Jump to content

Help to remove r.srvtrck.com redirects


Boo
 Share

Recommended Posts

I've started noticing r.srvtrck.com redirects while using google chrome. I do malwarebytes scan + avira scan every early morning and results show up to be clean. I have some browser extensions that I'm using which are posted below. Not sure how to remove them, any help possible.

 

https://i.imgur.com/INsvwyT.png

Link to post
Share on other sites

Hello Boo and welcome to malwarebyte....

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

or,

https://downloads.malwarebytes.com/file/mb4_offline

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
 
Link to post
Share on other sites

Quote

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/22/20
Scan Time: 2:42 AM
Log File: a1e73bfc-847d-11ea-b747-98eecb4a9059.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.867
Update Package Version: 1.0.22758
License: Premium

-System Information-
OS: Windows 10 (Build 14393.2828)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 297643
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 4 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Quote

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-26-2020
# Duration: 00:00:01
# OS:       Windows 10 Enterprise 2016 LTSB
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1526 octets] - [26/04/2020 13:19:28]
AdwCleaner[S01].txt - [1587 octets] - [26/04/2020 13:20:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2020
Ran by Boo (administrator) on DESKTOP-PUE9OD7 (Acer Aspire T3-715A) (26-04-2020 13:26:55)
Running from H:\Downloads
Loaded Profiles: Boo (Available Profiles: defaultuser0 & Boo & Administrator)
Platform: Windows 10 Enterprise 2016 LTSB Version 1607 14393.2828 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atiesrxx.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Boo\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <41>
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <2>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(philandro Software GmbH -> ) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16709128 2016-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [239520 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [125872 2018-11-21] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [f.lux] => C:\Users\Boo\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [] => [X]
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [Microsoft EdgeUpdate] => C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.105.7\MicrosoftEdgeUpdateCore.exe
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [Microsoft Edge Update] => C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.125.27\MicrosoftEdgeUpdateCore.exe [230288 2020-04-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3371296 2020-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [71464072 2019-10-03] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [4674776 2019-02-05] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.122\Installer\chrmstp.exe [2020-04-21] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [Debugger] SppExtComObjPatcher.exe
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-08-05]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
Startup: C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-29]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE279AB-A38B-484A-A676-7342FBDBE79B} - System32\Tasks\fluc => C:\Users\Boo\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
Task: {0D59A06B-6AB5-4AE7-9D8B-0B9BD158D040} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {1380B1A6-0371-46F1-98F4-7A53921E06E0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60008 2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1A789815-87CB-454F-9836-721BAC900F7E} - System32\Tasks\PUUSH => C:\Program Files\ShareX\ShareX.exe [1926656 2020-03-01] (ShareX Team) [File not signed]
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1BBC13E3-03CE-4020-AC91-D8995094FA78} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [67688 2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {1E0DB414-043B-4142-8CBE-43FCF81E23DD} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {3AC5D0D5-610F-47B9-9C45-716B4B2F78B1} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-1653849798-2691019652-4043355550-1001UA => C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [122352 2019-04-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C2BDB7F-6B9E-4DD7-BBC5-EFB601E53BEE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {42203BC2-9112-4CD1-B706-313641999CE6} - System32\Tasks\steam => C:\Program Files (x86)\Steam\Steam.exe [3371296 2020-04-03] (Valve -> Valve Corporation)
Task: {5CE64941-6EB9-43DE-8DEE-7ADCE9B87FD3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DC991D6-5855-44AE-B464-DE45F2A4FD51} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759304 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {73094AA3-23C0-42DE-AC40-38D630018DD4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1138320 2018-01-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {7BCDAE8A-5F9C-4526-A96A-1CEF743C6B41} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {93BCA715-4DF2-4C17-9600-BB648A67FB88} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
Task: {9AC1E717-2F01-4D44-946D-7E34A5D3134D} - System32\Tasks\logitech => C:\Program Files\Logitech Gaming Software\RestartLCore.exe
Task: {9BA570F9-6A07-49EE-9978-AFDB411C09A9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2D0F2E1-07CB-49D7-9A1A-DB649A781809} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA87FCB9-1E2B-41C1-8B80-692342538450} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-1653849798-2691019652-4043355550-1001Core => C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [122352 2019-04-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB8557D0-6B0C-48A0-B8AC-2D1272B3A5E3} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-02-28] (Advanced Micro Devices, Inc.) [File not signed]
Task: {C71B6E2B-9AA3-4575-8E29-CB29135C81C2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CEF62BC9-90FB-4723-A040-16E4C91649CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-09] (Google Inc -> Google Inc.)
Task: {D1BCEA7C-E137-4C8B-8DE1-16B4636061F3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D51495A6-1898-4A34-B68D-54C62EF794BA} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-02-28] (Advanced Micro Devices, Inc.) [File not signed]
Task: {DA05D9BB-5D53-4F02-B535-D610718F79E8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [739624 2018-04-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EA81581B-21F4-4811-8BC0-98A5976B04DC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EEA11AE2-2E36-401A-85A1-FBB532C73088} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
Task: {F09EE829-7DDF-4CB0-990F-C530302BA87F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-09] (Google Inc -> Google Inc.)
Task: {FEB83F4B-F781-4F8E-BCF3-CF28C7CE91F8} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-02-28] (Advanced Micro Devices, Inc.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{002115bb-d4ec-4a47-a11a-9fb1b994c7c8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48b0ac66-91b5-4393-b0a6-06f4f95795de}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{48b0ac66-91b5-4393-b0a6-06f4f95795de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b28b2425-e503-4e2b-b54a-2f2ffafff613}: [NameServer] 1.1.1.1,1.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: R7k3aEfk.default
FF ProfilePath: C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default [2020-04-26]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default\Extensions\@testpilot-containers.xpi [2020-02-28]
FF Extension: (TorGuard VPN Extension) - C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default\Extensions\@VPNetworksLLC.xpi [2019-12-10]
FF Extension: (Avira Browser Safety) - C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default\Extensions\abs@avira.com.xpi [2019-01-07] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Better Netflix) - C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default\Extensions\konstantin.mueller@km.de.xpi [2019-09-10]
FF Extension: (Tree Style Tab) - C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2020-03-17]
FF Extension: (uBlock Origin) - C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\R7k3aEfk.default\Extensions\uBlock0@raymondhill.net.xpi [2020-03-15]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default [2020-04-26]
CHR Notifications: Default -> hxxps://discoverus.webpush.us2.freshchat.com; hxxps://mail.google.com
CHR NewTab: Default ->  Not-active:"chrome-extension://kbbbldgkhcpkmmjbjelmkjkchibeklng/n.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-09]
CHR Extension: (Popup Notifications for Craigslist) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenadocogjnkbmchfnkpipdinoleakbj [2018-05-09]
CHR Extension: (Docs) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-09]
CHR Extension: (Google Drive) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-09]
CHR Extension: (YouTube) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-09]
CHR Extension: (Amazon A to Z Login) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbifgandkojijpdamcolamckmnlagfci [2019-12-29]
CHR Extension: (DuckieTV - 'Browser Action' mode) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfkaloficjmdjbgmckaddgfcghgidei [2018-05-09]
CHR Extension: (uBlock Origin) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-26]
CHR Extension: (MSPoweruser) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckeimohapidimpkfklblocnabnhlbiij [2019-12-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-04-25]
CHR Extension: (AutoplayStopper) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2020-04-11]
CHR Extension: (Sheets) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-09]
CHR Extension: (Dark Theme for Facebook and Other Websites) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfobiagdiioemjmpdecklcjaplpljdo [2019-11-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18]
CHR Extension: (HTTPS Everywhere) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2020-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-26]
CHR Extension: (Full Page Screenshot) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\glgomjpomoahpeekneidkinhcfjnnhmb [2018-05-09]
CHR Extension: (Messages) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpfldicfbfomlpcikngkocigghgafkph [2020-04-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-11-23]
CHR Extension: (Dark Reader Dark) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbbbldgkhcpkmmjbjelmkjkchibeklng [2018-11-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-04-26]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-04-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2020-01-18]
CHR Extension: (mydlink services plugin) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2018-05-09]
CHR Extension: (Morpheon Dark) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2019-09-21]
CHR Extension: (SessionBox - Free multi login to any website) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2020-01-25]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2019-12-02]
CHR Extension: (No Name) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Gmail) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Boo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"ESProtectionDriver" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-22] (Malwarebytes Corporation -> Malwarebytes) <==== ATTENTION (Rootkit!/Locked Service)
"MBAMChameleon" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMFarflt" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMWebProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \SystemRoot\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atiesrxx.exe [522256 2020-03-02] (Advanced Micro Devices, Inc. -> AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1209856 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537144 2020-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485960 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485960 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573760 2020-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3025872 2019-11-29] (philandro Software GmbH -> )
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634896 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161552 2020-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147336 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-02-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [9580168 2019-10-03] (Logitech Inc -> Logitech, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-13] (Malwarebytes Inc -> Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12001112 2019-08-29] (TeamViewer GmbH -> TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15446960 2018-11-21] (VMware, Inc. -> )

