2-BD63B2A2712B}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{1C6CFE3A-A8FE-4EFF-818E-DDB9F6EB23FC}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A06C807B-0AB5-4468-AA46-0A00E1511CA1}] => (Allow) D:\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{B50664ED-B052-46F0-8C34-9D5757103FAE}] => (Allow) D:\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{040309D3-9F16-48E6-A1A1-F85B30CFA794}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{199FC016-904C-4003-8B0D-80B868B25B59}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{83B6AB0A-86A8-49B0-B5D9-ED93425E7032}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{97E27CD6-4863-46B3-AAB4-EF6D3944FA71}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EDEE361B-AB25-43BD-A0E7-B79EA0EEB2BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{26135CB4-1471-4209-94CB-A0516BC55DF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EAE97296-2FFA-448F-BE0D-43EC7E75A78E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F162431D-441C-4D12-B58A-C87E7ACD9A75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{886C021D-648F-449E-96EC-8BF0E41F6D9A}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{5C16C633-541D-4031-880F-B5C47BB10BB4}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6EE0879A-E3DF-4B8D-8DFA-4517D0507D91}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{895CBC22-A924-46E5-AB82-2334B2E9212D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{457CC21D-B1F1-4A96-B0CB-4AFB4FF89CE4}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{064F5AB4-DC37-431B-90A3-3120A2B27DFB}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8C00B9C5-1CC9-462E-AAD0-2C15210C7003}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{44D4FFCF-75E6-4B45-9126-F88F7F468F01}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{0A5FA2C8-A6F6-4CCB-8DD0-83D756DF1E78}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{733C39C8-5933-4E64-B2F5-BEEAC7AC7291}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3B4368E0-344B-4E55-BB53-7D62AF1703D4}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F89F660D-7964-4290-84D5-76437631910F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1900D189-4AD4-46E2-96E4-1BC4F57786FD}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{DA419287-7C45-4A74-BC7F-3C9FAEABE7C4}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{F490976D-7909-4E6C-A85E-EDC8F231514A}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{5EB95C8D-C7C4-42BD-ADBF-00EB668E9A2D}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{C48DAD13-1584-459A-91DF-38D3A32EA6CF}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{25D2B8AD-54DD-40E1-B878-5FD13FB2335D}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{7617E8C9-A694-430E-BDAE-793451A25740}] => (Allow) C:\Users\trent\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{31B328E5-436F-485A-9CE4-6AEDBED56F3B}] => (Allow) C:\Users\trent\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DEE2D6C2-E615-4D29-88D5-59693230BFCF}] => (Allow) C:\Users\trent\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D9809417-D79F-4242-A2A3-CE49BC41E9B2}] => (Allow) C:\Users\trent\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4D3969A3-4576-43D1-AD8A-0534F1CF1076}] => (Allow) C:\Users\trent\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{23A47CA0-DF75-4A6F-BB84-46B4E82BA8FE}] => (Allow) C:\Users\trent\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{E888915E-3EEF-413B-B6F9-E9DB03B6CB28}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{CF9AEA6F-966A-4E55-8A33-133CE1CF6BC5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{E1978B0D-11FC-44D5-9623-F969FD224741}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9E884E7E-DCC5-46BD-8AA4-113EDEBB3891}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B7952E0B-E21B-4332-AC59-60F343A4762D}C:\users\trent\desktop\fivem\fivem.exe] => (Allow) C:\users\trent\desktop\fivem\fivem.exe
FirewallRules: [TCP Query User{1A1A4F64-3B03-4A7E-AA6A-63A73A1324D7}C:\users\trent\desktop\fivem\fivem.exe] => (Allow) C:\users\trent\desktop\fivem\fivem.exe
FirewallRules: [UDP Query User{6B75D36A-CC9E-4A3A-A120-27B19641E82B}C:\users\trent\appdata\local\fivem\fivem.exe] => (Allow) C:\users\trent\appdata\local\fivem\fivem.exe
FirewallRules: [TCP Query User{B6FB3C8E-D538-4D48-9CD2-4A50EC7330F8}C:\users\trent\appdata\local\fivem\fivem.exe] => (Allow) C:\users\trent\appdata\local\fivem\fivem.exe
FirewallRules: [{42AB61D0-E68C-4298-B1C5-94E1497BF6F1}] => (Allow) D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{E7A3C672-1F23-43E3-9681-27F0ADA91046}] => (Allow) D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{927A0192-566A-4F32-9DAB-DDCF9E2B4AFA}] => (Allow) D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{2B360543-E219-4889-8C15-534273F17EC1}] => (Allow) D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [UDP Query User{1F88AFA4-F3B9-49A0-9026-73CF1F464533}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{2C93ECAB-1C69-41BB-B9AE-944243595E34}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{4C3684F7-A7D7-4695-9EEF-8881B089D0AE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{0A2AADCD-4634-4E92-AECE-7CD2B21115D8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{2AB1C0B7-DC54-4F65-B69E-54A164BC7D31}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{84A71E9D-897E-46F1-8E2E-3F55309B11E2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [UDP Query User{0FDA2F6A-B66C-4692-8780-BFEBB7D7FA58}C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe
FirewallRules: [TCP Query User{61A61FD3-DC5A-4E0B-8682-948FAEFC83A6}C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe
FirewallRules: [{5DEB60A1-62D4-411C-B8E3-936DD9C6ED11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{692DC885-8C54-4DB3-9AA6-D8726316338B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{27D0392E-1AF3-4388-A0D6-151EC2ADB8A0}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{397CFD14-8B40-4415-917E-729DB1E6625A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{DA2F8BB8-C9C6-4B23-BF1B-B7BECBB2C6E8}] => (Allow) D:\Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{258FA1EC-93EE-4416-8B74-0D328A0CCDE5}] => (Allow) D:\Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{38E86393-2E63-4517-8A58-DCC6E5140C9C}] => (Allow) D:\Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{C90D4AD9-2414-4042-B89D-387387DD1ABC}] => (Allow) D:\Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [UDP Query User{1FD7F41C-AADC-4706-A611-B0D5171F208C}C:\users\trent\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trent\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C861FF0D-7B63-45FF-928F-A1789178994C}C:\users\trent\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trent\appdata\roaming\spotify\spotify.exe
FirewallRules: [{09AC6407-4356-4EE4-A959-5E2FD3029478}] => (Allow) D:\Games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F44C701E-3941-41D9-808A-ACAE1CED292D}] => (Allow) D:\Games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{388F522D-6F00-4819-973D-6B2C83F28026}] => (Allow) D:\Games\Steam.exe
FirewallRules: [{2DFE9164-F6A8-4122-B4B9-D6DC82D55091}] => (Allow) D:\Games\Steam.exe
