Jump to content
Mollytoohotty

Virus slowing down my PC's performance and other stuff

Recommended Posts

Hello, I come here to ask about my problem and what type of fix could I get.

 To start with, I'm currently running Windows 7 In an HP laptop with the safe mode.

The issue started a couple weeks ago where I started to notice my pc was acting strangely, I downloaded Avast's free antivirus to try and fix the problem with a full scan. The problem was gone for like an hour then it came back again. I started to notice also that my pc, whenever I started it, had the automatic antivirus protection option disabled and I had to manually enable it, the pc started to run very slowly and the last couple days it began to show problems as strong performance slow downs and they came with some net disconnect issues, I'm not really sure if the performance issue can affect the wi-fi but usually the pc disconnected like a minute or two. 
 

However, I uninstalled Avast, and installed Bitdefender, the same issue is giving me problems and it's even stronger lately, I hope I can get an answer about this problem. 

PD: Whenever the slow downs start I can't even open the task manager or it takes a couple of minutes to show and sometimes, programs like the Bitdefender or Steam do not open.

Share this post


Link to post
Share on other sites
Hello Mollytoohotty and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

I made one scan before because it went into my mind to install malwarebytes but I made a mistake and didn't scanned with Rootkits, I'm making a second scan currently, I'll send you the logs in the next reply.

Share this post


Link to post
Share on other sites

It might be relevant the fact that in the first scan, the Malwarebytes detected a lot of threats and I'm going to paste the logs of that scan and then the ones with the next. Sorry for bothering.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 23/04/2018
Scan Time: 19:02
Log File: 29c20354-4718-11e8-89d7-68b599e297fa.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4848
Licence: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SARITABLUE-PC\SARITABLUE

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 324292
Threats Detected: 350
Threats Quarantined: 350
Time Elapsed: 25 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 13
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Macromedia\ERRORCHECK, Quarantined, [510], [453498],1.0.4848
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D1699F6C-1840-43F3-B787-455BCD4E6A4B}, Quarantined, [510], [453498],1.0.4848
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D1699F6C-1840-43F3-B787-455BCD4E6A4B}, Quarantined, [510], [453498],1.0.4848
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [241], [183362],1.0.4848
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [241], [183362],1.0.4848
PUP.Optional.SearchManager, HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [241], [183362],1.0.4848
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ECFBCEDC-1410-4F3C-A675-E93157C2D7D5}, Quarantined, [3037], [512626],1.0.4848
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{ECFBCEDC-1410-4F3C-A675-E93157C2D7D5}, Quarantined, [3037], [512626],1.0.4848
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft LocalManager, Quarantined, [3037], [512626],1.0.4848
PUP.Optional.WinYahoo, HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [244], [182758],1.0.4848
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [244], [182758],1.0.4848
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [244], [182758],1.0.4848
PUP.Optional.YTConv, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YTConv, Quarantined, [2681], [465604],1.0.4848

Registry Value: 4
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [244], [182758],1.0.4848
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [244], [182758],1.0.4848
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D1699F6C-1840-43F3-B787-455BCD4E6A4B}|PATH, Quarantined, [510], [453495],1.0.4848
Trojan.FakeMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ECFBCEDC-1410-4F3C-A675-E93157C2D7D5}|PATH, Quarantined, [3037], [512627],1.0.4848

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Rogue.Agent.D.Generic, C:\USERS\SARITABLUE\APPDATA\ROAMING\65921884, Quarantined, [597], [371980],1.0.4848