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atikmdag.sys [65731088 2020-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atikmpag.sys [589840 2020-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103672 2019-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208360 2020-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [196560 2020-04-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 EnergyDriver; C:\Program Files\Intel\Power Gadget 3.5\EnergyDriver.sys [18544 2017-08-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\26292\driver_cpu_temperature\logi_core_temp.sys [25448 2019-10-03] (Logitech Inc. -> Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-05-07] (Logitech -> Logitech Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2019-09-27] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [20624 2019-09-27] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2019-09-27] (Logitech Inc -> Logitech)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-04-26] (Malwarebytes Inc -> Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Microsoft Windows -> Intel Corporation)
S3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-02-24] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-07-31] (Realtek Semiconductor Corp. -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [134120 2018-02-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92040 2018-06-22] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S3 HWiNFO32; \??\C:\Users\Boo\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION
U4 SecurityHealthService; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-26 13:24 - 2020-04-26 13:27 - 000000000 ____D C:\FRST
2020-04-26 13:23 - 2020-04-26 13:23 - 000001737 _____ C:\Users\Boo\Desktop\AdwCleaner[C01].txt
2020-04-26 13:22 - 2020-04-26 13:22 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-04-26 13:18 - 2020-04-26 13:20 - 000000000 ____D C:\AdwCleaner
2020-04-26 13:15 - 2020-04-26 13:15 - 000001220 _____ C:\Users\Boo\Desktop\0426.txt
2020-04-25 15:17 - 2020-04-25 15:17 - 000002722 _____ C:\Users\Boo\Desktop\Chrome Remote Desktop.lnk
2020-04-18 13:14 - 2020-04-18 13:14 - 000001204 _____ C:\Users\Public\Desktop\Avira.lnk
2020-04-18 13:14 - 2020-04-18 13:14 - 000001204 _____ C:\ProgramData\Desktop\Avira.lnk
2020-04-13 20:52 - 2020-04-13 20:47 - 000304199 ____N C:\Users\Boo\Desktop\TaxReturn (1).pdf
2020-04-09 05:22 - 2020-04-09 05:22 - 000007297 _____ C:\Users\Boo\Desktop\ExportedTransactions (1).csv