FirewallRules: [{511D1D64-8646-40EB-AA9E-383244CDE30C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FEAC8906-9C52-454A-BF9B-C79F1B5C738C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{74B05529-E457-4894-B841-34E0B255555F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{30B0BEA7-825B-42A2-B94B-471F1296A854}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46452869-731E-415B-9367-8B8B8A4B5981}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0B6BB72-C558-4BEC-9389-B1546D6493D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E2E1ACC4-952B-4885-8E48-0B1877A7CF38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{364810E0-311F-4A8B-9370-2EB8BCFC996E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FE21750C-09BE-410E-BE04-91C6BB7BDCAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{624E78D1-AB19-4478-80BF-6BFB7541EDEC}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{14E39701-D020-4131-90A8-1CF33A322B71}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{5654537F-436A-4B02-82D4-7BCC83B0D673}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{E71E6088-62A8-41DC-B5BC-D5EF18264D96}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{61EB1602-30A6-4DDE-960A-1855347F9E04}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4x.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4x.exe
FirewallRules: [UDP Query User{46173852-ABA1-46F6-A3E4-5D8CAAAC8BFB}D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4x.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4x.exe
FirewallRules: [TCP Query User{877F5652-4306-47A1-A987-D762D28294D5}C:\users\trent\desktop\games&stuff\gang beasts\igg-gang.beasts.v0.4.1\gang beasts.exe] => (Allow) C:\users\trent\desktop\games&stuff\gang beasts\igg-gang.beasts.v0.4.1\gang beasts.exe
FirewallRules: [UDP Query User{55BB6554-1CCC-4092-B554-A335C1BF4E76}C:\users\trent\desktop\games&stuff\gang beasts\igg-gang.beasts.v0.4.1\gang beasts.exe] => (Allow) C:\users\trent\desktop\games&stuff\gang beasts\igg-gang.beasts.v0.4.1\gang beasts.exe
FirewallRules: [TCP Query User{7657C749-CA1F-4165-97EC-8A9AC1ED1D2F}C:\users\trent\desktop\games&stuff\gang.beasts.v0.5.7\gang beasts.exe] => (Allow) C:\users\trent\desktop\games&stuff\gang.beasts.v0.5.7\gang beasts.exe
FirewallRules: [UDP Query User{40B9A62D-E35A-46DA-B395-2B2FAC09FCAE}C:\users\trent\desktop\games&stuff\gang.beasts.v0.5.7\gang beasts.exe] => (Allow) C:\users\trent\desktop\games&stuff\gang.beasts.v0.5.7\gang beasts.exe
FirewallRules: [TCP Query User{5B22725B-D030-4628-B8BA-EA180D59139D}C:\users\trent\desktop\games&stuff\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe] => (Allow) C:\users\trent\desktop\games&stuff\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe
FirewallRules: [UDP Query User{D5648DF1-0F44-49FA-AE0A-1000DC94551E}C:\users\trent\desktop\games&stuff\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe] => (Allow) C:\users\trent\desktop\games&stuff\gang beasts\gang.beasts.v0.5.6.inclu.server.tool\gang beasts.exe
FirewallRules: [{B7F05ABB-FA7E-4464-9A26-CD17C59D5AE1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{999A231D-2EF2-4C2C-9940-2B125B78E46D}C:\program files (x86)\blizzard app\battle.net.9061\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.9061\battle.net.exe
FirewallRules: [UDP Query User{28CD4E98-B270-49CB-BAE4-270085DE49CE}C:\program files (x86)\blizzard app\battle.net.9061\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.9061\battle.net.exe
FirewallRules: [TCP Query User{63B520AD-19DB-4A67-8EDD-CC940BFEC6EC}D:\starcraft ii\versions\base55505\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base55505\sc2_x64.exe
FirewallRules: [UDP Query User{C6E39D28-7EEB-4AFC-AF68-D22A8970A187}D:\starcraft ii\versions\base55505\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base55505\sc2_x64.exe
FirewallRules: [{E6826F88-D47E-46ED-9D15-7EBCD0727266}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{484DA42F-FC85-4D56-BBEA-CCAA1D9D5F1E}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{112E6F5F-CC18-476B-AAD5-21C778160D76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F2BD334E-CD00-44A2-B367-1F38DEF6800A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{891202E0-7484-4C85-A6C0-6A9AA4E1E19A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2F21E09B-BA47-46DF-9FF9-23AD67019070}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7E456A93-4FF0-47B4-A024-C6E3750C56EE}D:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{6EA90C4B-C3E9-4309-B5B2-20A9C37C7474}D:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{C8AF7889-FF4B-44DE-A320-08ED5960ABF4}C:\users\trent\desktop\games&stuff\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\trent\desktop\games&stuff\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [UDP Query User{0F77ECE1-4CBD-49E4-AC1E-7257A15F1D84}C:\users\trent\desktop\games&stuff\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\trent\desktop\games&stuff\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [{CE3A8492-013A-46CE-9665-76F3D5FA36BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{7EA2AD7C-D100-4734-B8D5-B4B79237ACAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [TCP Query User{BA2CED8F-8D93-4693-B751-B1E996C974C2}C:\users\trent\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\trent\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [UDP Query User{0D5D1858-DB18-47DF-A963-1EBF86195637}C:\users\trent\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\trent\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [TCP Query User{BA3D0165-7775-4B41-A077-AB664AFB7A25}C:\users\trent\appdata\roaming\soda player\acestream\engine\ace_engine.exe] => (Allow) C:\users\trent\appdata\roaming\soda player\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{925D9EF5-F4CD-4D4A-AC7F-715A423EC88C}C:\users\trent\appdata\roaming\soda player\acestream\engine\ace_engine.exe] => (Allow) C:\users\trent\appdata\roaming\soda player\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{44D295DD-7C08-4B2B-B9FF-3FD7FAD184F7}D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe
FirewallRules: [UDP Query User{118E21EB-7E6F-4FFB-8F6B-A0ECC50B7EB5}D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\arc\arcchat.exe
FirewallRules: [TCP Query User{D7AE2226-AFF9-4320-B17F-5298D1FC5D15}D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [UDP Query User{55A5BD87-0D52-4ACA-AA90-B0E771789937}D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [{EB409B60-D8CC-4DEE-84B8-9B68CC57F48B}] => (Allow) D:\SteamLibrary\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{C2DCFA52-022F-48F5-AB92-B8BA6918F5B3}] => (Allow) D:\SteamLibrary\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{D81947C1-A959-4720-8D65-870EB3B01282}] => (Allow) C:\GOG Games\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{F1FE1EF7-74D1-4FAE-814E-9E80AA60A3F8}] => (Allow) C:\GOG Games\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [TCP Query User{8039C9E6-D4CD-4D11-B2AA-7E572CF2EDA2}D:\destiny 2\destiny2.exe] => (Allow) D:\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{753B2121-78FB-4406-895A-72B55A020853}D:\destiny 2\destiny2.exe] => (Allow) D:\destiny 2\destiny2.exe
FirewallRules: [TCP Query User{4DC22D43-CAC4-4F8D-8B83-553E1FEE6715}D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{B91AE5F4-C2C3-47F6-BE47-DDFB33797E3F}D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{CDF9A957-0615-474E-8370-D45D5534D3BE}D:\steamlibrary\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) D:\steamlibrary\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [UDP Query User{D3BE392E-BB5C-4163-B24D-92D2B9546056}D:\steamlibrary\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) D:\steamlibrary\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [{14B8C9BE-5958-40F8-8003-4E061EC811E8}] => (Allow) D:\SteamLibrary\steamapps\common\Mirage Arcane Warfare\TBL-Win64-Shipping.exe