File: 332
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage, Quarantined, [1705], [443124],1.0.4848
PUP.Optional.MindSpark.Generic, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage-journal, Quarantined, [1705], [443124],1.0.4848
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\MACROMEDIA\ERRORCHECK, Quarantined, [510], [453498],1.0.4848
PUP.Optional.SearchManager, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [241], [183362],1.0.4848
PUP.Optional.SearchManager, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, [241], [183362],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14992], [511630],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk, Quarantined, [14990], [303357],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.BAT, Replaced, [14990], [303357],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\PUBLIC\DESKTOP\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\ImplicitAppShortcuts\69639df789022856\Dаniеl - Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\SARITABLUE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Gооglе Сhrоmе.lnk, Quarantined, [14990], [303355],1.0.4848
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.BAT, Replaced, [14990], [303355],1.0.4848
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, Quarantined, [8247], [393793],1.0.4848
HackTool.CheatEngine, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\CHEAT ENGINE.EXE, Quarantined, [8301], [513708],1.0.4848
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$R1LANRX.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$R82W0WY.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$R8IXFMT.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$RJYE5PI.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$RWZFQK9.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-3023464165-3341198432-3267076325-1001\$RXM2ZV7.CRDOWNLOAD, Quarantined, [2], [398182],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{3KUCR-TJ2ZJ-HW7RC-XCPDR-XM6K8-DW1W3}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{3LO08-VFSR9-GZNGN-C5SNH-YRMMV-75TMU}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{4LARR-YRCK5-LW530-W56YG-WX371-QE2CG}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{4VSMA-GUX6X-TRHT5-JRRVK-5GGZQ-6AT9T}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{0L2VX-5BAFT-KXBBQ-RN3RB-GX6YY-P5RAC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{0UBO7-A4444-C4GZT-Q04PE-D19ZJ-VWFFF}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{1HURQ-31AWT-S5RRJ-ANV65-CL2GP-XBPA4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{KB4U5-BHDUD-02B4H-8GHRN-ME7P6-0OU2A}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{5HOXY-EQKZ5-NBMVW-5JUMX-DLY36-J06PQ}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{28ZC7-PODKY-QMXMT-68TA0-Y09HU-WP3UU}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{LM6SV-UOOHB-03GSG-TVTZW-AC42J-CPMYS}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{LT7C3-85NKF-U05D2-QO0OA-5PNXC-4WC3T}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{M2T0W-VVXMS-7MYCY-SP687-DXO0S-P5QO7}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{9C1X9-NF273-VH1GS-LU6RF-K2G4T-XGPRJ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{6RF6K-9R3BK-XPZJV-AV1GX-5RWYG-VZ858}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{9HEEQ-39Y05-6W1FC-MHEF7-WPTGJ-RNKEO}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{9V9D5-SPLRG-CQDA2-0R1L8-RURHA-Y413R}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{AVUZZ-805V2-F51VM-N9YZM-6NTFZ-4LNUY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{8RW20-00C2Q-OM0MS-H0CKO-5DGJH-C8STL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{CJ0MY-5N59O-42GHH-8L2R5-EBGTE-HSEKS}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{CL4LX-20LYS-95BMM-45R1R-3MY6B-H4Q18}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{FAYNP-B1UK0-6NVGT-6TKQD-3F4KF-RBY3X}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{FCAVO-P3K4P-P596Y-KFQY5-ZHGRK-4ZH5S}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{EB008-RD44M-G0UL1-H5WVK-2W42N-BCGHQ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{G1MYJ-YEG79-TV7BM-6QRRW-LADQ2-KAC7B}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NZ423-858RC-XONNX-TN33J-DFAEZ-W1UO5}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{GQD7O-RSBPD-Z4P7V-LWUU3-3LPU8-4JAM1}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{GZE82-5TVSO-4EFFX-XL7MR-V84ZG-4CQ7U}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{O0943-U0YOT-L84SF-S0C7K-AW4HK-RGUCO}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{H9H52-Z5DVB-E7MX9-OO5M8-Y3G4M-Y9ULA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{JR0YK-EMD6P-19Y6K-NC5YZ-O1QB5-XO26E}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{KO004-Y9T2E-KP5F2-6C6HN-31ZYY-UJ4RR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OSXRV-M1WZ5-DWR09-40C2J-4ZJVC-161C8}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NBBEC-DR4J5-6EZ7G-AZFVD-VWWNG-8UMEM}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{P12V9-Z0O38-6O93M-LAKEW-5HJB5-R86CO}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NHWRJ-2CRK0-5R8EZ-PS627-M5U90-TH7N7}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NQYHD-6YH1T-68Z03-CRL9S-XUFJ3-1LAA3}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OENOQ-P37T9-Y79E5-71B9R-X32OS-VCW2H}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NROMF-6C8Y5-RJVKV-P6KX7-DJSYD-T9Q88}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OJPX6-A6MKY-T3WSJ-0NPTS-768O3-QZQQQ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PEOMP-DMCZ1-FB99L-2BZ2Y-1OHMC-XO0PR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OK6MR-QE14L-TGRON-LRNYX-N9OPL-P2OTD}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OPPF8-OA6AU-A5UO8-7OFE5-CZYBQ-PC41E}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PETR8-QWJV7-OGH82-KX64O-3A1V0-YEG41}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PF2SA-05N73-FBCR7-8OYX6-O468B-TZEUG}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OW2HR-PHWL4-4UU5C-V9K0F-O5XMK-SKC5D}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OYQ6K-U8VS2-U9DTA-WV354-V8KKE-EZS64}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OYTYZ-KYG8O-7S6XV-78Z3Z-9EDRF-MOC52}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{P6XO9-8DDB8-EPN4O-MYZC8-TGPKD-SYW00}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PFRWL-B1C5D-5GDGM-CDA0Y-XLAPH-9SV4D}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PKF6G-92POA-ZEALJ-AGYRG-RFUJR-1ZOLX}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PMBB4-OTN69-PQQQW-ZEZY7-QK79T-U55ZP}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PGP62-RRK1O-JEJNJ-G1WS6-ROSCF-1LFUR}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQVZN-5NGAQ-XMVU8-NYDNE-R7F89-5FOOH}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQWYM-S2N0V-XBWJA-TTD2C-4FA0C-J7X3E}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PWLB0-0HN36-4K1ZY-NO5DN-016X7-MSLTM}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QJ5XB-2YEXZ-JFU8F-EN4WQ-RD421-K2XWV}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QPQYX-T8ASF-ACVH5-YP2Q0-B6FX8-BQBVP}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQ9BL-595EN-Y6VUW-7P9U6-RM0LP-K77NV}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QYMCO-DGOFL-L3U1C-A5UF4-XQCHP-X79MT}\VDS.EXE, Quarantined, [912], [500062],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PQF2M-9VGMP-4DWB8-684MX-Z9EFO-FQ8P4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QUO5E-HTWJR-F5MQH-M7252-TZKJM-YE1RH}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QZGNY-HBD9T-COLQU-E6Z72-KCLSZ-S87DZ}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QZUN8-PR46C-4PD5K-G0KWJ-5WDRT-P5SZY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{R2FXN-CV0NS-R9E13-0Y2AJ-HVW5K-7ZDAX}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{R37XN-UKTUW-TESW8-Z4SK8-V6Y6K-LDG6G}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RC7JE-KEXJ9-KL00Y-UBNXM-HU2UT-4HNFH}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RDL3Z-B746A-BFM22-PFNLH-NH6B3-80021}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QYZ03-96PH3-K7KPG-3CN4R-SZ5FQ-419FT}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{QT9BU-4Z0S0-NQO0X-6H8WV-4UVMQ-LLR6U}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RY8L9-TXAP3-8FT8L-HD4DQ-KWAZG-MOTKZ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{S21DL-ML5HP-QZ4FN-XOEM9-2XB27-1HGLR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{S7SWA-KFBDJ-1KACW-4NATP-2OCVR-QOF2F}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RVW51-48PFM-H646R-RR69N-FA2EH-UUUVY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SLCZ2-14N50-N5TNN-KO328-32EJ8-GBH86}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RWA3O-F3BQ4-PF5JL-XCKLG-L5RHZ-Z96GJ}\VDS.EXE, Quarantined, [912], [500062],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SRKYR-3CSP2-XTHG6-09T1J-565DT-MRARL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SWZTD-FZ8KE-7FCQM-89FH0-RMG1E-JU02B}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SAFNB-KPWLU-6MG05-Y609U-BDWTY-JGJA0}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U1ZLJ-WLK2B-NTRKW-Q5K5A-J6Q1U-DBKLY}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{T3S70-DRRR3-JKUUB-WU5DZ-YG42B-DXHW4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TDKXW-79UUN-1JS8W-39T6W-U9U0B-8E3W0}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TX93O-K9RA5-X4OKQ-M6SVP-NSUAP-2LPPM}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U2X79-RE8MM-JQ2NB-F2FL5-BZ4GH-EEPXF}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U5XB2-K9XQ2-R5H2R-OP40A-7HNNS-RMMPP}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U4ZTK-1FKBE-4T34N-VAOKC-79HE3-B53BP}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U6DVJ-S188Q-4OMZN-6NGLA-QK6BX-G66EN}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U8JSA-4KV62-DD0TC-0LQGA-2U42Q-CBSFC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{U9FH2-LSBCM-MN9QY-E19YC-BEDZ3-5GK99}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UECE2-C5ATK-V1BF1-YU9PA-0PGME-5FLOP}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UAG69-E1HL4-04OB9-66POF-8Q7Y8-O6E48}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UG4PL-SNCWL-G1Q1F-ZZKX2-MWWGY-R3MWR}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{URDON-6TJBE-UNYTV-J616U-M5O16-A7BJ1}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UH38Y-6QFSH-Z1KLC-HUJJ7-KMWLV-J9A9M}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{URJFO-9CUAU-414Z7-MN1NP-D9OXO-G0AUN}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UWKL4-4GXX7-YP8LH-UJO6Q-FESED-Z3VY7}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{V8U53-LSSUW-E3D3L-Y26PX-NDSCF-OHR2L}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{V5LNV-0YLXW-3XRQG-2H0BW-FRP7C-VFAOB}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{UX2R3-58PMR-7YZ9K-6EMKA-QMFGU-6UB4L}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VEENM-93UF1-LP432-7T0VP-5S4OO-HSNKR}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VHG25-4L02X-STUGE-DHSSH-WFEMA-15B2X}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VJA7H-Y48ZP-7W7N2-Z5S4G-3RTTA-OG7QC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VNP0L-SR2YU-LHBSB-DPLP4-D1EBV-DN4WS}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VU7AL-57F9R-72DH8-U1GG2-JT7NL-0EDJ4}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{W44WJ-CBYQZ-1FJLR-5M5Z1-0PQSB-GY558}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{W8FH0-R9LEM-N2425-N0E2H-K0PEN-QMAPF}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WZEQ0-WN9D9-7GD45-2G7KY-ZN1SW-VMPBL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WZFP2-2YTFT-D1SWJ-MBERQ-01JL5-C0ZXA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y2Q2D-WOJ66-PGE5B-EHK24-WAB8X-J99XT}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y2SSA-LRF9Y-LUXQ9-F351E-CLCR0-WDRYC}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WFQDZ-G94K9-8Q26J-1X0X0-6DBHS-ZG41V}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WKXFA-H14KM-SH8T0-SSY3S-459GY-1LPJK}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YBK5O-Y0L3J-42A24-E2387-7ENFM-GPNUC}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WM98N-9MP51-2EY18-6T0S2-ZNP7W-Y077B}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YBWL4-1D8X1-8KJS3-E06XD-97F5J-6O9E5}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WPVO5-22O35-DUXPV-F7BWY-73AOW-CCQPO}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y4EYW-4VNQO-ZD9UV-39RTL-QKC9T-VE2LP}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{XMND2-Q64DF-33LQ4-EB2N0-UDKDF-RGYYD}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y8GHK-XNYFD-R22SY-VOGS7-1Y23A-0HF51}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{XNL7B-7MKFT-V9CF4-A6B7Z-RZQZV-RQNB2}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YA1F0-3LC6B-W2Y00-CUMUD-4UKNP-BG7X6}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{XXMTT-7ED40-3H5ED-5NVO0-8HJ69-48Q04}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YHFTX-WXEZM-VY7AV-VKWFA-1BH0E-USEDB}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y1NPN-J549L-2XSSE-V3R3W-S7TGE-63HEJ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YJ0AH-PB3RN-ASB7W-5SUOD-P7F0V-6G10U}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z923K-06AMP-WP15R-1YH3S-B09L4-JVKL0}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZQPJB-10T7N-8TANG-3KXRH-KM5XB-KQ8YL}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZR8PX-TAUNQ-R3JX4-OQNYY-PJYW2-GOOQ1}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZEKON-0LVBE-XFD5O-A9GW2-84PBS-469HL}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZWOMW-ERJ8D-DY8ZZ-A59EG-8G4Y3-M8BEA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YSO8H-GOEH4-D4XSR-DSVFD-C8Z3L-LARXO}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZJ3U9-Z70ZA-41FO3-NKOKV-C06JW-0P4GE}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YXSAM-2PWTE-JORPY-4YXRO-28CW4-GRDZA}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZXF7K-VLAVH-WXUKD-ATXXV-C5OFV-S10SK}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z3CAY-F2N8U-68X8M-SGNMO-2L4S7-K32BJ}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZXP9E-GPQXG-LTT29-O9HAG-UMVJ9-TEJV9}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z7B0L-GBROW-68KSD-CNZA8-P7FYU-UP2VK}\IDLEMONITOR.EXE, Quarantined, [912], [477373],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Z9G5H-7WM05-S7DJY-ZYJGM-WMBNW-B5QA7}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZBA5D-M6UAP-V4QYV-R0QEA-USFQX-162VM}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZWUT8-ZKBT9-RRN42-ZAY71-X148Z-AAM4L}\IDLEMONITOR.EXE, Quarantined, [912], [467508],1.0.4848
RiskWare.BitCoinMiner, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{ZY2YQ-LP75M-YLEE4-EDSLW-VOU8Z-NZA1O}\IDLEMONITOR.EXE, Quarantined, [912], [502539],1.0.4848
Adware.Elex.ShrtCln, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [245], [454727],1.0.4848
Adware.Elex.ShrtCln, C:\USERS\SARITABLUE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [245], [454727],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{KOE0F-R0NXE-U79V3-P48XW-SECXU-UTU0P}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OFV93-J79O3-WGCSZ-FGGW2-00QB3-H5UJM}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{MHBES-A990T-9TB1L-BBGGE-CA0JZ-OPXY2}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{N0LGY-VEJ3E-AYLUC-34ZCM-2TB7H-PPPTZ}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{OP8E3-RKZ2B-BRUX9-3R6YZ-U17FC-J8HBQ}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PBQYM-1F1VX-0TL48-FKE9N-56SZA-HY0CH}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{3DY7M-TK5T4-69K3R-06TNN-9VZQ1-0W8JP}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{PUT20-45ZEU-H7NCG-NLEOF-0Z5R6-3OG22}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{R7XDR-K8H1S-8S1DA-FU8QA-P3GJ4-9SXE2}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RDWNA-Y3FAH-BU5XE-7PJ0R-DOELB-EQOKA}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RJQHA-9PZQ3-P1PAE-ZR2LA-ODXGZ-ME1U1}\VDS.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{SXYSW-OLYM3-62777-JF1KE-NAH8K-2A1W9}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RU5Q1-M4BXH-C4QX7-GTF6B-MZOX9-HVTNP}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TAVXP-W2P0V-H1CD2-NMPBZ-N718X-N2TNQ}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{TFN1X-04TH2-4ND18-2XSES-AQTAL-FXO71}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{NS007-N6981-4XK1X-QUREV-OZYA7-F8196}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VB9EB-VHGJA-76D1F-7XXKE-5O8Q0-M2XWO}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VXG79-J95NT-CALE5-3G53S-53QWR-BD9OV}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{RKLJP-9WXHR-3GTOF-7XTWJ-H5P0A-TKKPR}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{WCVSX-6QX5B-J0TZ6-532BS-BFVPG-H1971}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{VPFRE-X4HFJ-NESW6-ZOES7-G1OE5-U4OPY}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y4KOS-WUURW-G37RE-DNQSR-5K0VL-HS10S}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{Y2Q3N-VM2JL-QZVQ8-Q5HAD-XLWSU-VHOLW}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848
Generic.Malware/Suspicious, C:\USERS\SARITABLUE\APPDATA\LOCAL\TEMP\{YBELK-UW5UR-MJ3JF-93GE3-PFDHH-VH5GP}\IDLEMONITOR.EXE, Quarantined, [0], [392686],1.0.4848