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-26 13:23 - 2019-08-12 13:01 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-26 13:23 - 2018-07-11 04:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-04-26 13:22 - 2020-03-15 10:13 - 000003292 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-04-26 13:22 - 2019-09-27 06:13 - 000000000 ____D C:\Users\Boo\AppData\Roaming\LGHUB
2020-04-26 13:22 - 2019-09-27 06:13 - 000000000 ____D C:\Users\Boo\AppData\Local\LGHUB
2020-04-26 13:22 - 2019-02-22 10:30 - 000003108 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-04-26 13:22 - 2018-05-09 17:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-26 13:22 - 2018-05-09 16:32 - 000000000 ____D C:\ProgramData\VMware
2020-04-26 13:22 - 2018-05-09 15:16 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-26 13:22 - 2018-05-09 15:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-26 13:22 - 2016-07-16 04:47 - 000000000 ____D C:\Windows\AppReadiness
2020-04-26 13:16 - 2018-05-10 16:12 - 000000000 ____D C:\Users\Boo\AppData\Roaming\qBittorrent
2020-04-26 13:11 - 2018-07-15 10:23 - 000000000 ____D C:\Users\Boo\AppData\Roaming\discordptb
2020-04-26 12:44 - 2018-05-09 15:00 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-26 12:07 - 2018-05-15 15:20 - 000000000 ____D C:\Users\Boo\AppData\Roaming\discord
2020-04-26 10:04 - 2018-05-09 16:50 - 000000000 ____D C:\Users\Boo\AppData\Roaming\NexonLauncher
2020-04-26 09:14 - 2018-05-09 15:03 - 000000000 ____D C:\Users\Boo\AppData\Local\Packages
2020-04-25 15:19 - 2019-02-25 15:57 - 000000000 ____D C:\Windows\system32\appmgmt
2020-04-25 15:17 - 2018-05-09 15:19 - 000000000 ____D C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-04-24 11:35 - 2019-04-29 19:29 - 000002558 _____ C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Canary.lnk
2020-04-24 11:35 - 2019-04-29 19:29 - 000002521 _____ C:\Users\Boo\Desktop\Microsoft Edge Canary.lnk
2020-04-24 04:08 - 2018-05-09 17:10 - 000000000 ____D C:\Users\Boo\AppData\Roaming\vlc
2020-04-22 20:56 - 2019-07-09 05:08 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-04-22 01:50 - 2018-05-09 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-04-21 15:23 - 2020-03-15 10:09 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-21 15:23 - 2020-03-15 10:09 - 000002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-21 15:23 - 2020-03-15 10:09 - 000002275 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-20 09:31 - 2019-12-29 18:36 - 000002742 _____ C:\Users\Boo\Desktop\Amazon A to Z Login.lnk
2020-04-20 09:31 - 2019-12-29 18:35 - 000002726 _____ C:\Users\Boo\Desktop\MSPoweruser.lnk
2020-04-20 09:31 - 2019-04-30 08:00 - 000002968 _____ C:\Users\Boo\Desktop\Messages.lnk
2020-04-20 09:31 - 2018-12-04 06:29 - 000001175 _____ C:\Users\Boo\Desktop\RuneLite (2).lnk
2020-04-20 09:31 - 2018-10-27 05:06 - 000002142 _____ C:\Users\Boo\Desktop\f.lux (2).lnk
2020-04-20 09:31 - 2018-10-18 09:17 - 000002142 _____ C:\Users\Boo\Desktop\f.lux.lnk
2020-04-20 09:31 - 2018-07-15 10:23 - 000002287 _____ C:\Users\Boo\Desktop\Discord PTB.lnk
2020-04-20 09:31 - 2018-06-06 07:23 - 000001938 _____ C:\Users\Boo\Desktop\Vindictus.lnk
2020-04-20 09:31 - 2018-05-22 20:10 - 000001159 _____ C:\Users\Boo\Desktop\MSI Afterburner.lnk
2020-04-20 09:31 - 2018-05-15 15:20 - 000002242 _____ C:\Users\Boo\Desktop\Discord.lnk
2020-04-20 09:31 - 2018-05-09 16:06 - 000000869 _____ C:\Users\Boo\Desktop\ShareX.lnk
2020-04-18 13:15 - 2018-05-09 15:15 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-18 06:02 - 2019-08-05 14:41 - 000000000 ____D C:\ProgramData\AnyDesk
2020-04-16 00:28 - 2019-04-29 19:29 - 000003740 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-1653849798-2691019652-4043355550-1001UA
2020-04-16 00:28 - 2019-04-29 19:29 - 000003472 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-1653849798-2691019652-4043355550-1001Core
2020-04-08 03:52 - 2018-05-09 15:46 - 000196560 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2020-04-01 05:13 - 2018-12-02 14:16 - 000000042 _____ C:\Users\Boo\jagex_cl_oldschool_LIVE.dat
2020-04-01 05:13 - 2018-12-02 14:16 - 000000024 _____ C:\Users\Boo\random.dat
2020-03-30 03:51 - 2018-05-09 15:46 - 000208360 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-03-28 17:23 - 2018-12-04 06:18 - 000000000 ____D C:\Users\Boo\.runelite