FirewallRules: [{6363AD10-3D56-44B3-8E1F-533E5EE91D09}] => (Allow) D:\SteamLibrary\steamapps\common\Mirage Arcane Warfare\TBL-Win64-Shipping.exe
FirewallRules: [TCP Query User{3868ED01-7AA4-4B2D-A621-BFE55ADA9C13}D:\steamlibrary\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe
FirewallRules: [UDP Query User{3EE8F5EF-D4F7-473A-BB9D-0C20819A080C}D:\steamlibrary\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe
FirewallRules: [{8A2ADB70-0580-4027-8513-D02CBC7F9461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Rising 2 Off the Record\deadrising2otr.exe
FirewallRules: [{1A34D53E-347B-4C54-915F-E0EC5E679B62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Rising 2 Off the Record\deadrising2otr.exe
FirewallRules: [{4343F1C5-8D2B-4EC0-906A-E0401942280A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{DE7F5B9E-BCD7-48B0-8910-150F6779AC54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{C58BD62D-1F98-4765-964D-72FFF2455B0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{2607FB0E-77C0-4BFB-8ED2-2D82C0F9257F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{FB66D6B4-A659-472D-A305-D22DF08A8937}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5FA557F0-D7AD-4DF1-A3E2-E1E438EF69E8}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{8ABCE49F-0DC2-4D22-B66B-3EFDC95304A1}] => (Allow) D:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{3C9C3143-6AB4-4D19-A2C0-12E623E22438}] => (Allow) D:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{FFABA409-6111-43E5-A173-CD8FFD91DBEA}] => (Allow) D:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{34CB4BBA-8246-418F-85B1-5A547C95AA6E}] => (Allow) D:\SteamLibrary\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{E096B08F-75E9-4F20-9CCB-0635625306C1}D:\games\divinity - original sin 2\bin\eocapp.exe] => (Allow) D:\games\divinity - original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{0035CCE2-A047-4EC6-8B22-A7D64AE73DC6}D:\games\divinity - original sin 2\bin\eocapp.exe] => (Allow) D:\games\divinity - original sin 2\bin\eocapp.exe
FirewallRules: [{AE69E526-4BD3-4129-95BD-3D0A5A311E76}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2C48E5E7-D567-4F42-A1D9-C0CA636B5E6E}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{8D0714D1-E790-4A32-AB4C-8FA566CBF95A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{D5FA1DC7-206B-4383-B034-6EFE78BA0427}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{03E647E0-9130-40ED-A4C2-9E8B8A175C76}C:\program files\windows multimedia platform\services and controller app.exe] => (Block) C:\program files\windows multimedia platform\services and controller app.exe
FirewallRules: [UDP Query User{5978D518-2E7A-4F58-9103-390524AB6387}C:\program files\windows multimedia platform\services and controller app.exe] => (Block) C:\program files\windows multimedia platform\services and controller app.exe
FirewallRules: [{677F344E-11CD-4F1E-92E1-A9191F4CF881}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{21A7688F-8EAF-40F2-A441-EE0100FC453E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [TCP Query User{87F7A401-583F-4587-9A30-BE549376D66B}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{2754D4BF-A032-4AFE-A3CD-190FC49D1560}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{F9BB03C9-ED07-466E-9092-2A0705A3F390}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{4FAF0AA6-E70B-45C0-904B-B532D4896135}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [TCP Query User{5F8B0F19-0189-474E-A41B-DC55A51BE839}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [UDP Query User{6D6F55CD-3F4A-4B29-8D20-F575EF6A915C}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [{27811573-44C3-4CBF-BBBB-11F3DBE2B7E0}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C64ED31D-4A7F-4325-9D3E-0A80071D7255}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{39DBFA31-BF44-4B0E-801D-B0A676668803}] => (Allow) C:\Program Files (x86)\Hideout\bin\32bit\Crucible.exe
FirewallRules: [{B6A18B71-77FF-441A-9CE3-84C5D93E05FF}] => (Allow) C:\Program Files (x86)\Hideout\bin\32bit\Crucible.exe
FirewallRules: [{E2039A62-DF62-463A-82AE-F76D9F669C8A}] => (Allow) D:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{82D2D09F-8B4E-4D11-B6E5-15EEC1874325}] => (Allow) D:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [TCP Query User{2DBAADDA-A1A5-41CC-9DCE-8B52AAFDA0E6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{AAE69F8A-25E1-45C8-A0FB-9A823F240686}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{FBBA86FB-CAF6-4046-906A-24E1F6D508FF}] => (Allow) D:\SteamLibrary\steamapps\common\CastleMiner Z\CastleMinerZ.exe
FirewallRules: [{23779392-6C02-4322-8031-ABDAFFCAF364}] => (Allow) D:\SteamLibrary\steamapps\common\CastleMiner Z\CastleMinerZ.exe
FirewallRules: [TCP Query User{761A8E8E-90CD-4C3D-9A88-66303B7C9F75}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{60CCD4B7-1CD8-411E-AD79-09F60AC906FC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{45EA4437-9431-4448-BB98-DC21B3171F3C}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{9549C548-15C9-46FB-A465-63DAE37E255E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{09B1CAB3-4C67-4151-9C53-0968475252E6}] => (Allow) D:\SteamLibrary\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{160D0258-84E2-479E-AB25-B3A630930818}] => (Allow) D:\SteamLibrary\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [TCP Query User{A8F42D2C-27E2-4516-B901-70FE61AF742D}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{00B6BC90-8A2C-4274-BE81-89B51C2ADDB5}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [{4A3B1E1D-AF6E-4B20-B276-625C19582CBD}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{22005E19-76ED-4F8F-AA66-52D2E5929953}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{1685DF4C-87FD-4CB2-92AC-DFE293F5EBA7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B8CC16AD-BD82-4DA2-8FEE-43BA92C78648}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{8619B4B6-C629-4931-9760-3267900BA5B0}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{4907D85F-3778-42E8-B9B3-B6E2BFA5B435}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{304F549F-99FC-4475-960B-BE09B86A8928}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{49DCBCE8-AC74-44BD-B490-663A56001C5B}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{3F865EED-2122-497F-A8D5-7E585D7F1AF8}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{2C8E1C89-6493-4E70-8045-015E9DEC110F}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{CC68426F-17C1-43DC-BD88-E30CB30DD6D3}C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe] => (Allow) C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe
FirewallRules: [UDP Query User{64C1B50C-D598-4958-B296-D6FF0765C2D9}C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe] => (Allow) C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe
FirewallRules: [{B22B7594-5415-4208-9EB5-897535377A43}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{DE7D6365-C4DB-473B-9BB9-F5AD13CF3272}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{48AB76B7-B75B-45A6-9121-FD81AA49F8D7}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{0616039E-224C-44DD-9D18-DCFFBD443CB6}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{9982274A-BBD2-4A47-A3F8-53F46436EFB9}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe
FirewallRules: [{EC577436-B636-4945-B047-77A0426A0446}] => (Allow) C:\Battlestate Games\BsgLauncher\BsgLauncher.exe
FirewallRules: [{89363EDC-40A7-42F6-9DAD-92F7D1C97865}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9D57259A-9037-4327-B50F-38395519AC74}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