Physical Sector: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

Thanks for that log, post new Malwarebytes log and both produced logs from FRST whenever you`re ready...

Share this post


Link to post
Share on other sites

Sorry for taking so long Kevin, here are the logs:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 23/04/2018
Scan Time: 19:57
Log File: b8aac932-471f-11e8-a0bf-68b599e297fa.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4848
Licence: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SARITABLUE-PC\SARITABLUE

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Cancelled
Objects Scanned: 224274
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 50 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by SARITABLUE (administrator) on SARITABLUE-PC (23-04-2018 20:28:29)
Running from C:\Users\SARITABLUE\Downloads
Loaded Profiles: SARITABLUE &  (Available Profiles: SARITABLUE)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2728472 2014-12-16] (Sony Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\MountPoints2: {81330e5b-8a49-11e7-a4f7-68b599e297fa} - H:\CMADownloader.exe
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\MountPoints2: {e7228655-92db-11e7-983c-68b599e297fa} - G:\autorun.exe
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\MountPoints2: {81330e5b-8a49-11e7-a4f7-68b599e297fa} - H:\CMADownloader.exe
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\MountPoints2: {e7228655-92db-11e7-983c-68b599e297fa} - G:\autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A3B667EB-E1FC-4221-812E-A762C0C10A57}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-04] (Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-06-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bu52x60u.default
FF ProfilePath: C:\Users\SARITABLUE\AppData\Roaming\Mozilla\Firefox\Profiles\bu52x60u.default [2017-12-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3023464165-3341198432-3267076325-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SARITABLUE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SARITABLUE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default [2018-03-13]
CHR Extension: (Google Drive) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-07]
CHR Extension: (YouTube) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-07]
CHR Extension: (Hojas de cálculo) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]
CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-16]
CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-23]
CHR Extension: (Presentaciones) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Documentos) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-16]
CHR Extension: (YouTube) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-16]
CHR Extension: (Hojas de cálculo) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-07]
CHR Profile: C:\Users\SARITABLUE\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-28] ()
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1267984 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-28] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-02-19] (Hi-Rez Studios) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1282232 2018-01-19] (Bitdefender)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2018-02-13] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2018-02-13] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2018-02-13] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 PlaysService; "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1179248 2018-03-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1725800 2018-02-02] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [154888 2018-01-29] (Bitdefender)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2017-12-17] (Bluestack System Inc. )
R3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30352 2017-09-06] (Disc Soft Ltd)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [248336 2017-11-15] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [191784 2018-02-05] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-20] (REALiX(tm))
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-23] (Malwarebytes)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-23 20:28 - 2018-04-23 20:31 - 000021553 _____ C:\Users\SARITABLUE\Downloads\FRST.txt
2018-04-23 20:07 - 2018-04-23 20:28 - 000000000 ____D C:\FRST
2018-04-23 20:06 - 2018-04-23 20:07 - 002404864 _____ (Farbar) C:\Users\SARITABLUE\Downloads\FRST64.exe
2018-04-23 19:36 - 2018-04-23 19:36 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-23 19:35 - 2018-04-23 19:35 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-23 19:04 - 2018-04-23 19:07 - 000225634 _____ C:\TDSSKiller.3.1.0.17_23.04.2018_19.04.14_log.txt
2018-04-23 19:02 - 2018-04-23 19:49 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-23 19:02 - 2018-04-23 19:04 - 004949824 _____ (AO Kaspersky Lab) C:\Users\SARITABLUE\Downloads\tdsskiller.exe
2018-04-23 19:02 - 2018-04-23 19:02 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-23 19:01 - 2018-04-23 19:01 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-23 19:01 - 2018-04-23 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-23 19:01 - 2018-04-23 19:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-23 19:01 - 2018-04-23 19:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-23 19:01 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-23 18:52 - 2018-04-23 19:01 - 073551144 _____ (Malwarebytes ) C:\Users\SARITABLUE\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4834.exe
2018-04-23 18:25 - 2018-04-23 19:04 - 000132894 _____ C:\Windows\ntbtlog.txt
2018-04-22 21:28 - 2018-04-22 21:30 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\DarkSoulsIII
2018-04-22 20:01 - 2018-04-22 20:02 - 074784872 _____ C:\Users\SARITABLUE\Desktop\spiral.wav
2018-04-22 19:45 - 2018-04-22 19:45 - 086016104 _____ C:\Users\SARITABLUE\Desktop\21 de septiembre.wav
2018-04-22 19:40 - 2018-04-22 19:40 - 042344552 _____ C:\Users\SARITABLUE\Desktop\frijolero.wav
2018-04-22 08:54 - 2018-04-22 08:54 - 000001116 _____ C:\Windows\system32\bddel.dat
2018-04-22 07:21 - 2018-04-22 07:21 - 000001183 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2018-04-22 07:21 - 2018-04-22 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2018-04-22 07:21 - 2018-04-22 07:21 - 000000000 ____D C:\ProgramData\Bitdefender
2018-04-22 07:21 - 2018-02-05 13:16 - 000191784 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2018-04-22 07:21 - 2017-11-15 07:28 - 000248336 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2018-04-22 07:20 - 2018-03-07 06:00 - 001179248 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2018-04-22 07:20 - 2018-02-02 05:00 - 001725800 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2018-04-22 07:20 - 2018-01-29 08:36 - 000154888 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2018-04-22 07:17 - 2018-04-22 07:17 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\QuickScan
2018-04-22 07:17 - 2016-06-22 15:40 - 000520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2018-04-22 07:16 - 2018-04-23 20:31 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-04-22 07:06 - 2018-04-23 19:37 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-04-22 07:04 - 2018-04-22 07:24 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-04-22 07:04 - 2018-04-22 07:04 - 000048688 _____ C:\ProgramData\agent.1524373473.bdinstall.bin
2018-04-22 07:04 - 2018-04-22 07:04 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-04-22 07:03 - 2018-04-22 07:04 - 010160608 _____ C:\Users\SARITABLUE\Downloads\bitdefender_online.exe
2018-04-22 06:58 - 2018-04-22 06:58 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\SlimWare Utilities Inc
2018-04-22 01:35 - 2018-04-22 01:35 - 000000222 _____ C:\Users\SARITABLUE\Desktop\DARK SOULS III.url
2018-04-21 23:31 - 2018-04-21 23:33 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\UNDERTALE
2018-04-21 23:13 - 2018-04-21 23:13 - 000000222 _____ C:\Users\SARITABLUE\Desktop\Undertale.url
2018-04-20 16:04 - 2018-04-20 16:04 - 003198147 _____ C:\Users\SARITABLUE\Downloads\video-1519596305.mp4
2018-04-18 07:49 - 2018-04-18 07:50 - 016290668 _____ C:\Users\SARITABLUE\Downloads\sa-mp-0.3.7-R2-install (1).exe
2018-04-18 07:36 - 2018-04-18 07:36 - 016290668 _____ C:\Users\SARITABLUE\Downloads\sa-mp-0.3.7-R2-install.exe
2018-04-17 20:39 - 2018-04-17 20:39 - 000000000 ____D C:\Users\SARITABLUE\Documents\dog
2018-04-14 18:01 - 2018-04-14 18:01 - 000299040 ____N C:\Windows\Minidump\041418-22932-01.dmp
2018-04-14 11:30 - 2018-04-14 11:31 - 000000000 ____D C:\Users\SARITABLUE\Downloads\Linkin Park - The Messenger
2018-04-13 22:16 - 2018-04-14 18:05 - 000000000 ____D C:\Users\SARITABLUE\Downloads\My Chemical Romance - Famous Last Words
2018-04-12 18:45 - 2018-04-12 18:45 - 000032091 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # Linkin Park - The Messenger.torrent
2018-04-12 18:44 - 2018-04-12 18:44 - 000013427 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # Slipknot - Snuff.torrent
2018-04-12 18:43 - 2018-04-12 18:43 - 000015238 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # My Chemical Romance - Famous Last Words.torrent
2018-04-12 18:41 - 2018-04-12 18:41 - 000011271 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # Johnny Cash - Ring Of Fire.torrent
2018-04-12 18:41 - 2018-04-12 18:41 - 000001200 _____ C:\Users\Public\Desktop\Play UltraStar Deluxe WorldParty.lnk
2018-04-12 18:41 - 2018-04-12 18:41 - 000000000 ____D C:\Users\SARITABLUE\Downloads\El Cuarteto de Nos - El hijo de Hernández
2018-04-12 18:40 - 2018-04-12 19:00 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\ultrastardx
2018-04-12 18:40 - 2018-04-12 18:40 - 000012183 _____ C:\Users\SARITABLUE\Downloads\ultrastar-es.org # piglet # El Cuarteto de Nos - El hijo de Hernández.torrent
2018-04-12 18:40 - 2018-04-12 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe WorldParty
2018-04-12 18:40 - 2018-04-12 18:40 - 000000000 ____D C:\Program Files (x86)\UltraStar Deluxe WorldParty
2018-04-12 18:38 - 2018-04-12 18:39 - 032253155 _____ C:\Users\SARITABLUE\Downloads\ultrastardx-WorldParty-12.07-installer-full.exe
2018-04-12 16:47 - 2018-04-12 16:47 - 000000000 ____D C:\Users\SARITABLUE\Documents\Mis Creaciones Spore
2018-04-12 16:46 - 2018-04-12 16:46 - 000001869 _____ C:\Users\SARITABLUE\Desktop\SporeApp - Acceso directo.lnk
2018-04-12 16:45 - 2018-04-12 16:47 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\SPORE
2018-04-11 17:29 - 2018-04-11 17:29 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2018-04-11 16:08 - 2018-04-11 16:09 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\FalloutNV
2018-04-11 14:55 - 2018-04-11 14:55 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks
2018-04-11 10:03 - 2018-04-11 10:04 - 000038335 _____ C:\Users\SARITABLUE\Downloads\Spore.%5BMULTI17%5D%5BPCDVD%5D%5BWwW.GamesTorrents.CoM%5D.t4360 (6).torrent
2018-04-04 05:59 - 2018-04-04 05:59 - 000000855 _____ C:\Users\SARITABLUE\Downloads\Molly.txt
2018-04-01 11:20 - 2018-04-01 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starbound Spacefarer
2018-04-01 11:19 - 2018-04-01 12:43 - 000000000 ____D C:\Program Files (x86)\Starbound Spacefarer
2018-03-28 17:58 - 2018-03-28 17:58 - 000000000 ____D C:\Users\SARITABLUE\Documents\Klei
2018-03-28 17:29 - 2018-03-28 17:29 - 000000222 _____ C:\Users\SARITABLUE\Desktop\Don't Starve Together.url
2018-03-28 07:42 - 2018-03-28 07:42 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-25 11:03 - 2018-03-25 11:03 - 000000000 ____D C:\Windows\pss
2018-03-25 09:47 - 2018-03-25 09:47 - 000000000 ____D C:\Windows\SysWOW64\xlive
2018-03-25 09:47 - 2018-03-25 09:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-03-25 09:46 - 2018-03-25 09:46 - 021598208 _____ C:\Users\SARITABLUE\Downloads\xliveredist.msi
2018-03-25 09:42 - 2018-03-25 09:42 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\Fallout3
2018-03-25 00:23 - 2018-03-25 00:23 - 000002284 _____ C:\Users\SARITABLUE\Desktop\Fallout 3 Gold Repack.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-23 19:37 - 2017-10-12 20:57 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\LogMeIn Hamachi
2018-04-23 19:35 - 2017-07-15 21:12 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-04-23 19:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-23 19:30 - 2018-03-13 11:59 - 000000000 ____D C:\Windows\System32\Tasks\Macromedia
2018-04-23 19:30 - 2017-06-18 12:15 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-04-23 18:11 - 2017-06-15 21:27 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-23 15:45 - 2009-07-14 06:45 - 000025296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-23 15:45 - 2009-07-14 06:45 - 000025296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-22 20:06 - 2017-06-23 15:14 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\audacity
2018-04-22 19:57 - 2017-06-23 14:22 - 000000016 _____ C:\Users\SARITABLUE\AppData\Roaming\msregsvv.dll
2018-04-22 19:57 - 2017-06-23 14:22 - 000000016 _____ C:\ProgramData\autobk.inc
2018-04-22 14:21 - 2017-08-03 00:57 - 000000000 ____D C:\Users\SARITABLUE\Desktop\ÇDaniel
2018-04-22 10:41 - 2017-07-13 03:39 - 000007606 _____ C:\Users\SARITABLUE\AppData\Local\Resmon.ResmonCfg
2018-04-22 07:38 - 2009-07-14 06:45 - 004998520 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-22 07:19 - 2015-01-21 08:21 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-04-22 07:19 - 2015-01-17 14:53 - 000000000 ____D C:\Program Files\Adobe
2018-04-22 07:19 - 2015-01-17 14:38 - 000000000 ____D C:\ProgramData\Adobe
2018-04-22 07:18 - 2015-01-21 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2018-04-22 07:18 - 2015-01-17 14:37 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\Adobe
2018-04-22 07:17 - 2015-01-17 14:54 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-04-22 07:16 - 2015-01-17 11:12 - 000093008 _____ C:\Users\SARITABLUE\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-22 07:07 - 2015-01-17 11:09 - 000000000 ____D C:\Users\SARITABLUE
2018-04-22 07:05 - 2015-01-17 14:36 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\Adobe
2018-04-22 06:28 - 2017-07-08 07:52 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\uTorrent
2018-04-22 01:35 - 2017-06-15 21:44 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-21 19:54 - 2018-03-13 20:06 - 000004512 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-21 19:54 - 2018-02-20 15:15 - 000002906 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SARITABLUE)
2018-04-21 19:54 - 2017-12-06 23:39 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-21 19:54 - 2017-12-06 23:39 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-21 19:54 - 2015-04-14 22:16 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-21 19:54 - 2015-01-24 09:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-04-21 19:54 - 2015-01-20 10:07 - 000003154 _____ C:\Windows\System32\Tasks\MirageAgent
2018-04-21 19:54 - 2015-01-18 13:07 - 000003334 _____ C:\Windows\System32\Tasks\{351EC988-1E73-4C8E-BABC-6ECC2A34DB5D}
2018-04-21 19:54 - 2015-01-18 13:05 - 000003282 _____ C:\Windows\System32\Tasks\{4B6B8A09-7F32-47F6-ADB4-D770D90F234A}
2018-04-21 19:54 - 2015-01-17 21:54 - 000004230 _____ C:\Windows\System32\Tasks\Red Giant Link
2018-04-19 17:52 - 2011-04-12 11:10 - 000035316 _____ C:\Windows\system32\perfh00A.dat
2018-04-19 17:52 - 2011-04-12 11:10 - 000014974 _____ C:\Windows\system32\perfc00A.dat
2018-04-19 17:52 - 2009-07-14 07:13 - 000812948 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-19 17:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-16 09:39 - 2009-07-14 07:08 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-15 13:44 - 2017-06-18 21:02 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\discord
2018-04-14 18:02 - 2016-02-26 18:30 - 000000000 ____D C:\Windows\Minidump
2018-04-12 18:45 - 2018-03-13 19:08 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw54bed2346383ade2.tmp
2018-04-11 17:38 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-04-11 17:15 - 2015-01-17 11:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-11 16:08 - 2017-06-16 02:01 - 000000000 ____D C:\Users\SARITABLUE\Documents\My Games
2018-04-11 09:32 - 2015-04-14 22:16 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-11 09:32 - 2015-04-14 22:16 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-11 09:31 - 2015-04-14 22:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-11 09:31 - 2015-01-21 08:22 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 14:44 - 2018-03-13 19:08 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdb736d0b181be7f7.tmp
2018-04-10 14:44 - 2018-03-13 19:08 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2d8314db0832f639.tmp
2018-04-10 14:44 - 2018-03-13 19:08 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc68979199a857808.tmp
2018-04-10 14:44 - 2018-03-13 19:08 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9588a1445c8e0e4f.tmp
2018-04-10 14:44 - 2018-03-13 19:08 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\asw206731096a88ecab.tmp
2018-04-10 14:44 - 2018-03-13 19:08 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 1a41023caac85d2.tmp
2018-04-10 14:44 - 2018-03-13 19:08 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw addfcdf8117af2e.tmp
2018-04-10 14:42 - 2018-03-13 19:08 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw366fd9f36149dec7.tmp
2018-04-10 14:42 - 2018-03-13 19:08 - 000227784 _____ (AVAST Software) C:\Windows\SysWOW64\WINDOWS_ICONS_FOLDER
2018-04-04 03:42 - 2017-11-17 22:52 - 000000000 ____D C:\Users\SARITABLUE\AppData\Local\osu!
2018-03-29 21:02 - 2017-07-04 01:14 - 000000000 ____D C:\Users\SARITABLUE\AppData\Roaming\OBS
2018-03-25 00:35 - 2015-01-25 20:50 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-03-25 00:34 - 2015-01-25 20:51 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-03-25 00:07 - 2017-11-15 19:09 - 000000000 ____D C:\Users\SARITABLUE\Downloads\yeet
2018-03-25 00:03 - 2018-03-18 00:44 - 000000000 ____D C:\Program Files (x86)\VictorVal