==================== Files in the root of some directories ========

2018-05-23 09:42 - 2018-05-27 10:51 - 001065984 _____ () C:\Users\Boo\AppData\Local\file__0.localstorage
2019-06-06 09:46 - 2019-06-07 15:47 - 000007605 _____ () C:\Users\Boo\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-04-22 18:10
==================== End of FRST.txt ========================

Quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2020
Ran by Boo (26-04-2020 13:27:33)
Running from H:\Downloads
Windows 10 Enterprise 2016 LTSB Version 1607 14393.2828 (X64) (2018-05-09 22:02:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1653849798-2691019652-4043355550-500 - Administrator - Disabled) => C:\Users\Administrator
Boo (S-1-5-21-1653849798-2691019652-4043355550-1001 - Administrator - Enabled) => C:\Users\Boo
DefaultAccount (S-1-5-21-1653849798-2691019652-4043355550-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1653849798-2691019652-4043355550-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1653849798-2691019652-4043355550-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.2.2 - Advanced Micro Devices, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.4.0 - philandro Software GmbH)
Avira (HKLM-x32\...\{CAB70370-888E-4D62-B5D5-DA7982585C46}) (Version: 1.2.145.25926 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{e636e084-c7ab-4246-8ad2-aa1bb1cbedfd}) (Version: 1.2.145.25926 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2004.1828 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{6BAE2CD1-EFB3-48A0-9DC4-7720086B4B65}) (Version: 2.0.6.31130 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Discord (HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\DiscordPTB) (Version: 0.0.51 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Flux) (Version:  - f.lux Software LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.122 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® Power Gadget 3.5 (HKLM\...\{AAFAAB45-753C-4402-A23D-3F0EA9A750EC}) (Version: 3.5.0 - Intel)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Edge Canary (HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\Microsoft Edge SxS) (Version: 84.0.495.0 - Microsoft Corporation)
Microsoft Excel 2019 - en-us (HKLM\...\Excel2019Volume - en-us) (Version: 16.0.11601.20230 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.1.0 (HKLM-x32\...\RTSS) (Version: 7.1.0 - Unwinder)
RuneLite (HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\RuneLite_is1) (Version: Launcher 1.6.0 - RuneLite)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.2.0.1610 - Samsung Electronics)
Samsung NVM Express Driver (HKLM-x32\...\{bfb0503a-76b9-415a-b0a3-dd55d2a01ebe}) (Version: 3.0.0.1802 - Samsung Electronics)
Samsung NVM Express Driver 3.0.0.1802 (HKLM\...\{92729760-681A-42A2-A101-1098CAB4DEC1}) (Version: 3.0.0.1802 - Samsung Electronics Co., Ltd) Hidden
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.1.0 - ShareX Team)
Skype version 8.58 (HKLM-x32\...\Skype_is1) (Version: 8.58 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.5.5819 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
VMware Workstation (HKLM\...\{431EEEDD-6D71-4269-8F7F-836CFAF69A17}) (Version: 15.0.2 - VMware, Inc.)
VPNetwork LLC - TorGuard - Online Privacy Protection Services (HKLM-x32\...\VPNetwork LLC TorGuard) (Version: "3.90.0" - "VPNetwork LLC")