03-01-2018 14:07:56 Installed Razer Synapse.

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2018 04:21:55 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/03/2018 04:21:46 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (01/03/2018 04:21:45 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/03/2018 04:21:45 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/03/2018 04:21:33 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/03/2018 04:21:33 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/03/2018 03:12:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-M6IKS03)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2018 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.15063.447, time stamp: 0xe365c782
Faulting module name: ClownfshAPO64.dll, version: 0.0.0.0, time stamp: 0x595b4a80
Exception code: 0xc0000005
Fault offset: 0x000000000001b138
Faulting process id: 0x17f4
Faulting application start time: 0x01d384ced7fba25e
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
Report Id: 66af4734-ca75-4770-a695-02cd307deab1
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/03/2018 02:47:34 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\gay.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Anti-malware remediation tool because of this error.

Program: Anti-malware remediation tool
File: C:\Windows\System32\gay.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/03/2018 02:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller64.exe, version: 12.11.31.0, time stamp: 0x5a4b4be5
Faulting module name: RogueKiller64.exe, version: 12.11.31.0, time stamp: 0x5a4b4be5
Exception code: 0xc0000006
Fault offset: 0x0000000000a9a4f0
Faulting process id: 0x2950
Faulting application start time: 0x01d384cb592b325b
Faulting application path: C:\Program Files\RogueKiller\RogueKiller64.exe
Faulting module path: C:\Program Files\RogueKiller\RogueKiller64.exe
Report Id: 07ca3ce4-95a6-4408-bd6a-84bb104330f1
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/03/2018 04:15:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2018-01-03 00:31:46.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-07 20:16:27.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-07 20:16:27.171
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-31 16:45:49.827
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MpEngineStore\MpKsl163ab093.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-31 16:12:56.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MpEngineStore\MpKsl163ab093.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-31 16:12:54.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C41BA97-0D97-455A-A541-7A397EF97994}\MpKsl162a6d8e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-29 18:34:57.141
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MpEngineStore\MpKsld05b39f3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-29 13:39:10.088
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MpEngineStore\MpKsld05b39f3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-29 13:39:09.031
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEE81380-B0B6-4072-86F2-BFEC2EFCEF46}\MpKsl1942d9a0.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-29 13:33:56.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MpEngineStore\MpKsl519fbf44.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 16263.39 MB
Available physical RAM: 7647.61 MB
Total Virtual: 32526.78 MB
Available Virtual: 23916.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.54 GB) (Free:40.15 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:465.63 GB) (Free:34.23 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Link to post
Share on other sites

Good. Now, launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should be on your desktop. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::

 

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by trent (03-01-2018 19:24:34) Run:2
Running from C:\Users\trent\Downloads
Loaded Profiles: trent (Available Profiles: defaultuser0 & trent & Guest Account)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileCrypt             D:                                        141100     FileCrypt Instance        0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\HarddiskVolume2                    40500     FileInfo                  0     00000003  
FileInfo              C:                                         40500     FileInfo                  0     00000003  
FileInfo              D:                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000003  
MBAMChameleon                                                   400900     MBAMChameleon             0     00000000  
MBAMChameleon         \Device\HarddiskVolume2                   400900     MBAMChameleon             0     00000000  
MBAMChameleon         C:                                        400900     MBAMChameleon             0     00000000  
MBAMChameleon         D:                                        400900     MBAMChameleon             0     00000000  
MBAMChameleon         \Device\Mup                               400900     MBAMChameleon             0     00000000  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   C:                                         40700     Wof Instance              0     00000003  
Wof                   D:                                         40700     Wof Instance              0     00000003  
aswMonFlt                                                       320700     aswMonFlt Instance        0     00000004  
aswMonFlt             \Device\HarddiskVolume2                   320700     aswMonFlt Instance        0     00000004  
aswMonFlt             C:                                        320700     aswMonFlt Instance        0     00000004  
aswMonFlt             D:                                        320700     aswMonFlt Instance        0     00000004  
aswMonFlt             \Device\Mup                               320700     aswMonFlt Instance        0     00000004  
aswSP                                                           388401     aswSP Instance            0     00000004  
aswSP                 \Device\HarddiskVolume2                   388401     aswSP Instance            0     00000004  
aswSP                 C:                                        388401     aswSP Instance            0     00000004  
aswSP                 D:                                        388401     aswSP Instance            0     00000004  
aswSnx                                                          137600     aswSnx Instance           0     00000000  
aswSnx                \Device\HarddiskVolume2                   137600     aswSnx Instance           0     00000000  
aswSnx                C:                                        137600     aswSnx Instance           0     00000000  
aswSnx                D:                                        137600     aswSnx Instance           0     00000000  
aswSnx                \Device\Mup                               137600     aswSnx Instance           0     00000000  
benphvk               C:                                         45666     benphvk Instance          0     00000000  
benphvk               \Device\Mup                                45666     benphvk Instance          0     00000000  
ilosvy                                                           45888     ilosvy Instance           0     00000000  
ilosvy                \Device\HarddiskVolume2                    45888     ilosvy Instance           0     00000000  
ilosvy                C:                                         45888     ilosvy Instance           0     00000000  
ilosvy                D:                                         45888     ilosvy Instance           0     00000000  
luafv                 C:                                        135000     luafv                     0     00000003  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000000  
wcifs                 D:                                        189900     wcifs Instance            0     00000000  

========= End of CMD: =========


========= dir /a:-d /o:d C:\windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is B2AA-AC57