==================== Files in the root of some directories =======

2017-06-23 14:22 - 2018-04-22 19:57 - 000000016 _____ () C:\Users\SARITABLUE\AppData\Roaming\msregsvv.dll
2015-01-17 11:28 - 2015-01-17 11:28 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\AtStart.txt
2015-01-17 11:28 - 2015-01-17 11:28 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\DSwitch.txt
2015-01-20 10:03 - 2015-01-20 10:03 - 000002091 _____ () C:\Users\SARITABLUE\AppData\Local\FastClean.20150120.090319.txt
2015-01-17 11:28 - 2015-01-17 11:28 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\QSwitch.txt
2017-07-13 03:39 - 2018-04-22 10:41 - 000007606 _____ () C:\Users\SARITABLUE\AppData\Local\Resmon.ResmonCfg
2015-08-17 17:33 - 2015-08-17 17:33 - 000353118 _____ () C:\Users\SARITABLUE\AppData\Local\SquareClock.Production_HBMV1Icon.ico
2017-10-30 17:48 - 2016-11-23 15:37 - 000000570 _____ () C:\Users\SARITABLUE\AppData\Local\TroubleshooterConfig.json
2015-10-31 09:10 - 2015-10-31 09:10 - 000000000 _____ () C:\Users\SARITABLUE\AppData\Local\{0F476025-7ADC-4BD9-824C-219B0C32DEFA}

Some files in TEMP:
====================
2018-03-14 20:36 - 2018-03-14 20:36 - 000044032 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\da1717b2d.dll
2018-03-22 09:02 - 2018-03-18 01:19 - 000363273 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\Desinstalar.exe
2018-03-13 20:23 - 2018-03-13 20:23 - 000047104 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\e59471b6b.dll
2018-03-14 20:24 - 2018-03-14 20:24 - 000034816 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\ea38797a.dll
2018-03-13 16:17 - 2018-03-13 16:17 - 000046592 _____ () C:\Users\SARITABLUE\AppData\Local\Temp\ee5cc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-10 01:06

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by SARITABLUE (23-04-2018 20:33:42)
Running from C:\Users\SARITABLUE\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-01-17 09:09:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3023464165-3341198432-3267076325-500 - Administrator - Disabled)
Invitado (S-1-5-21-3023464165-3341198432-3267076325-501 - Limited - Disabled)
SARITABLUE (S-1-5-21-3023464165-3341198432-3267076325-1000 - Administrator - Enabled) => C:\Users\SARITABLUE

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version:  - )
Apple ProRes QuickTime Decoder (HKLM-x32\...\{B0870386-2559-4762-A46D-020E60FB9BA9}) (Version: 1.0.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.78 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.11.16 - Bitdefender)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.54.65.1755 - BlueStack Systems, Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Crossout Launcher 1.0.3.25 (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\CrossOutLauncher_is1) (Version:  - )
Crossout Launcher 1.0.3.25 (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\CrossOutLauncher_is1) (Version:  - )
Cuphead (HKLM-x32\...\Cuphead_is1) (Version:  - )
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0484 - Disc Soft Ltd)
DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version:  - )
Discord (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
Discord (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\Discord) (Version: 0.0.300 - Discord Inc.)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0ACCA8BE-C376-428E-894E-D660A07B4C69}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 3 Gold Repack (HKLM-x32\...\Fallout 3 Gold Repack) (Version:  - )
Far Cry 3 Blood Dragon version 1.1.0.0 (HKLM-x32\...\Far Cry 3 Blood Dragon_is1) (Version: 1.1.0.0 - Mr DJ)
Far Cry 3 version 1.5.0.0 (HKLM-x32\...\Far Cry 3_is1) (Version: 1.5.0.0 - Mr DJ)
Far Cry 4 version 1.10.0.0 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.10.0.0 - Mr DJ)
Farming Simulator 17 KUHN (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Frets On Fire Ultimate (HKLM-x32\...\Frets On Fire Ultimate) (Version:  - )
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ)
Guitar Hero III (HKLM-x32\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.3 - Aspyr)
Guitar Hero Three Control Panel (HKLM-x32\...\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}) (Version: 2.0.4 - Sigma Production Inc.)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.6.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hot Keyboard Pro 2.8 (HKLM-x32\...\Hot Keyboard Pro_is1) (Version: 2.8 - Imposant)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{F1745BCC-8CBA-4471-AB45-B361F72A115E}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{1B27BDCF-4A5B-4D70-9590-7D50247DC1D4}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
Hydrogen (Advanced drum machine for GNU/Linux) (HKLM-x32\...\ON) (Version: 0.9.7 - Hydrogen Developers)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Magic Bullet Suite 64-bit (HKLM\...\{4D2F05BB-228E-4081-B94C-50AD015EE462}) (Version: 11.4.2 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{4D2F05BB-228E-4081-B94C-50AD015EE462}) (Version: 11.4.2 - Red Giant Software)
Malwarebytes versión 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Max Payne 3 - Complete Edition (HKLM-x32\...\Max Payne 3 - Complete Edition_is1) (Version:  - )
MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{246dcb72-b18c-4ab9-9de9-8a996296b01d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 57.0 (x64 es-ES)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.5.4 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.4 - Multi Theft Auto)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{b403d160-f948-4ceb-ab35-26f039b584c0}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{D0A231B2-5921-45B7-A2FC-4EC937D6E020}) (Version: 9.1.00 - Sony Corporation) Hidden
Progress Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.20171.26113 - Telerik)
QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.107.323.2017 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Roblox Player for SARITABLUE (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Player for SARITABLUE (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SketchUp 2018 (HKLM\...\{5EAA3D58-258D-4D24-BA22-C8D8D704F515}) (Version: 18.0.16975 - Trimble Navigation Limited)
Skype versión 8.17 (HKLM-x32\...\Skype_is1) (Version: 8.17 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
Songr (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\Songr) (Version: 2.1 - Xamasoft)
Songr (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\Songr) (Version: 2.1 - Xamasoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SPORE(TM) (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Starbound Spacefarer (HKLM-x32\...\Starbound Spacefarer_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
The Long Dark v1.16 Rugged Sentinel (HKLM\...\dGhlbG9uZ2Rhcms_is1) (Version: 1 - )
Tony Hawk's Pro Skater 3 v1.01 (HKLM-x32\...\Tony Hawk's Pro Skater 3_is1) (Version:  - Neversoft)
UltraStar Deluxe WorldParty (HKLM-x32\...\UltraStar Deluxe WorldParty) (Version: WorldParty - USDX Team & zup3r_vock)
Unity Web Player (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{DAFCD7DE-1531-4483-9F53-170766074E85}) (Version:  - Microsoft)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0) (HKLM\...\B30ECD0209A21D638611F893829C8AF3A483A302) (Version: 04/29/2008 2.5.0.0 - ENE)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinToHDD versión 2.5 (HKLM\...\WinToHDD_is1) (Version: 2.5 - Hasleo Software.)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.3 - X Codec Pack team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3023464165-3341198432-3267076325-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers1: [HotKeyboard] -> {9493BF10-6A0A-11D3-AFB2-00C06C397814} => C:\Program Files (x86)\Hot Keyboard Pro\HkShExt64.dll [2017-06-30] (Imposant)
ContextMenuHandlers1-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers2-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-12-19] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers6: [HotKeyboard] -> {9493BF10-6A0A-11D3-AFB2-00C06C397814} => C:\Program Files (x86)\Hot Keyboard Pro\HkShExt64.dll [2017-06-30] (Imposant)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D1E47F7-6FB0-48EB-B319-F384879D384A} - System32\Tasks\{351EC988-1E73-4C8E-BABC-6ECC2A34DB5D} => C:\Windows\system32\pcalua.exe -a "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Red\Wifi 802.11\Intel\sp54841.exe" -d "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Red\Wifi 802.11\Intel"
Task: {1F710F97-881C-498A-B1D7-E9AA69851C1A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-01-19] (Bitdefender)
Task: {2D3E2A18-E3E8-44D4-8D9B-B8F88CECB595} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {32F488F3-4EC1-4896-80EE-E719AC7B6ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {3DB270AD-DD07-42AB-8B09-FA5CD1782BCD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {4AEF22A5-6535-4EDA-90F8-9CB094C92BFC} - System32\Tasks\{4B6B8A09-7F32-47F6-ADB4-D770D90F234A} => C:\Windows\system32\pcalua.exe -a "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Graficos\sp54471.exe" -d "C:\Users\SARITABLUE\Desktop\Pavillion DV7-6070ss\Graficos"
Task: {55AF0FA9-F399-491E-BC9D-B20B59CFEDA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5DF0C7A3-7B38-489B-AFF7-3EF1A9ED7D44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {640F4D19-B366-4057-9D3E-E39384FC7574} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {71603A60-7AE2-44B6-B323-C59EAA78171A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {71603A60-7AE2-44B6-B323-C59EAA78171A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {754EC3C7-A8A4-47BA-9EB3-08181ADD337C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {8876A094-1CDB-46D4-9C29-B9A917D78601} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {8876A094-1CDB-46D4-9C29-B9A917D78601} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {889D18A6-12CC-4A24-AF85-66D7DD78A44D} - System32\Tasks\Driver Booster SkipUAC (SARITABLUE) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
Task: {8E152D51-9B89-4C13-AE1E-0C9ADF8A01C1} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {A89211F4-3AC2-4183-9C14-0A98B0932CE0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {A89211F4-3AC2-4183-9C14-0A98B0932CE0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {C52A4F05-A891-4C4E-B1BB-9008FC41608A} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2013-01-02] ()
Task: {C5F1F590-2AD3-4D74-8D9F-864EC95E8137} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.)
Task: {E71E90DF-3629-40EA-A217-A0EE26BB6E31} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {F580E95E-4CFC-4FEF-981C-CDA99255AC77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\SARITABLUE\Desktop\Вuild аnd Shооt Lаunсhеr.lnk -> C:\Program Files (x86)\Build and Shoot\Launcher.bat ()
Shortcut: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.3\Useful links\X Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Public\Desktop\Еpiс Gаmеs Lаunсhеr.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat (No File)