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{1BF368D2-E51E-4ACC-8F60-3FC9E891B96A}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.119.43\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{1EFE814D-F1BA-4B7E-AE9A-A8BD71D2CF2D}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.117.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{23E47198-B3EE-44D9-B0F4-1B3F4A1E3336}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.101.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{300E17A3-B34E-4D77-BCB4-4F227F215016}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.121.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{3AD5FAA2-198B-4FD0-946A-713C16A8421B}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.105.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{4372F3CE-EDF2-4B6A-937B-A6E1F4C1AA78}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.117.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{4BF4AA82-C9FE-45F5-A67A-925D602662F3}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.125.27\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{5DB7CD8E-F11E-401F-8B84-E5B37533C22A}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.117.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.125.27\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{75C74D83-5728-4B1A-8752-0D1809C0CF07}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.107.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{7CE325BB-E244-46E6-A080-DAB5F87CF1C7}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.111.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{9098DA36-53B8-4B8B-A550-6C71DA71B697}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.103.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{9C08B62F-350A-41A8-866D-958247525EE6}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.113.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{C577C0FE-3906-48F4-B0D5-5F8151E18F5B}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.109.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{DBB733DE-162C-4B0D-A51B-71A2F35F7174}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.107.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{F08D360F-FFA6-4954-8CA6-8E3DB6037CEB}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.111.43\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001_Classes\CLSID\{F72FA0AF-5C8C-436F-8D41-E1B27FA05DE2}\InprocServer32 -> C:\Users\Boo\AppData\Local\Microsoft\EdgeUpdate\1.3.119.39\psuser_64.dll => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-11-21] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-11-21] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\System32\l3codecp.acm [183296 2016-07-16] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [193536 2016-07-16] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Boo\Desktop\Amazon A to Z Login.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cbifgandkojijpdamcolamckmnlagfci
ShortcutWithArgument: C:\Users\Boo\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Boo\Desktop\Messages.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hpfldicfbfomlpcikngkocigghgafkph
ShortcutWithArgument: C:\Users\Boo\Desktop\MSPoweruser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ckeimohapidimpkfklblocnabnhlbiij
ShortcutWithArgument: C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Amazon A to Z Login.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cbifgandkojijpdamcolamckmnlagfci
ShortcutWithArgument: C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Messages.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hpfldicfbfomlpcikngkocigghgafkph
ShortcutWithArgument: C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MSPoweruser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ckeimohapidimpkfklblocnabnhlbiij