 Directory of C:\windows\system32\drivers

02/28/2013  08:49 PM            36,600 npf.sys
08/21/2015  10:50 AM           463,112 IntcDAud.sys
09/21/2015  12:08 AM            37,912 LcUvcUpper.sys
12/01/2015  02:46 PM            50,160 intelaud.sys
12/01/2015  02:46 PM            38,896 iwdbus.sys
04/04/2016  11:06 AM           195,152 TeeDriverW8x64.sys
04/26/2016  03:10 PM            48,824 tap0901t.sys
05/03/2016  10:30 PM         3,811,288 igdkmd64.sys
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
08/17/2016  04:57 PM           204,304 rzudd.sys
08/17/2016  04:57 PM            51,736 rzendpt.sys
08/18/2016  04:36 AM         6,910,841 RTAIODAT.DAT
08/18/2016  04:36 AM         1,920,820 rtkSSTsetting.dat
08/18/2016  04:37 AM         5,804,772 rtvienna.dat
08/18/2016  07:51 PM         5,276,168 RTKVHD64.sys
03/18/2017  03:56 PM           120,224 pcmcia.sys
03/18/2017  03:56 PM            32,256 BthhfHid.sys
03/18/2017  03:56 PM            43,520 BthAvrcpTg.sys
03/18/2017  03:56 PM            49,152 circlass.sys
03/18/2017  03:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  03:56 PM            46,592 hidir.sys
03/18/2017  03:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  03:56 PM            66,560 bthmodem.sys
03/18/2017  03:56 PM           103,424 usbcir.sys
03/18/2017  03:56 PM            97,280 drmk.sys
03/18/2017  03:56 PM           134,656 USBAUDIO.sys
03/18/2017  03:56 PM           373,248 portcls.sys
03/18/2017  03:56 PM            16,232 drmkaud.sys
03/18/2017  03:56 PM            27,136 usbprint.sys
03/18/2017  03:56 PM            39,424 monitor.sys
03/18/2017  03:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  03:56 PM            74,840 intelpep.sys
03/18/2017  03:56 PM            14,848 acpipmi.sys
03/18/2017  03:56 PM           533,920 bxvbda.sys
03/18/2017  03:56 PM         3,419,040 evbda.sys
03/18/2017  03:56 PM            20,480 AcpiDev.sys
03/18/2017  03:56 PM           122,880 capimg.sys
03/18/2017  03:56 PM           110,496 sbp2port.sys
03/18/2017  03:56 PM           160,256 cdrom.sys
03/18/2017  03:56 PM           107,424 3ware.sys
03/18/2017  03:56 PM           238,080 1394ohci.sys
03/18/2017  03:56 PM            27,040 amdxata.sys
03/18/2017  03:56 PM         1,135,512 adp80xx.sys
03/18/2017  03:56 PM            83,352 amdsata.sys
03/18/2017  03:56 PM           132,000 arcsas.sys
03/18/2017  03:56 PM           259,488 amdsbs.sys
03/18/2017  03:56 PM            30,720 wacompen.sys
03/18/2017  03:56 PM             9,728 bcmfn2.sys
03/18/2017  03:56 PM            64,416 HpSAMD.sys
03/18/2017  03:56 PM           108,960 lsi_sas.sys
03/18/2017  03:56 PM           123,808 lsi_sas2i.sys
03/18/2017  03:56 PM            82,848 lsi_sss.sys
03/18/2017  03:56 PM           103,328 lsi_sas3i.sys
03/18/2017  03:56 PM            59,808 megasas.sys
03/18/2017  03:56 PM            64,416 MegaSas2i.sys
03/18/2017  03:56 PM            63,904 mvumis.sys
03/18/2017  03:56 PM           575,904 megasr.sys
03/18/2017  03:56 PM            16,896 MTConfig.sys
03/18/2017  03:56 PM           150,432 nvraid.sys
03/18/2017  03:56 PM            58,784 percsas2i.sys
03/18/2017  03:56 PM           166,304 nvstor.sys
03/18/2017  03:56 PM            61,848 percsas3i.sys
03/18/2017  03:56 PM            44,960 sisraid2.sys
03/18/2017  03:56 PM            31,136 stexstor.sys
03/18/2017  03:56 PM            81,824 sisraid4.sys
03/18/2017  03:56 PM            57,856 umbus.sys
03/18/2017  03:56 PM           166,816 vsmraid.sys
03/18/2017  03:56 PM           305,568 VSTXRAID.SYS
03/18/2017  03:56 PM           102,816 cht4dx64.sys
03/18/2017  03:56 PM           347,032 cht4sx64.sys
03/18/2017  03:56 PM         2,104,224 cht4vx64.sys
03/18/2017  03:56 PM            13,824 errdev.sys
03/18/2017  03:56 PM            32,160 winmad.sys
03/18/2017  03:56 PM           842,656 mlx4_bus.sys
03/18/2017  03:56 PM           108,960 ndfltr.sys
03/18/2017  03:56 PM           526,240 ibbus.sys
03/18/2017  03:56 PM            64,920 winverbs.sys
03/18/2017  03:56 PM            32,768 fdc.sys
03/18/2017  03:56 PM            18,432 sfloppy.sys
03/18/2017  03:56 PM           673,184 iaStorAV.sys
03/18/2017  03:56 PM            38,296 hidbatt.sys
03/18/2017  03:56 PM           412,064 iaStorV.sys
03/18/2017  03:56 PM            92,064 IPMIDrv.sys
03/18/2017  03:56 PM            26,624 flpydisk.sys
03/18/2017  03:56 PM           194,464 ataport.sys
03/18/2017  03:56 PM            22,944 isapnp.sys
03/18/2017  03:56 PM            19,360 intelide.sys
03/18/2017  03:56 PM            19,352 msisadrv.sys
03/18/2017  03:56 PM            26,112 serenum.sys
03/18/2017  03:56 PM            84,480 serial.sys
03/18/2017  03:56 PM            97,792 parport.sys
03/18/2017  03:56 PM            16,800 pciide.sys
03/18/2017  03:56 PM            53,656 pciidex.sys
03/18/2017  03:56 PM            44,960 mssmbios.sys
03/18/2017  03:56 PM            29,088 atapi.sys
03/18/2017  03:56 PM            80,896 nvdimmn.sys
03/18/2017  03:56 PM           604,160 rt640x64.sys
03/18/2017  03:56 PM           101,376 pmem.sys
03/18/2017  03:56 PM            36,760 storufs.sys
03/18/2017  03:56 PM            91,040 scmbus.sys
03/18/2017  03:56 PM            78,752 uaspstor.sys
03/18/2017  03:56 PM            18,432 wmiacpi.sys
03/18/2017  03:56 PM            54,176 vdrvroot.sys
03/18/2017  03:56 PM            57,344 BasicDisplay.sys
03/18/2017  03:56 PM           193,536 intelppm.sys
03/18/2017  03:56 PM           172,544 amdppm.sys
03/18/2017  03:56 PM           102,816 disk.sys
03/18/2017  03:56 PM           172,032 processr.sys
03/18/2017  03:56 PM           176,640 amdk8.sys
03/18/2017  03:56 PM           587,168 spaceport.sys
03/18/2017  03:56 PM            16,288 volume.sys
03/18/2017  03:56 PM            29,600 uefi.sys
03/18/2017  03:56 PM            83,360 volmgr.sys
03/18/2017  03:56 PM           167,328 spacedump.sys
03/18/2017  03:56 PM            12,800 acpipagr.sys
03/18/2017  03:56 PM            14,336 acpitime.sys
03/18/2017  03:56 PM            36,256 battc.sys
03/18/2017  03:56 PM           405,408 mausbhost.sys
03/18/2017  03:56 PM            30,208 CmBatt.sys
03/18/2017  03:56 PM           353,696 pci.sys
03/18/2017  03:56 PM            31,128 SDFRd.sys
03/18/2017  03:56 PM            51,104 mausbip.sys
03/18/2017  03:56 PM            18,336 swenum.sys
03/18/2017  03:56 PM            35,328 TsUsbGD.sys
03/18/2017  03:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  03:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  03:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  03:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  03:56 PM            33,280 iagpio.sys
03/18/2017  03:56 PM            13,824 vmgencounter.sys
03/18/2017  03:56 PM            81,408 iai2c.sys
03/18/2017  03:56 PM            53,664 CAD.sys
03/18/2017  03:56 PM            16,896 hyperkbd.sys
03/18/2017  03:56 PM             9,216 vms3cap.sys
03/18/2017  03:56 PM            47,104 dmvsc.sys
03/18/2017  03:56 PM            25,088 VMBusHID.sys
03/18/2017  03:56 PM            74,656 vpci.sys
03/18/2017  03:56 PM            47,520 vmstorfl.sys
03/18/2017  03:56 PM            40,960 RfxVmt.sys
03/18/2017  03:56 PM            64,512 Synth3dVsc.sys
03/18/2017  03:56 PM            36,768 storvsc.sys
03/18/2017  03:56 PM            10,240 vmgid.sys
03/18/2017  03:56 PM           107,424 vmbus.sys
03/18/2017  03:56 PM            27,136 npsvctrig.sys
03/18/2017  03:56 PM            23,552 BtaMPM.sys