ShortcutWithArgument: C:\Users\SARITABLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () ->  -extoff <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2018-04-22 07:20 - 2017-11-21 12:29 - 000280568 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-04-22 07:20 - 2017-02-07 12:29 - 001008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2018-04-22 07:20 - 2017-02-07 12:29 - 000541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2018-04-22 07:20 - 2017-02-07 12:29 - 003243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2018-04-22 07:20 - 2017-02-07 12:29 - 001544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2018-04-23 19:01 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-23 19:01 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2011-08-09 08:44 - 2011-08-09 08:44 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-03-21 00:46 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 00:46 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2016-05-12 03:46 - 2016-05-12 03:46 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInterop.ni.dll
2015-01-18 13:18 - 2011-05-20 11:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\SARITABLUE:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [462]
AlternateDataStreams: C:\Users\SARITABLUE\Cookies:t9osjQ9djrQtsr5BDV [2554]
AlternateDataStreams: C:\Users\SARITABLUE\Cookies:YvP2AbZurBPMxi6WljP1nCUL8 [2298]
AlternateDataStreams: C:\Users\SARITABLUE\AppData\Local\IYyMjLK0:e3TIeNSl6P8VqiWXV [2352]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-03-13 12:30 - 2018-04-23 19:30 - 000000431 _____ C:\Windows\system32\Drivers\etc\hosts