==================== Loaded Modules (Whitelisted) =============

2018-04-23 08:13 - 2018-04-23 08:13 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2018-04-23 08:13 - 2018-04-23 08:13 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2018-04-23 08:13 - 2018-04-23 08:13 - 000567808 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-04-23 08:13 - 2018-04-23 08:13 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2018-04-23 08:13 - 2018-04-23 08:13 - 000357888 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-02-28 18:22 - 2020-02-28 18:22 - 001518592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-02-28 18:30 - 2020-02-28 18:30 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 04:47 - 2019-03-04 18:36 - 000001204 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 media-match.com
127.0.0.1 adclick.g.doublecklick.net
127.0.0.1 www.googleadservices.com
127.0.0.1 open.spotify.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 desktop.spotify.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 audio2.spotify.com
127.0.0.1 www.omaze.com
127.0.0.1 omaze.com
127.0.0.1 bounceexchange.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1653849798-2691019652-4043355550-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Boo\AppData\Roaming\Actual Tools\Actual Multiple Monitors\Wallpapers\Composed.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Bluetooth Network Connection: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Block Cortana ActionUriServer.exe] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe No File
FirewallRules: [Block Cortana PlacesServer.exe] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe No File
FirewallRules: [Block Cortana RemindersServer.exe] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe No File
FirewallRules: [Block Cortana RemindersShareTargetApp.exe] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersShareTargetApp.exe No File
FirewallRules: [Block Cortana SearchUI.exe] => (Block) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe No File
FirewallRules: [{C8FE2BA2-921B-47F0-AE1F-DC32482AF828}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{42FF6CF6-4822-49C2-9DDD-94011F5799AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8786A527-D05D-4242-9894-4151923080C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{FB206719-DC7C-4615-801F-20714F28CF92}G:\unity\editor\unity.exe] => (Allow) G:\unity\editor\unity.exe No File
FirewallRules: [UDP Query User{AFEA08D7-A863-4571-86DE-7D539D0C1690}G:\unity\editor\unity.exe] => (Allow) G:\unity\editor\unity.exe No File
FirewallRules: [TCP Query User{2EA1A597-D092-44C6-B5AD-7924114D1E9C}G:\unity\editor\unity.exe] => (Allow) G:\unity\editor\unity.exe No File
FirewallRules: [UDP Query User{FFB1B483-7999-4FE1-80FE-728597BA5AAF}G:\unity\editor\unity.exe] => (Allow) G:\unity\editor\unity.exe No File
FirewallRules: [TCP Query User{F8791133-854C-4740-A3B0-FBA0118DD636}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [UDP Query User{A96D1C27-2372-4E83-99DD-0116B7D820CC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [TCP Query User{A02A2142-132A-4B88-9375-37EE837DB091}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{44AF7752-DAB7-4EDB-823A-DE91D6AA58E6}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{BE829093-BA58-4297-ADB5-84D838E09F7F}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Block) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{E64E8A52-DD34-4DCA-B370-CF493FF5CBBA}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Block) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{2D03246B-726D-422D-B760-F6403F47ABB2}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{95F79B80-A31E-4952-9907-061409E1A7FD}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B692B989-F9A5-4706-BB9A-CA9A969A1387}] => (Block) %ProgramFiles%\qBittorrent\qbittorrent.exe No File
FirewallRules: [{97948C77-67CF-486A-BD63-56F0F389106E}] => (Block) %ProgramFiles%\qBittorrent\qbittorrent.exe No File
FirewallRules: [TCP Query User{E83AD0CC-302E-4DED-8549-612C40BAB51D}D:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe (NEXON Korea Corporation. -> NEXON Corp.)
FirewallRules: [UDP Query User{085BD46B-075A-4BDD-B99D-6502340E0AED}D:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe (NEXON Korea Corporation. -> NEXON Corp.)
FirewallRules: [{99C5B586-A451-4651-B311-843B14D217D2}] => (Allow) G:\Origin ***** game\A way out\AWayOut\Haze1\Binaries\Win64\AWayOut.exe No File
FirewallRules: [{470FE235-893D-41AE-A7EE-9DA2DD78FD0E}] => (Allow) G:\Origin ***** game\A way out\AWayOut\Haze1\Binaries\Win64\AWayOut.exe No File
FirewallRules: [{7B1B48A3-43E0-4C1C-94AF-AB7102E06EDA}] => (Allow) G:\Origin ***** game\A way out\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe No File
FirewallRules: [{9CF3A6C5-1290-4C73-9CE2-4207F1D06585}] => (Allow) G:\Origin ***** game\A way out\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe No File
FirewallRules: [{B23E4CA0-3C54-4349-A5F3-42F68923337A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FBB44116-75C0-4CD5-836D-2512C5ABAD73}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3A42C5C-E4AC-4E61-A11A-53BE9908CD87}] => (Allow) C:\Users\Boo\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{DA4C2470-5236-4D3E-B025-E513F945AE1D}] => (Allow) C:\Users\Boo\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F9EFCFEE-46A9-43BB-9A5C-2551ED7025B6}] => (Allow) G:\payday\steamapps\common\PAYDAY 2\payday2_win32_release.exe No File
FirewallRules: [{8C054492-ED2F-4350-B5A5-923BE7C861D5}] => (Allow) G:\payday\steamapps\common\PAYDAY 2\payday2_win32_release.exe No File
FirewallRules: [{B3E9BED3-B532-46E7-B7BA-47F869C77848}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe No File
FirewallRules: [{C7FC3C45-57A4-4865-BA7E-8EE29BC65641}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe No File
FirewallRules: [{366A6FE9-9EF7-430C-825D-8779F1855825}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{281659EF-21C2-47EF-BB0E-51491A4D8534}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{7F2984F1-6FB4-485C-8A6B-3B6F850BF7A7}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{0623F270-6699-4320-AE05-78C9F53B44B0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{D13E1BC2-3BD7-4390-98F5-42C858979BE9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2FAF29A7-4E36-4057-862C-23FCE7743947}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{AC6E6E3F-E719-4FA4-8D2D-4A606DF7D947}C:\program files (x86)\common files\oracle\java\javapath_target_193905140\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_193905140\java.exe No File
FirewallRules: [UDP Query User{93745B8D-EB09-4C45-870E-B6B3BC6C7CE0}C:\program files (x86)\common files\oracle\java\javapath_target_193905140\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_193905140\java.exe No File
FirewallRules: [{EB7533F9-B877-4966-AD7C-96F788C00B84}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe No File
FirewallRules: [{794BB131-C0A3-461E-8334-7792D3F87EC3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe No File
FirewallRules: [{E7588C75-306B-4F2A-BC09-CB1DB885005F}] => (Allow) G:\Zombie game\l4d2\steamapps\common\left 4 dead\left4dead.exe No File
FirewallRules: [{CAC23E01-6A13-48C4-B50A-3D2875B417C6}] => (Allow) G:\Zombie game\l4d2\steamapps\common\left 4 dead\left4dead.exe No File
FirewallRules: [{E288BACA-AE4D-497F-BA3B-52EFF9FDD855}] => (Allow) G:\Zombie game\l4d2\steamapps\common\Left 4 Dead 2\left4dead2.exe No File
FirewallRules: [{2D2803AB-6570-4461-B21A-6CB9261AF83A}] => (Allow) G:\Zombie game\l4d2\steamapps\common\Left 4 Dead 2\left4dead2.exe No File
FirewallRules: [TCP Query User{A3E9E2F1-F5B8-44F5-BA7D-C862F59851D1}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{8792482B-8857-4395-BDA7-CE626F74C892}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe No File