03/18/2017  03:56 PM            29,600 urschipidea.sys
03/18/2017  03:56 PM            49,056 msgpiowin32.sys
03/18/2017  03:56 PM            98,712 UfxChipidea.sys
03/18/2017  03:56 PM            21,504 genericusbfn.sys
03/18/2017  03:56 PM           138,656 ufxsynopsys.sys
03/18/2017  03:56 PM            28,064 urssynopsys.sys
03/18/2017  03:56 PM            45,568 devauthe.sys
03/18/2017  03:56 PM            46,592 xinputhid.sys
03/18/2017  03:56 PM            14,336 umpass.sys
03/18/2017  03:56 PM           180,736 hidclass.sys
03/18/2017  03:56 PM            98,816 xusb22.sys
03/18/2017  03:56 PM            40,960 hidparse.sys
03/18/2017  03:56 PM            40,960 hidusb.sys
03/18/2017  03:56 PM            40,448 kbdhid.sys
03/18/2017  03:56 PM           115,200 i8042prt.sys
03/18/2017  03:56 PM            51,104 hidinterrupt.sys
03/18/2017  03:56 PM            52,224 hidi2c.sys
03/18/2017  03:56 PM            64,416 kbdclass.sys
03/18/2017  03:56 PM            33,280 mouhid.sys
03/18/2017  03:56 PM            60,320 mouclass.sys
03/18/2017  03:56 PM            28,672 sermouse.sys
03/18/2017  03:56 PM           466,336 usbport.sys
03/18/2017  03:56 PM            30,720 usbohci.sys
03/18/2017  03:56 PM            98,200 usbehci.sys
03/18/2017  03:56 PM            35,328 usbuhci.sys
03/18/2017  03:56 PM            32,160 usbd.sys
03/18/2017  03:56 PM           131,488 USBSTOR.SYS
03/18/2017  03:56 PM            90,112 winusb.sys
03/18/2017  03:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  03:56 PM            94,624 sdstor.sys
03/18/2017  03:56 PM            23,040 kdnic.sys
03/18/2017  03:56 PM            54,272 filecrypt.sys
03/18/2017  03:56 PM            35,328 vhf.sys
03/18/2017  03:56 PM           127,392 acpiex.sys
03/18/2017  03:56 PM           213,920 Ucx01000.sys
03/18/2017  03:56 PM            28,064 cmimcext.sys
03/18/2017  03:56 PM            45,568 Udecx.sys
03/18/2017  03:56 PM            98,208 sdport.sys
03/18/2017  03:56 PM            61,440 TsUsbFlt.sys
03/18/2017  03:56 PM            63,904 fsdepends.sys
03/18/2017  03:56 PM           294,816 WdFilter.sys
03/18/2017  03:56 PM            44,632 WdBoot.sys
03/18/2017  03:56 PM           121,248 WdNisDrv.sys
03/18/2017  03:56 PM            31,648 winhv.sys
03/18/2017  03:56 PM           118,688 hvsocket.sys
03/18/2017  03:56 PM            32,768 usbrpm.sys
03/18/2017  03:56 PM           101,888 bowser.sys
03/18/2017  03:57 PM            42,496 modem.sys
03/18/2017  03:57 PM            51,712 tcpipreg.sys
03/18/2017  03:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  03:57 PM            28,672 asyncmac.sys
03/18/2017  03:57 PM            19,968 irenum.sys
03/18/2017  03:57 PM            23,040 usb8023.sys
03/18/2017  03:57 PM            17,920 rasacd.sys
03/18/2017  03:57 PM           150,016 rmcast.sys
03/18/2017  03:57 PM            34,816 RNDISMP.sys
03/18/2017  03:57 PM            81,920 raspppoe.sys
03/18/2017  03:57 PM           120,320 irda.sys
03/18/2017  03:57 PM            87,040 ipfltdrv.sys
03/18/2017  03:57 PM            57,760 netbios.sys
03/18/2017  03:57 PM            50,688 mmcss.sys
03/18/2017  03:57 PM               646 gmreadme.txt
03/18/2017  03:57 PM         3,440,660 gm.dls
03/18/2017  03:57 PM            36,864 filetrace.sys
03/18/2017  03:57 PM           144,384 mrxdav.sys
03/18/2017  03:57 PM            21,504 smclib.sys
03/18/2017  03:57 PM            10,240 beep.sys
03/18/2017  03:57 PM           175,520 scsiport.sys
03/18/2017  03:57 PM            75,776 stream.sys
03/18/2017  03:57 PM            88,992 EhStorClass.sys
03/18/2017  03:57 PM            37,888 USBCAMD2.sys
03/18/2017  03:57 PM            31,232 tape.sys
03/18/2017  03:57 PM            23,552 mcd.sys
03/18/2017  03:57 PM            43,520 scfilter.sys
03/18/2017  03:57 PM            49,664 videoprt.sys
03/18/2017  03:57 PM            55,808 watchdog.sys
03/18/2017  03:57 PM           152,992 pacer.sys
03/18/2017  03:57 PM           122,368 NetAdapterCx.sys
03/18/2017  03:57 PM            40,352 tdi.sys
03/18/2017  03:57 PM           367,000 msrpc.sys
03/18/2017  03:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  03:57 PM            56,224 condrv.sys
03/18/2017  03:57 PM           105,880 mountmgr.sys
03/18/2017  03:57 PM            49,568 iorate.sys
03/18/2017  03:57 PM           391,584 Classpnp.sys
03/18/2017  03:57 PM           100,864 WUDFPf.sys
03/18/2017  03:57 PM           220,672 WUDFRd.sys
03/18/2017  03:57 PM            20,384 wmilib.sys
03/18/2017  03:57 PM            33,184 WppRecorder.sys
03/18/2017  03:57 PM             7,680 null.sys
03/18/2017  03:57 PM         1,735,584 refs.sys
03/18/2017  03:57 PM            69,120 npfs.sys
03/18/2017  03:57 PM            31,744 msfs.sys
03/18/2017  03:57 PM            93,184 cdfs.sys
03/18/2017  03:57 PM           902,376 Wdf01000.sys
03/18/2017  03:57 PM            61,672 WdfLdr.sys
03/18/2017  03:57 PM           386,464 fltMgr.sys
03/18/2017  03:57 PM            33,688 fs_rec.sys
03/18/2017  03:57 PM            20,376 ntosext.sys
03/18/2017  03:57 PM            52,640 pcw.sys
03/18/2017  03:57 PM           239,616 ahcache.sys
03/18/2017  03:57 PM            35,744 Dumpata.sys
03/18/2017  03:57 PM           373,664 volmgrx.sys
03/18/2017  03:57 PM           936,864 refsv1.sys
03/18/2017  03:57 PM           215,456 VerifierExt.sys
03/18/2017  03:57 PM           397,216 volsnap.sys
03/18/2017  03:57 PM            29,600 hwpolicy.sys
03/18/2017  03:57 PM            23,552 ws2ifsl.sys
03/18/2017  03:57 PM            80,288 SpbCx.sys
03/18/2017  03:57 PM           150,528 dfsc.sys
03/18/2017  03:57 PM           282,528 rdyboost.sys
03/18/2017  03:57 PM            50,688 ndiscap.sys
03/18/2017  03:57 PM            55,296 winhvr.sys
03/18/2017  03:57 PM            35,744 wimmount.sys
03/18/2017  03:57 PM            86,432 crashdmp.sys
03/18/2017  03:57 PM           347,136 exfat.sys
03/18/2017  03:57 PM           324,096 udfs.sys
03/18/2017  03:57 PM            77,216 CEA.sys
03/18/2017  03:57 PM            72,192 wcnfs.sys
03/18/2017  03:57 PM           164,768 wfplwfs.sys
03/18/2017  03:57 PM            86,432 fileinfo.sys
03/18/2017  03:57 PM           208,288 wof.sys
03/18/2017  03:57 PM           128,512 NdisImPlatform.sys
03/18/2017  03:57 PM            49,664 qwavedrv.sys
03/18/2017  03:57 PM           169,888 msgpioclx.sys
03/18/2017  03:57 PM           467,352 mrxsmb.sys
03/18/2017  03:57 PM           123,808 mup.sys
03/18/2017  03:57 PM            75,680 SerCx.sys
03/18/2017  03:57 PM            14,336 registry.sys
03/18/2017  03:57 PM           434,080 rdbss.sys
03/18/2017  03:57 PM            74,648 hvservice.sys
03/18/2017  03:57 PM           154,016 SerCx2.sys
03/18/2017  03:57 PM            12,288 mshidumdf.sys
03/18/2017  03:57 PM             8,704 mshidkmdf.sys
03/18/2017  03:57 PM            15,360 Dmpusbstor.sys
03/18/2017  03:57 PM            39,840 cnghwassist.sys
03/18/2017  03:57 PM            46,488 werkernel.sys
03/18/2017  03:57 PM            28,064 tbs.sys
03/18/2017  03:57 PM            83,456 mslldp.sys
03/18/2017  03:58 PM           741,376 PEAuth.sys
03/18/2017  03:58 PM            12,288 cldflt.sys
03/18/2017  03:58 PM           217,088 winnat.sys
03/18/2017  03:58 PM            66,560 lltdio.sys
03/18/2017  03:58 PM            82,432 rspndr.sys
03/18/2017  03:58 PM           877,472 ClipSp.sys
03/18/2017  03:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  03:58 PM            17,920 applockerfltr.sys