139.99.6.25  blackxat.com
139.99.6.25  www.blackxat.com
139.99.6.25  black-xat.com
139.99.6.25  www.xlack-xat.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3023464165-3341198432-3267076325-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3023464165-3341198432-3267076325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232018195704864\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{83D12DC9-A05C-43A8-BF20-31272BB9C884}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{03665137-AC9F-4DB5-A6AA-9FCA939C3BB3}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{416EEC89-764F-4A6B-B1BC-293C8B34024D}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{3D451C6C-49ED-4E02-8180-9B71CA8DCA64}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{7033F95A-EAEE-4F59-A064-C51F7CFF137F}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{F136A13E-B7BA-4F3E-BB53-7C5566424510}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{1B755AE6-443E-4FB4-BBFD-3315210CB5C2}C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe
FirewallRules: [UDP Query User{7ABEF533-A5B6-490F-9564-50D1584360B6}C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe
FirewallRules: [TCP Query User{B730D13C-FB83-4F9C-AC8F-54B1A7C022AC}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{B9C78564-91A2-4309-BC9B-D0967BCF2F43}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{7F15815B-46D8-40FC-8A9C-02D216F7220F}C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe
FirewallRules: [UDP Query User{6F1AA7D7-0A64-4936-B1DD-B335A7586C22}C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cs6\adobe media encoder.exe
FirewallRules: [{F0488960-D7E8-4731-84A9-FF082F229DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{598AA594-B32B-4F60-8405-5FF7F982E29E}] => (Allow) LPort=2869
FirewallRules: [{CD41222E-1A48-4718-BBCB-5762FC5FD755}] => (Allow) LPort=1900
FirewallRules: [{6521477D-9A60-4D2D-8DB6-272E175DF790}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{002DCA48-F6A8-484A-B4D8-35E77F536586}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0FF25AE2-A281-4AFC-B064-96F423475BA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6952AA98-8F8E-40A5-9F9D-40483E96652F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{145B05F2-5F99-4899-8813-6E5EE73FE600}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DFD05193-ADAD-4EE1-83E7-5BC644D4458B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28C70081-EF6F-42A0-8E01-01A028C5158E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5477CF69-D360-493C-9B3C-6D746F0A1905}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A2DD58FF-D56F-471C-A917-54A383339BB9}] => (Allow) C:\Users\SARITABLUE\AppData\Local\Temp\7zS53A7\HPDiagnosticCoreUI.exe
FirewallRules: [{A8A58BB4-0B69-4907-839C-34683DC7C10A}] => (Allow) C:\Users\SARITABLUE\AppData\Local\Temp\7zS53A7\HPDiagnosticCoreUI.exe
FirewallRules: [{ABEE0011-A5B7-4526-9C9B-C222E0E2D1C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{606104B7-471F-41DA-B6BE-A5B553F94BD8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D96A978A-00F2-478D-B123-AD481183AAC2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3F73652F-806D-42A2-BCE7-EC59CBC254DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{960CAFE6-E424-43D9-8217-48E7AFB24BB5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{0137F9EB-F5B6-442A-8128-E9E0E5B573EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C5089577-7ECA-4ADC-8A83-63D0B3677D08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{6FDB881C-434F-4427-9749-0ECB78EE81C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D7433CDB-B286-4C12-9704-A2F44AFB438A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{0E23658F-9C4E-4159-8EBF-E6684CA0F0DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AF5CC4C8-F78A-4E49-89E8-EB90C30308B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{8668D6EB-DFB2-473F-9446-11570A5864E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{3F89807D-C66F-4BB2-A4EA-79EE08E640C0}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{9B24261D-28AF-4502-A220-180805EEBE77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{FB5717B7-22D8-4E90-BB4E-DAF90A45BCA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{F3F917F4-FC5B-415C-9C5E-67989155A32D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E8BF46E8-5B7A-4E8E-9BF1-EC06A034DBE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{0F5C341A-4BAF-47FD-A8F8-98F1F3E2F1EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{12BBA083-7283-477A-A620-CE7A7B4AC158}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{86A314AF-584F-4CDF-8659-111DEFA34FB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BF82D3EF-992F-4C41-A332-027D3AB4AB5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C0D5A670-814C-4458-AEBA-B8CC6FF77468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{D94E16E6-3DDD-4FB9-8D2D-55A61A8820E5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{1069038C-4A70-4909-BE70-9BB30E4D0BCF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{8ED0178B-2C18-4105-AD90-9BFC81E96085}C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe] => (Allow) C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe
FirewallRules: [UDP Query User{C2EDEBAA-4002-4437-BD88-9F49A1EB27DD}C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe] => (Allow) C:\users\saritablue\desktop\eant_1.3_fenix_exe\eantclient.exe
FirewallRules: [TCP Query User{99732D68-8067-43F0-9043-5B1D0501D2F0}C:\program files (x86)\emule\emuletorrent.exe] => (Allow) C:\program files (x86)\emule\emuletorrent.exe
FirewallRules: [UDP Query User{EED42492-1313-4FF1-87BE-B843310225CC}C:\program files (x86)\emule\emuletorrent.exe] => (Allow) C:\program files (x86)\emule\emuletorrent.exe
FirewallRules: [{B0B1B96A-1067-4B3E-8010-5496BFC4F5D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3CE163C7-2A03-4DAB-BB3E-B5774EE671FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B6AAB7E-D8A7-4006-8706-EE1BF0BF9653}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A57657A1-1694-42E7-AD67-9D9C4F192019}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D3E5A57A-0F11-41F0-AB05-BB7F4BCAAC31}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{E531048C-C4EA-4557-8CC9-70B440CE68AB}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{B2A332D1-E277-4F00-9F53-AF2D8BC088AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7DFE8E7E-3C39-498E-B95E-D39A8F77C23A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F16CAFE-A526-451B-9092-5506875832EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DF0FB848-FE79-4703-9F3B-CEB7A00F5345}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC7CD87A-1690-467B-9BC8-3CFBD29C10A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{5D5A377A-D3AB-41E0-B827-84B364D2D751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{41353C13-B5D1-4981-B2B4-28C7EA99FA45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DB4A3DD6-D4C2-43D8-B560-0204399C2EE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DA10C514-FD0E-4041-943D-24653D022160}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{57F4A72F-E42A-4484-91B9-7B34D6278AED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{87CC53D0-4EE2-4BB5-B325-3ED6C755A157}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [{C22EB17B-3334-4422-82AB-B92557D035D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{4730F121-A266-4F55-BC8F-934031E1F644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{B75814EE-3351-4A31-8E4D-6A9CC0CD4CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{DA8BAFDE-C15C-485F-8636-3AD6EF9F51AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{1E90CFB7-9C25-49B1-95CD-359ADE0A4466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{B94D68AE-B5A7-4482-9DD3-344ED70087FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{2977F436-B2E9-4A44-9B85-6CB10F4CCC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{0E9D02C2-6F66-4D0A-863F-F11B6025F4C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{C3D840D2-48A5-4B41-BEA3-034A7365F622}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{56C4FE0E-FAFC-440C-B5DF-DE5ADB677E73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{9F9B613B-07DF-451B-9EB2-3739721BEE62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{5DDA7BC4-A299-400D-9495-9A1C1E8872F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{7E55DB95-EA7E-4FE8-9377-80EFC22AD4AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{2769FFB5-5423-427E-8BA6-BDA46E3074BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{5087A14D-6572-42A7-9A82-93A0821E1178}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6960C5B-F708-4210-9C67-3D1A40CB5AAC}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0C2142D0-F2CC-4A4F-AAC0-9575090010F1}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0137D8B0-7E34-44B8-A311-F5E67B2EC4F7}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C3751757-A44E-4FE7-92B9-FD8643DF7886}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C486542-E8E5-48F6-B3BF-AF5A711C4F8B}] => (Allow) C:\Users\SARITABLUE\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{23BE01EB-32CC-4874-BF36-6106F26DBB91}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{09B521CD-36CF-4E9F-A485-85767E5BCFC9}] => (Allow) C:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{FEB33481-419D-447A-B03C-B35A746653E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9E3B220B-9FDA-4DA7-9B66-D48B7AB5C91E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{D3BE691D-27A8-4E86-996B-EA0AD9CAE0BC}C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe] => (Allow) C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe
FirewallRules: [UDP Query User{41416FFD-9083-4587-84ED-163C22CB3806}C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe] => (Allow) C:\users\saritablue\desktop\step_f2_v1_14_1 (steppack 2.14)\step_f2.exe
FirewallRules: [TCP Query User{EBBB97D5-A14A-454B-886A-BCE68ED762E5}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{AA8AA397-4BE9-458D-A4C5-973FD6B58989}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{853CC22D-B5B8-46F1-8D78-13B6A969E121}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe
FirewallRules: [UDP Query User{8350F46A-4844-44E7-83D9-1FF1AA6C0DDB}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe
FirewallRules: [TCP Query User{88F93E0F-9E90-492B-876C-D7552E66B261}C:\users\saritablue\desktop\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\pump\step_f2.exe
FirewallRules: [UDP Query User{FA89EAED-DC9E-46A9-8AE0-A9D44F8EDE63}C:\users\saritablue\desktop\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\pump\step_f2.exe
FirewallRules: [{2F40F8E9-2C0E-4317-A3DE-1A9B55B54F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{1B040DBD-64BB-420C-B23E-E4CBED338CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{50CDF626-04DE-4945-87AA-D8DC9478C4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{B8E93B40-7E81-45CB-8F72-0A507F25F98D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{41A43E63-ED3F-4BD3-B56B-709AE42528E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FAC49E3C-ECF5-471A-B222-9C530AF9C52C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C3532276-A5D7-4DDF-B97E-589D14FB48FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{445CE641-EFCF-4044-A9E4-062E396E15DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{3C9B3588-3928-45AF-B0FD-D798F259E21C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{2B45D61D-BE42-4423-8BB7-7F39F2FC79B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{AB75B100-0B88-49C3-8CC4-C67781629D5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FC4BC1DE-454D-40C7-B215-27AB8B75BE61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9D3D5DA1-925F-4E89-816A-1BD9C0B65415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{388E48B9-1AA1-4175-A95D-A6F9F8DE79E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E45843A4-E946-4434-AA9E-96966B24462F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D303A9AB-884D-4922-9EF4-0D1183F72234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0362AB7F-FC4F-4E2C-838A-1937A2A9D437}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{230440C3-FA66-4861-AAA5-4974DFB41EF1}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{FA381140-81B4-4036-B338-48540C04A07D}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3.exe