FirewallRules: [{0AA7DCEB-C36C-4C83-BB43-A688FF6B0DE5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{EDB5AC32-A315-4CD0-A56F-1C6EBB6A14A5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{BF2EAB5C-0CAD-479D-A997-F57CD0C11A15}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{40DA9CF0-AAFA-438F-8A9A-D85537880CC3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [TCP Query User{53E174E1-0217-46AD-B92F-65D07A727CF4}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{7AE3374D-096D-44C7-B077-DAAC94FDAE7E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{123FC59F-44BA-4DF8-AFC1-F815E73A5F93}G:\pbe\rads\projects\league_client\releases\0.0.2.116\deploy\leagueclient.exe] => (Allow) G:\pbe\rads\projects\league_client\releases\0.0.2.116\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{841B26D4-1335-4006-A8E9-701463F17EA8}G:\pbe\rads\projects\league_client\releases\0.0.2.116\deploy\leagueclient.exe] => (Allow) G:\pbe\rads\projects\league_client\releases\0.0.2.116\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{B8CEE7E0-C429-4D57-A0B3-8FE53E417F13}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{0C5738E1-64FE-4667-BDEE-0C71EB74B384}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe No File
FirewallRules: [{FED6008F-84D3-4929-883D-2CBBBEFC523B}] => (Allow) G:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe No File
FirewallRules: [{1D922BCA-E601-4516-BECD-1CA437AC5D9A}] => (Allow) G:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe No File
FirewallRules: [TCP Query User{931B6899-819D-48F1-B541-5D7D348F00D9}G:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) G:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{18960259-93FA-4E3D-B74D-2EA496CAD2D2}G:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) G:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [TCP Query User{3CAC4372-9CF5-4B25-A9C0-37DDAEE26E3E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{41332229-D54F-4651-9E8A-4AB6D86F33E2}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{25A796DD-4A8C-477D-8216-5D1F6D7103C8}C:\users\boo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boo\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{C191D6AF-3F6A-41C5-BFF4-F7AFEDF09050}C:\users\boo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boo\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{6E8B16A1-79C9-43D2-A6E0-26FB05BE6458}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe (NEXON Korea Corporation. -> Nexon Corp.)
FirewallRules: [{9C8C2CEA-6843-45D4-BDEF-33CFFB0B383C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe (NEXON Korea Corporation. -> Nexon Corp.)
FirewallRules: [{78DE8914-41FF-4543-9F6B-A891120B6835}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{AE94AB07-4E96-4DAD-BFA9-78CFFBE2B8D7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{E6E4C759-2E6D-45B2-9D39-A0CDA9D680A9}] => (Allow) C:\Users\Boo\Desktop\Steam.exe No File
FirewallRules: [{A63E9B13-6A16-4E4D-BE8F-31874847BBF1}] => (Allow) C:\Users\Boo\Desktop\Steam.exe No File
FirewallRules: [TCP Query User{50F49322-4225-4810-9F76-D08A3B2586B8}C:\users\boo\desktop\steam - copy.exe] => (Allow) C:\users\boo\desktop\steam - copy.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{0417FCA7-245A-4B7F-B037-400937671A04}C:\users\boo\desktop\steam - copy.exe] => (Allow) C:\users\boo\desktop\steam - copy.exe (Valve -> Valve Corporation)
FirewallRules: [{0C30CD44-32D6-43BA-B7D9-AAA6F43E6978}] => (Allow) C:\Users\Boo\Desktop\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{58948338-598E-4D8A-AABB-3A5F8CFB30D9}] => (Allow) C:\Users\Boo\Desktop\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{7432BEF7-1B8C-486C-A554-138A762ECD7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6C4673ED-EB58-4066-8AEA-0C256FDB41E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FD44A63F-F8F0-4AD6-829E-3EA131E477D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{076C73C0-DF72-491F-919F-52C2176D3208}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{1C2BB5AD-6809-4D48-84D6-AB2D83C03C14}C:\program files\tightvnc\tvnviewer.exe] => (Allow) C:\program files\tightvnc\tvnviewer.exe No File
FirewallRules: [UDP Query User{1654E9E9-A398-47DA-830F-DD992CFFD734}C:\program files\tightvnc\tvnviewer.exe] => (Allow) C:\program files\tightvnc\tvnviewer.exe No File
FirewallRules: [TCP Query User{49D10B5B-BF26-49FD-A6CD-341A500A0AFD}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{ABE162EB-B1CF-479B-9A00-27C6D1A719CF}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{E47C0542-B571-4BBF-97E7-BEFF6A93D29A}C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe] => (Block) C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{103227F8-31FD-4A60-A2C5-4E20CC2F5FAE}C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe] => (Block) C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B0E0A196-7017-4B17-853B-C3556CB9EDC0}C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe] => (Allow) C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{29581D02-A795-45E2-B2E2-8CDF7A045653}C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe] => (Allow) C:\users\boo\appdata\local\microsoft\edge sxs\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{00B413C4-8130-43DB-8091-6C153C6B632E}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe (Saber Interactive) [File not signed]
FirewallRules: [UDP Query User{B3553747-DD8B-485C-BE14-4A2AEF0FE994}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe (Saber Interactive) [File not signed]
FirewallRules: [{8F7662E0-D9B0-45A6-B6D6-4A54E1E98CCE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{9BA3A3D8-DA69-4504-966A-58D6E622DF2F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{B64BE253-0B8C-4395-AD66-127B27D9E689}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe No File
FirewallRules: [{F71A5556-234A-4F78-A7F4-4E39D3C932BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe No File
FirewallRules: [{3199D138-7D9C-4B2D-9DA0-2402DFAD1F0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{315D3876-D9DB-44BB-AC01-6F299BD6739B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe (NEXON Korea Corporation. -> Nexon Corp.)
FirewallRules: [{3DA9DF54-6A75-45B2-8DF2-A377E1DF4FDE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe (NEXON Korea Corporation. -> Nexon Corp.)
FirewallRules: [{3E876C3B-769F-43E2-8CFE-85A056FEB19D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{8247295B-E4D3-4FF7-B948-47760B5EE605}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{D07D8491-D1B1-4E6B-A1E2-E607DFA8A3FE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{282A35E7-11F4-4847-AAD4-6423FA691F43}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{0C23F385-691D-401D-9C3C-1A17B2CCEA7A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{B9A605E6-2F7E-4A67-8DEA-AA9C00F16A2B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{6895F98A-2853-4EEA-BF4E-5D52BCA271CB}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:465.21 GB) (Free:298.21 GB) (64%)
Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Dual Band Wireless-AC 7265
Description: Intel(R) Dual Band Wireless-AC 7265
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/26/2020 01:23:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.2004.1823, time stamp: 0x5e848f39
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd1345f
Exception code: 0xc0000005
Fault offset: 0x00058ba9
Faulting process id: 0xad4
Faulting application start time: 0x01d61c086ac41dfd
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 44eb1eb6-74d5-4887-a7bd-f912d308d0f5
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/25/2020 04:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.2155, time stamp: 0x5a9e25d8
Faulting module name: ntdll.dll, version: 10.0.14393.2608, time stamp: 0x5bd133d4
Exception code: 0xc0000374
Fault offset: 0x00000000000f7b43
Faulting process id: 0x824
Faulting application start time: 0x01d5fd8cf4dad6d6
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: cd5ccb88-71c7-4ca1-86a1-8bbbdf80320d
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/18/2020 01:10:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/18/2020 01:09:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mpc-hc64.exe version 1.7.13.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 50fc