03/18/2017  03:58 PM            76,800 mpsdrv.sys
03/18/2017  03:58 PM           263,584 ufx01000.sys
03/18/2017  03:58 PM            59,288 urscx01000.sys
03/18/2017  03:58 PM           179,200 UcmTcpciCx.sys
03/18/2017  03:58 PM            36,864 IndirectKmd.sys
03/18/2017  03:58 PM            32,256 dumpsdport.sys
03/18/2017  03:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  03:58 PM            10,752 mspqm.sys
03/18/2017  03:58 PM            12,800 mstee.sys
03/18/2017  03:58 PM            10,752 mspclock.sys
03/18/2017  03:58 PM            79,872 rassstp.sys
03/18/2017  03:58 PM           107,008 rasl2tp.sys
03/18/2017  03:58 PM            97,792 raspptp.sys
03/18/2017  03:58 PM           127,488 Ndu.sys
03/18/2017  03:58 PM           192,000 ndiswan.sys
03/18/2017  03:58 PM           162,304 tunnel.sys
03/18/2017  03:58 PM             8,192 gpuenergydrv.sys
03/18/2017  03:58 PM           390,144 ks.sys
03/18/2017  03:58 PM           108,544 agilevpn.sys
03/18/2017  03:58 PM            27,136 vwifibus.sys
03/18/2017  03:58 PM            77,312 vwififlt.sys
03/18/2017  03:58 PM            27,136 ndistapi.sys
03/18/2017  03:58 PM            81,408 wanarp.sys
03/18/2017  03:58 PM            62,464 ndproxy.sys
03/18/2017  03:58 PM            65,536 ndisuio.sys
03/18/2017  03:58 PM           214,528 ipnat.sys
03/18/2017  03:58 PM           170,912 ksecpkg.sys
03/18/2017  03:58 PM            79,872 storqosflt.sys
03/18/2017  03:59 PM            30,624 WpdUpFltr.sys
03/18/2017  03:59 PM            91,152 dumpfve.sys
03/18/2017  09:30 PM           559,104 csc.sys
03/18/2017  09:30 PM           183,296 rdpdr.sys
03/18/2017  09:30 PM           143,776 AppvVfs.sys
03/18/2017  09:30 PM           161,696 AppvVemgr.sys
03/18/2017  09:30 PM           127,904 AppVStrm.sys
03/18/2017  09:30 PM           125,952 tsusbhub.sys
03/18/2017  09:30 PM            30,624 rdpvideominiport.sys
03/18/2017  09:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  09:31 PM            40,344 UevAgentDriver.sys
03/18/2017  09:31 PM           230,816 mssecflt.sys
03/18/2017  09:31 PM            37,280 terminpt.sys
03/18/2017  09:31 PM            27,136 rdpbus.sys
04/10/2017  01:36 PM            41,192 vbaudio_cable64_win7.sys
04/10/2017  01:51 PM            41,192 vbaudio_vmvaio64_win7.sys
04/10/2017  01:51 PM            41,192 vbaudio_vmauxvaio64_win7.sys
06/06/2017  01:46 PM            20,160 GUBootStartup.sys
06/20/2017  12:12 AM            86,528 hdaudbus.sys
06/20/2017  12:12 AM           264,192 usbvideo.sys
06/20/2017  12:14 AM            32,768 mskssrv.sys
06/20/2017  01:00 AM           142,752 wcifs.sys
07/07/2017  02:07 AM         1,106,848 http.sys
07/07/2017  02:24 AM           117,664 pdc.sys
07/08/2017  02:42 PM                 0 Msft_User_WpdFs_01_11_00.Wdf
07/08/2017  06:34 PM           388,000 USBXHCI.SYS
07/08/2017  06:34 PM           730,016 vhdmp.sys
07/08/2017  06:34 PM           219,040 tpm.sys
07/08/2017  06:34 PM           118,784 netvsc.sys
07/08/2017  06:34 PM           144,288 storahci.sys
07/08/2017  06:34 PM           277,504 xboxgip.sys
07/08/2017  06:34 PM           363,424 fastfat.sys
07/08/2017  06:34 PM           112,544 dam.sys
07/08/2017  06:34 PM           130,464 tm.sys
07/08/2017  06:34 PM            13,312 rootmdm.sys
07/08/2017  06:34 PM            27,136 ksthunk.sys
07/19/2017  12:16 PM            45,752 rzpmgrk.sys
07/27/2017  11:08 PM            97,792 bthhfenum.sys
07/27/2017  11:25 PM           115,712 bridge.sys
07/27/2017  11:27 PM            51,712 UcmUcsi.sys
07/28/2017  12:20 AM           279,968 msiscsi.sys
07/28/2017  12:23 AM           723,360 acpi.sys
07/31/2017  08:44 PM            83,968 vmbkmclr.sys
07/31/2017  09:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:36 PM           119,712 tdx.sys
07/31/2017  09:38 PM           382,368 clfs.sys
08/19/2017  11:56 AM           139,704 rzpnk.sys
09/04/2017  11:11 PM           254,976 srvnet.sys
09/04/2017  11:23 PM           305,152 netbt.sys
09/04/2017  11:25 PM            43,520 nsiproxy.sys
09/04/2017  11:26 PM           107,008 hidbth.sys
09/04/2017  11:27 PM           104,960 UcmCx.sys
09/04/2017  11:28 PM            71,680 usbser.sys
09/04/2017  11:28 PM            39,424 buttonconverter.sys
09/05/2017  12:11 AM           610,720 afd.sys
09/05/2017  12:21 AM           189,344 dumpsd.sys
09/05/2017  12:24 AM           519,584 netio.sys
09/05/2017  12:25 AM           159,648 partmgr.sys
09/05/2017  12:30 AM           287,648 sdbus.sys
09/18/2017  06:09 PM           554,400 USBHUB3.SYS
09/29/2017  02:20 AM           286,208 mrxsmb10.sys
09/29/2017  02:21 AM           722,944 srv2.sys
09/29/2017  02:21 AM           414,208 srv.sys
09/29/2017  02:29 AM           550,400 nwifi.sys
09/29/2017  02:32 AM            35,840 BasicRender.sys
09/30/2017  12:36 AM         2,672,024 tcpip.sys
09/30/2017  12:40 AM           173,976 usbccgp.sys
09/30/2017  12:40 AM           184,728 appid.sys
09/30/2017  12:41 AM           228,248 mrxsmb20.sys
09/30/2017  12:45 AM           511,896 usbhub.sys
09/30/2017  12:49 AM           135,576 ksecdd.sys
10/10/2017  08:05 PM            50,624 nvvad64v.sys
10/15/2017  09:57 AM           409,496 dxgmms1.sys
10/15/2017  09:57 AM           712,600 dxgmms2.sys
11/01/2017  11:19 PM           124,928 luafv.sys
11/01/2017  11:35 PM            25,600 Dumpstorport.sys
11/02/2017  12:12 AM            38,808 Diskdump.sys
11/02/2017  12:12 AM           714,648 fvevol.sys
11/02/2017  12:13 AM           546,712 storport.sys
11/02/2017  12:13 AM            95,640 stornvme.sys
11/02/2017  12:13 AM         2,443,672 dxgkrnl.sys
11/02/2017  12:15 AM         1,239,448 ndis.sys
11/02/2017  12:16 AM         2,327,448 ntfs.sys
11/09/2017  04:38 AM           233,904 nvhda64v.sys
11/15/2017  08:41 PM            57,792 nvvhci.sys
11/17/2017  03:56 AM           757,248 WdiWiFi.sys
11/17/2017  04:39 AM           643,200 cng.sys
11/29/2017  09:11 AM            77,432 mbae64.sys
11/29/2017  09:44 PM            42,496 vwifimp.sys
12/05/2017  11:15 PM           821,416 EasyAntiCheat.sys
12/19/2017  03:36 PM                 0 Msft_Kernel_LcUvcUpper_01011.Wdf
12/22/2017  02:32 PM           321,512 aswbidsdrivera.sys
12/22/2017  02:32 PM           199,448 aswbidsha.sys
12/22/2017  02:32 PM           343,768 aswbloga.sys
12/22/2017  02:32 PM            57,696 aswbuniva.sys
12/22/2017  02:32 PM           149,344 aswHdsKe.sys
12/22/2017  02:32 PM         1,025,176 aswSnx.sys
12/22/2017  02:33 PM           110,336 aswRdr2.sys
12/22/2017  02:33 PM           185,096 aswArPot.sys
12/22/2017  02:33 PM            46,976 aswHwid.sys
12/22/2017  02:33 PM           146,664 aswMonFlt.sys
12/22/2017  02:33 PM            84,384 aswRvrt.sys
12/22/2017  02:33 PM           457,400 aswSP.sys
12/22/2017  02:33 PM           358,672 aswVmm.sys
12/22/2017  02:33 PM           204,456 aswStm.sys
12/22/2017  02:33 PM            61,304 lpsport.sys
01/03/2018  12:31 AM            94,144 mwac.sys
01/03/2018  12:31 AM           110,016 farflt.sys
01/03/2018  12:31 AM           193,968 MbamChameleon.sys
01/03/2018  12:31 AM            46,008 mbam.sys
01/03/2018  01:58 AM           255,928 36D48384.sys
01/03/2018  03:13 PM           142,672 tibgjnqt.sys
01/03/2018  03:16 PM           253,880 mbamswissarmy.sys
01/03/2018  03:22 PM            55,232 hitmanpro37.sys
01/03/2018  03:35 PM            28,272 TrueSight.sys
             435 File(s)    105,385,062 bytes
               0 Dir(s)  44,107,800,576 bytes free