FirewallRules: [{E4715FD4-C747-4D4D-A29D-EA2DDB8D51B0}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3.exe
FirewallRules: [{FF84E8AA-2E7E-43AC-8F6D-43A695F9973F}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{5F0A5A9C-DC7E-47D5-A889-B94A0D19441F}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{4C4472AB-E654-4B22-B096-D7F151BAEF96}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{5DE3E037-68B0-4CA1-BA69-123291B9A2C5}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{D7300B27-E0E5-4102-8785-74268CB66CF5}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A2E35505-A99F-43B7-850A-C53A774E8FCE}] => (Allow) C:\Program Files (x86)\Mr DJ\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [TCP Query User{7BEF5ECA-EEFF-4A16-918A-965FCAEBE92C}C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe] => (Allow) C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe
FirewallRules: [UDP Query User{92EE00D2-BA44-4759-B793-9D70A78B0570}C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe] => (Allow) C:\users\saritablue\desktop\the.forest.public.v0.62\the.forest.public.v0.62\theforest.exe
FirewallRules: [TCP Query User{D2671313-75E7-4597-B130-809E09B9E9C2}C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest  by fugta v 0.64\theforest.exe] => (Allow) C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest  by fugta v 0.64\theforest.exe
FirewallRules: [UDP Query User{DD33C730-9C6F-419E-857B-F1CE895813A4}C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest  by fugta v 0.64\theforest.exe] => (Allow) C:\users\saritablue\desktop\the forest by fugta v 0.64\the forest  by fugta v 0.64\theforest.exe
FirewallRules: [TCP Query User{8234D98F-77AB-477B-8B3C-AEB7764D75B0}C:\games\max payne 3\maxpayne3.exe] => (Allow) C:\games\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{675FB05C-9EC0-4C62-A184-DC36EAF85DB4}C:\games\max payne 3\maxpayne3.exe] => (Allow) C:\games\max payne 3\maxpayne3.exe
FirewallRules: [{AFE825E0-4227-4B53-9D2F-8079AC9998E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{4073D2F1-6455-4C74-8862-5499AF36AF2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{606D62E1-5C58-4046-BB84-4DF2BE0E5864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9166B87F-5527-4FC3-925C-1B68CCDDD287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C79D01B0-CE12-4F52-B4D5-50DE8A905316}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4F5D3476-8AD2-420B-8EC5-F4FEE1792081}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2C1F0F91-759F-46FF-BD5F-32E9F04ECCBE}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) C:\program files (x86)\aspyr\guitar hero iii\gh3.exe
FirewallRules: [UDP Query User{E4289B85-3E73-4135-A99A-5D16F025B08A}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe] => (Allow) C:\program files (x86)\aspyr\guitar hero iii\gh3.exe
FirewallRules: [{3A63B9C7-67BB-43EE-9E73-922C2E409270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{8137596C-5EF4-4AEA-8592-7C75B5444FDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{281AECFC-A719-43FF-93B2-2F8B32D7D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{66F9712C-BDAA-4432-A2B2-8562DFC8C468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{D64C6947-C050-4DEC-A51B-EE0AF30B8BB7}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{11EA4D23-230E-4FF9-BDC7-854C75D40B9B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{89E4C77E-8032-4200-917E-BF89359CFF6B}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{FFD10410-89DB-4779-B6A0-CC86553A552B}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{F48F0858-2CFD-4111-AC50-0CD1AB04CBAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{3F6A1ED0-51FE-4028-B663-1CF7553795A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [TCP Query User{6804A402-16D4-430A-B7E8-47B4C92F13C1}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [UDP Query User{EDAF00CC-0AE7-4AAA-A6B8-70A6837AF04E}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [{4816D60E-3785-46CB-A15D-1F72DA278AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{20CAC6C5-E491-4591-AF99-356205A36D06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{871AFC22-2F41-4EF9-B1DE-76D355F150CA}C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe
FirewallRules: [UDP Query User{A1379CAC-CFD4-4254-B06C-AAC3CF3197F7}C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe] => (Allow) C:\users\saritablue\desktop\çdaniel\pump\step_f2.exe
FirewallRules: [{F0B39D72-0482-42EB-810B-CDD4A9F9623E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{218A2D1A-B768-4CE3-B4BD-C3400D185294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{493B950A-F59D-4D00-9A86-BCD902E9EC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{8416244A-DF7B-48EE-BF25-676D38EA2A2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{6E6B3F29-CB36-4910-B437-C5400CECE850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
FirewallRules: [{81F9FB93-F9A3-4D99-A927-728B108933DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
FirewallRules: [{427D9AD1-1A59-4742-B332-B91FFC401DA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{7159BF42-72AE-4F70-9890-07899790B43F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{B58BEEAA-E8B3-46DD-8C6B-0711881F0003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{6F2E4FBA-AA7F-4F5A-9CAA-4F6399B7AC36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{2FB2125A-3EF4-48A1-9285-094C5B91A0FE}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{CAE5F4BC-7D9A-4A04-A6A4-87E45E2A3747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{97F358BA-EA82-42B0-9EA0-07917DE819C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{0FFD1CD7-5A7E-4B7B-A999-38CF19E79D28}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{333E27CC-06A8-4585-B07A-18B76EE34084}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3184FD83-5DAF-4115-801B-84D6FA427946}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{56A81617-66CE-42EA-9D38-4E709588FA28}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{80E8B1B6-0626-485F-AA47-C94C6320C561}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6E3F2BCF-C0AD-4B7D-BC91-4A2CD7A3B3BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{FB5A0908-54CC-42C8-B808-078CAF0026AA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0C310819-05E5-49CC-BE78-BBEE1DF9803A}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{869F26D4-1FFA-4BC2-A9A1-2BB515C867BB}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C723FA43-79E1-41D6-BDB6-F10DEFC4FEC5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{C9C7C4F1-62EC-4586-8AD9-B8B5D3EBCF3E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{321930D6-842E-4003-A975-884E48EF33EB}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{DDF5AB5A-F2F7-4E6F-A232-23787E8FB4C2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{7794E646-F318-4FC8-AFC8-175E39404A69}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{CF696CB2-701D-43F8-8153-453915D1D550}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{CAE675D2-C48C-4479-BA8A-7C8C4ECF8CD9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{E42352E8-B370-4341-95ED-99AFF578339C}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{F48E4F80-F004-4817-8D0A-17D919454559}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [{2060877B-2D1E-479A-B0B1-88C4BC52222C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{FF6F2943-14F0-4F5A-B99A-4C921470ABF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{F33F8D35-4952-42C4-A2E0-982F8A23C916}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{4FA8B9E5-8FD5-45E0-AB0D-2BD97E807695}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [TCP Query User{DB6AADEF-AD8D-4835-8B12-D6D49E8784DA}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{2C6105C0-987A-4483-A41F-2F47FD8D19BB}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{E35E49D5-BB5A-43CF-84D3-46E70867A5DE}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{56149C32-37E4-492F-BC3F-A859D1FCE599}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{90769771-6CA5-458B-B12E-BD2E96548DA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F0C2900A-5434-4703-8FB3-6AD9101B71BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{78EBFABB-F50F-4CD9-99DF-CBE0C46E3181}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7E4E2139-B4AA-4BBF-B0DD-E53E2A4F94A0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [{DAB74EBB-0E9E-4764-BE11-E1578AB58C95}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{5D721ADD-C6E4-4EA0-9D7A-B6834CC3EF15}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{98AAD45D-83CB-446C-B64C-2CC94EA10E1C}C:\program files\the long dark\tld.exe] => (Allow) C:\program files\the long dark\tld.exe
FirewallRules: [UDP Query User{5C074674-9D22-454E-8423-83E1C3AC621F}C:\program files\the long dark\tld.exe] => (Allow) C:\program files\the long dark\tld.exe
FirewallRules: [{1E0D30DF-3C42-40A9-A9A5-71ADDD17E16F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{FB74E142-FBFB-47FB-9459-7E0E3F055DE9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E0B156FB-2ABC-4058-91AF-4E4D1CD77550}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C1F8A178-2A45-429E-93E5-B30F56A07995}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A47A5A3A-C4BF-4F96-A2BA-5A2969B05042}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe
FirewallRules: [TCP Query User{78DA32F8-5566-42B9-8441-C2038C2F67FF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{91E633D4-DA15-48BA-8118-06C7C8C087C7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [{C704B91D-9F07-4C4B-A8B7-263A1AE4FCDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{AD92FCD9-61E6-4501-A216-57D387AFF52E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{707E2B93-6C4B-4B8D-B478-3BEB2A24B8A9}C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe] => (Allow) C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe
FirewallRules: [UDP Query User{38E67478-0D16-431E-A6BA-89C27CD5D110}C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe] => (Allow) C:\program files (x86)\starbound spacefarer\win64\starbound_server.exe
FirewallRules: [TCP Query User{D1875BAF-C6A5-4BB6-936B-591440BCD21A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{205E521B-905E-48DC-B229-B5E21CC0113E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C405402F-0517-4E8B-8A79-A92C2367B373}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{6F2E39DF-A3D8-46CA-AC85-08BE520FEBDC}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{594E8FC9-22ED-48AD-8359-217548B299E9}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{FA719B32-7208-491B-BFB8-AD94D1F8CB2D}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{3E58F651-AAD0-47FA-91AF-07BA0DCBCA56}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{FDD090E0-FA1A-4AFF-B3C1-76D46364AA1F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C37D45CD-CF59-4C21-B7F5-B321F2757D29}C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [UDP Query User{6FF35B81-3C16-4FE6-9EA3-148EFD40D1FB}C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\saritablue\desktop\eldewrito_0.5.1.1_release\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [{85CF2A6E-EB1C-4A6E-943F-57E30B23FB43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1A28CC8C-FBFE-4311-8B5D-21F8012D8871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{461F0681-0B51-4606-AE88-979A0F2695EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{3AF847BF-E64A-44B0-B537-1007E8488D7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2018 07:52:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S.
.