Start Time: 01d615bd237969ef

Termination Time: 12582

Application Path: H:\Downloads\MPC-HC.1.7.13.x64\mpc-hc64.exe

Report Id: 87e2548b-81b0-11ea-88ef-98eecb4a9059

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/11/2020 09:29:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2020 02:10:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/28/2020 02:10:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 80.0.3987.149 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2068

Start Time: 01d5fd8ebaf9ee16

Termination Time: 11

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 96dc84df-7138-11ea-88ef-98eecb4a9059

Faulting package full name: 

Faulting package-relative application ID:

Error: (03/26/2020 02:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.591, time stamp: 0x5e691699
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e4172be
Exception code: 0xc0000005
Fault offset: 0x0000000000219d05
Faulting process id: 0xe78
Faulting application start time: 0x01d5fd8eacac4603
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 0d69f98c-3ba0-4744-8697-a3c916950ab7
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (04/26/2020 01:24:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/26/2020 01:23:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/26/2020 01:23:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/26/2020 01:22:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2020 01:22:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2020 01:22:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2020 01:22:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2020 01:22:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================

Date: 2020-04-22 20:56:42.701
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Users\Boo\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-22 20:56:42.697
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Users\Boo\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-08 03:14:41.479
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Users\Boo\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-06 18:40:42.054
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Users\Boo\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-06 18:40:42.038
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Users\Boo\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-06 18:15:09.134
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-06 18:14:29.351
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-06 18:14:29.079
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume12\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume12\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. R01-A4 05/19/2016
Motherboard: Acer Aspire T3-715A
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 16320.57 MB
Available physical RAM: 11816.09 MB
Total Virtual: 31168.57 MB
Available Virtual: 24157.69 MB

==================== Drives ================================

Drive 😄 (Samsung 970 Evo) (Fixed) (Total:465.21 GB) (Free:298.21 GB) NTFS
Drive d: (Samsung 850 Evo) (Fixed) (Total:237.92 GB) (Free:106.95 GB) NTFS
Drive g: (Samsung 950 Pro) (Fixed) (Total:232.76 GB) (Free:119.79 GB) NTFS
Drive h: (WD 2TB Blue) (Fixed) (Total:1862.89 GB) (Free:27.88 GB) NTFS
Drive i: (Samsung 970 Evo) (RAMDisk) (Total:465.21 GB) (Free:298.5 GB) NTFS

\\?\Volume{aff617dc-9164-42f3-a113-3bd1541c81c3}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.14 GB) NTFS
\\?\Volume{2411e6b3-146e-4b1b-881d-02c310757b85}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.14 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

Link to post
Share on other sites

Hello Boo,

Thanks for those logs, in future please do not use quote boxes, either copy and paste the logs to your reply or attach to your reply.

Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image

Next,

Download and run the Malwarebytes Support Tool
Accept the EULA and click Advanced tab on the left (not Start Repair)
Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

Next,

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Post those logs to your next reply..

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

16 hours ago, kevinf80 said:
Hello Boo and welcome to malwarebyte....

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

or,

https://downloads.malwarebytes.com/file/mb4_offline

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
 

All done.

 

13 hours ago, kevinf80 said:

Hello Boo,

Thanks for those logs, in future please do not use quote boxes, either copy and paste the logs to your reply or attach to your reply.

Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image

Next,

Download and run the Malwarebytes Support Tool
Accept the EULA and click Advanced tab on the left (not Start Repair)
Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

Next,

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Post those logs to your next reply..

Thank you,

Kevin

fixlist.txt 14.27 kB · 1 download

All done.

MRST log: 


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.81, (build 5.81.16832.1)
Started On Mon Apr 27 04:56:55 2020

Engine: 1.1.16800.2
Signatures: 1.311.96.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
 

 

123.txt

Link to post
Share on other sites

13 hours ago, kevinf80 said:

Nothing we have done should have an impact on your internet speed or installing or unistalling software... Use following link to run troubleshooter to fix software issue..

https://support.microsoft.com/en-gb/help/17588/windows-fix-problems-that-block-programs-being-installed-or-removed

Let me know the outcome..

A simple restart on my PC fixed it. Anyhow, any solution to removing the rsrvtrckcom redirects?

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.