========= End of CMD: =========


==== End of Fixlog 19:24:35 ====

Link to post
Share on other sites

For the next part, you'll need to download the FRST executable and fixlist.txt on a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Link to post
Share on other sites

Good! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/4/18
Scan Time: 2:35 PM
Log File: 638e7d8e-f186-11e7-83e8-74d02b34933c.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3622
License: Free

-System Information-
OS: Windows 10 (Build 15063.786)
CPU: x64
File System: NTFS
User: DESKTOP-M6IKS03\trent

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363968
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 14 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites

# AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 20:55:09 2018
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BA3D0165-7775-4B41-A077-AB664AFB7A25}C:\users\trent\appdata\roaming\soda player\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{925D9EF5-F4CD-4D4A-AC7F-715A423EC88C}C:\users\trent\appdata\roaming\soda player\acestream\engine\ace_engine.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1962 B] - [2018/1/3 6:25:26]
C:/AdwCleaner/AdwCleaner[S1].txt - [1660 B] - [2018/1/3 18:3:8]
C:/AdwCleaner/AdwCleaner[S2].txt - [1545 B] - [2018/1/4 20:54:47]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

RogueKiller V12.11.31.0 (x64) [Jan  2 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : trent [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/04/2018 16:02:22 (Duration : 00:44:02)

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] HideoutService.exe(3128) -- C:\Program Files (x86)\Hideout\HideoutService.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.64.126.240 69.60.160.196 ([United States][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17c98974-f1de-49a1-a8a8-9e18fed1f605} | DhcpNameServer : 68.64.126.240 69.60.160.196 ([United States][-])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 75e7375c7c45a20cf0316463c3f77c83
[BSP] 3cec5330eb4dc0ca0dab5503dec542be : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 304678 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 5b2600847e5b247b2af35cd5a6c9294b
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 476810 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] 0cdbf3b7c22e7955c81e38dc301aa77d
[BSP] 263189aa2be5d5511a24eb920a6aad96 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 30604 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Link to post
Share on other sites

Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

How's your system behaving now? Are there any other issues to address?

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by trent (07-01-2018 01:13:57) Run:4
Running from C:\Users\trent\Downloads\frst
Loaded Profiles: trent (Available Profiles: defaultuser0 & trent & Guest Account)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\...\Run: [GoogleChromeAutoLaunch_FF1037EBDE125C1530510DAFE2D35437] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2018-01-03] (Google Inc.)

Task: {BB9FC6AC-BA8E-465D-BFDB-9DD11ED9E364} - System32\Tasks\Host Process for Windows Task => C:\Program Files (x86)\Deluxe\VB.exe

AlternateDataStreams: C:\Users\trent\AppData\Local\Temp:$DATA [16]

C:\Program Files (x86)\Deluxe
C:\Program Files (x86)\Phosgene

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-1584117033-2172017321-2951850606-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FF1037EBDE125C1530510DAFE2D35437" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB9FC6AC-BA8E-465D-BFDB-9DD11ED9E364} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB9FC6AC-BA8E-465D-BFDB-9DD11ED9E364}" => removed successfully
C:\WINDOWS\System32\Tasks\Host Process for Windows Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Host Process for Windows Task" => removed successfully
C:\Users\trent\AppData\Local\Temp => ":$DATA" ADS removed successfully
"C:\Program Files (x86)\Deluxe" => not found
C:\Program Files (x86)\Phosgene => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 165627053 B
Java, Flash, Steam htmlcache => 252695944 B
Windows/system/drivers => 74231740 B
Edge => 65233473 B
Chrome => 652824719 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 18920 B
NetworkService => 737992 B
defaultuser0 => 0 B
trent => 6941468368 B
Guest Account => 19797 B

RecycleBin => 166040 B
EmptyTemp: => 7.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:17:08 ====

Link to post
Share on other sites

No problem DankLord, you're welcome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

  • j1Bynr2.pngMalwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.