Error: (04/23/2018 07:46:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S.
.

Error: (04/23/2018 07:45:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S.
.

Error: (04/23/2018 07:42:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error era: 1117 (0x45d) : No se puede realizar la solicitud por un error del dispositivo de E/S.
.

Error: (04/23/2018 07:36:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Users\SARITABLUE\Desktop\ÇDaniel\weas\dajhkjfmklg\DANY\audacity-win-2.1.3\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/23/2018 07:36:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Users\SARITABLUE\Desktop\ÇDaniel\weas\dajhkjfmklg\DANY\audacity-win-2.1.3\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/23/2018 07:35:06 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.

Error: (04/23/2018 06:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DTShellHlp.exe, versión: 6.1.0.484, marca de tiempo: 0x54f09b29
Nombre del módulo con errores: DTShellHlp.exe, versión: 6.1.0.484, marca de tiempo: 0x54f09b29
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000008621
Id. del proceso con errores: 0x670
Hora de inicio de la aplicación con errores: 0x01d3db1fc2aa56c8
Ruta de acceso de la aplicación con errores: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Ruta de acceso del módulo con errores: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Id. del informe: a2b1b569-4713-11e8-89ad-68b599e297fa


System errors:
=============
Error: (04/23/2018 08:06:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de notificación de SSP se cerró con el siguiente error: 
Acceso denegado.

Error: (04/23/2018 07:44:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (04/23/2018 07:44:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (04/23/2018 07:42:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (04/23/2018 07:40:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Sony Digital Media Server se cerró con el siguiente error: 
%%-2147195036

Error: (04/23/2018 07:39:24 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: No se puede iniciar un servidor DCOM: {995C996E-D918-4A8C-A302-45719A6F4EA7} como /. Error 
"5"
al iniciar este comando:
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

Error: (04/23/2018 07:37:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio HPWMISVC.

Error: (04/23/2018 07:36:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Sony Digital Media Server se cerró con el siguiente error: 
%%-2147195036


Windows Defender:
===================================
Date: 2016-11-18 11:05:16.724
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{68B5AAC7-1A0F-4430-B286-62336294C66A}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2016-01-14 23:56:58.164
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{D2D8AD27-333C-4C16-B70F-ECAAB5DABD2E}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2016-05-12 02:29:37.128
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

Date: 2015-08-20 00:35:33.514
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2015-08-18 15:56:18.598
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2015-08-18 14:04:39.776
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2015-08-16 20:49:36.973
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

CodeIntegrity:
===================================

Date: 2017-12-05 17:41:01.624
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-05 11:08:53.945
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-04 14:30:23.681
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-04 07:11:16.617
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-03 13:13:43.600
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-02 16:47:36.069
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-02 10:53:22.790
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-12-02 10:41:32.023
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 6091.86 MB
Available physical RAM: 2383.97 MB
Total Virtual: 15226.04 MB
Available Virtual: 10849.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:683.31 GB) (Free:116 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.03 GB) (Free:1.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

\\?\Volume{760239dd-9e27-11e4-98f6-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 52075CAE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

thanks for the help

Share this post


Link to post
Share on other sites

Thanks for the help Kevin, I just noticed my pc isn't showing the performance slow downs from now, I think the scan with Malwarebytes did the right thing, if it does start again with the mistake I'll reply again, for now I think I'm done, thanks for the help

Share this post


Link to post
Share on other sites

There are still problems showing in your logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Post logs, also let me know if there are any remainaing issues or concerns...

Thank you,

Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.