How to get rid of Linkury?

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

xandertje10

PCHF Member
PCHF Member
Nov 29, 2018
10
1
18
Hi there!

I have a bit of a problem. A couple of days ago I installed a shady windows kms activator which seems to have come with all kinds of shady stuff. I've managed to clean my pc completely except for one thing: Linkury still keeps on hijacking chrome. I'm getting weird ads that mask themselves as google search results and chrome redirects to shady pages without me even clicking anywhere. I've ran a virus scanner multiple times and it keeps finding it and uninstalling it, but it's reinstalls itself immediately and the next time I run the scanner it's back again.

Can anyone help me get rid of this?
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,462
1,694
Sydney, Australia
pchelpforum.net
You really are playing with fire by using such activators to enable pirated software. Please remove any pirated software from your pc before we continue.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"



Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post:)

NEXT We need a log from Farbar Recovery Scan Tool (FRST) to examine your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2.jpg


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

frst disclaimer.jpg

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select "Scan"
frst.jpg


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002.jpg


Please also COPY and PASTE the contents of these two files in your next post.
 

xandertje10

PCHF Member
PCHF Member
Nov 29, 2018
10
1
18
Here you go.
AdwBytes log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-15.6 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-18-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 22
# Failed: 0


* [ Services ] *

Deleted Update service
Deleted iOSinstallerUpdater

* [ Folders ] *

No malicious folders cleaned.

* [ Files ] *

No malicious files cleaned.

* [ DLL ] *

No malicious DLLs cleaned.

* [ WMI ] *

No malicious WMI cleaned.

* [ Shortcuts ] *

No malicious shortcuts cleaned.

* [ Tasks ] *

No malicious tasks cleaned.

* [ Registry ] *

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{670A92B1-FB8F-424D-A230-5672D35F3F09}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{4A44D7F3-EB69-49B2-8594-F7B77FBDBD5C}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{013D6ACE-94F1-4467-A293-602D47B27152}C:\program files (x86)\popcorn time\chromecast\node.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{7AC7C49A-6197-4D55-BDCE-653E842D551E}C:\program files (x86)\popcorn time\chromecast\node.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A173CD11-1295-4453-B209-1C050E999ED5}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{287256CC-355F-4E40-9EFA-FAD112A37516}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3EF0B010-FC09-44F8-99F9-57B7D3671638}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BAA373AB-DC21-4E31-B239-F16F8A416B70}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C32D9480-439A-478D-AD01-BD2527CDD71C}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FC86C8B6-EC74-42E7-8445-D465593CFC81}
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

* [ Chromium (and derivatives) ] *

Deleted Amazon Assistant for Chrome
Deleted Bitly | Unleash the power of the link

* [ Chromium URLs ] *

Deleted Softonic EN

* [ Firefox (and derivatives) ] *

No malicious Firefox entries cleaned.

* [ Firefox URLs ] *

No malicious Firefox URLs cleaned.


*

[+] Delete Tracing Keys
[+] Reset Winsock

*

AdwCleaner[S00].txt - [4051 octets] - [18/02/2019 08:58:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########










FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2019
Ran by Xander (administrator) on DESKTOP-IMRO5S9 (18-02-2019 09:18:14)
Running from F:\Desktop
Loaded Profiles: Xander (Available Profiles: Xander)
Platform: Windows 10 Pro Version 1709 16299.904 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(<AVerMedia>) C:\Program Files (x86)\AVerMedia\AVerMedia Live Gamer EXTREME\AVerUSBPortChecker.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(AVerMedia TECHNOLOGIES, Inc.) D:\AVerMedia\AVerMedia RECentral 3\RECentralService.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) E:\MalwareFox AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) F:\Downloads\adwcleaner_7.2.7.0 (1).exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\tv_x64.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Copyright 2017.) E:\MalwareFox AntiMalware\ZAM.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
(f.lux Software LLC) C:\Users\Xander\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ShareX Team) E:\ShareX\ShareX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => "E:\iTunesHelper.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942744 2018-12-17] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [ZAM] => E:\MalwareFox AntiMalware\ZAM.exe [15767792 2019-02-17] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [21430992 2018-03-27] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => E:\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-07-06] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => E:\Cyberlink\Power2Go8\VirtualDrive.exe [499640 2015-07-06] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => E:\Cyberlink\YouCam\YouCamService.exe [265656 2015-06-15] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [Discord] => C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [Steam] => E:\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9001904 2019-02-15] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [Spotify] => C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe [26118888 2019-02-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [f.lux] => C:\Users\Xander\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7391816 2018-10-22] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\MountPoints2: {9c91266c-f5a4-11e8-80c2-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\setup.exe
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [55296 2005-01-22] ()
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [309248 2015-12-18] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [67072 2017-09-29] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.)
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] ()
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-17] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> E:\Cyberlink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-06-15] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GambatteSwitch.lnk [2017-06-09]
ShortcutTarget: GambatteSwitch.lnk -> D:\NirCmd\Music_On_Off\GambatteSwitch.ahk ()
Startup: C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusicSwitch.lnk [2017-06-09]
ShortcutTarget: MusicSwitch.lnk -> D:\NirCmd\Music_On_Off\MusicSwitch.ahk ()
Startup: C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> E:\ShareX\ShareX.exe (ShareX Team)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{16cae30b-79b3-48c8-8e36-35a8bc836264}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-47498d6a
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3061653555-2214285171-3603488753-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2djoilab.default
FF ProfilePath: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\2djoilab.default [2019-02-18]
FF Homepage: Mozilla\Firefox\Profiles\2djoilab.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\2djoilab.default -> about:newtab
FF Extension: (Popup-Blocker) - C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\2djoilab.default\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi [2018-03-18]
FF SearchPlugin: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\2djoilab.default\searchplugins\bing-lavasoft-ff59.xml [2018-06-12]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.twitch.tv/directory/following"
CHR Profile: C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default [2019-02-18]
CHR Extension: (Google Translate) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-02-17]
CHR Extension: (Slides) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-17]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2019-02-17]
CHR Extension: (The FFZ Add-On Pack) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimboljphncldaakcnapfolgnjonlea [2019-02-17] [UpdateUrl: hxxps://cdn.ffzap.com/firefox-updates.json] <==== ATTENTION
CHR Extension: (BetterTTV) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-02-17]
CHR Extension: (Docs) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-17]
CHR Extension: (Google Drive) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-17]
CHR Extension: (YouTube) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-17]
CHR Extension: (Honey) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-17]
CHR Extension: (uBlock Origin) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-17]
CHR Extension: (Tampermonkey) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-17]
CHR Extension: (FrankerFaceZ) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-02-17]
CHR Extension: (Sheets) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-17]
CHR Extension: (HTTPS Everywhere) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-17]
CHR Extension: (Gmail) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc. -> Apple Inc.)
R2 AVerUSBPortChecker; C:\Program Files (x86)\AVerMedia\AVerMedia Live Gamer EXTREME\AVerUSBPortChecker.exe [191496 2016-11-16] (Microsoft Windows Hardware Compatibility Publisher -> <AVerMedia>)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [706120 2018-10-22] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7112264 2018-10-02] (GOG Sp. z o.o. -> GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OVPNService; C:\Users\Xander\AppData\Local\TotalVPN\OVPN.Service.exe [20080 2016-06-28] (PSEUDiO Ltd -> )
S2 Pleasant Password Server; C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.WindowsService.exe [112640 2018-10-30] (Pleasant Solutions) [File not signed]
R2 RECentralService; D:\AVerMedia\AVerMedia RECentral 3\RECentralService.exe [2632288 2017-09-26] (AVerMedia TECHNOLOGIES, INC. -> AVerMedia TECHNOLOGIES, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; E:\MalwareFox AntiMalware\ZAM.exe [15767792 2019-02-17] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMU3GC55064; C:\WINDOWS\system32\drivers\avmu3gc550_x64.sys [690440 2017-10-16] (AVerMedia TECHNOLOGIES, Inc. -> AVerMedia TECHNOLOGIES, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2017-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2017-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 GVUSB2.X64; C:\WINDOWS\SYSTEM32\DRIVERS\GVUSB2.X64.SYS [565248 2010-07-05] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-20] (Logitech -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-18] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (Microsoft Windows -> MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a5e9eb9bc021c27a\nvlddmkm.sys [20337080 2018-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Microsoft Windows -> Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [30720 2012-07-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-03-28] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-02-17] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-02-17] (Zemana Ltd. -> Zemana Ltd.)
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; \SystemRoot\System32\drivers\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-18 09:12 - 2019-02-18 09:18 - 000000000 ____D C:\FRST
2019-02-18 09:01 - 2019-02-18 09:01 - 000274416 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-18 09:01 - 2019-02-18 09:01 - 000127136 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-18 09:01 - 2019-02-18 09:01 - 000114040 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-18 09:01 - 2019-02-18 09:01 - 000072864 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-18 08:51 - 2019-02-18 09:00 - 000000000 ____D C:\AdwCleaner
2019-02-18 07:40 - 2019-02-18 07:40 - 000000000 ___HD C:\OneDriveTemp
2019-02-17 16:38 - 2019-02-17 16:41 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-02-17 16:29 - 2019-02-17 16:29 - 000198512 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ___DC C:\Users\Xander\AppData\Local\mbamtray
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ___DC C:\Users\Xander\AppData\Local\mbam
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-17 16:29 - 2019-02-01 11:20 - 000020936 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-17 16:29 - 2019-01-08 15:32 - 000153328 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-17 10:55 - 2019-02-18 09:18 - 000216857 _ C:\WINDOWS\ZAM.krnl.trace
2019-02-17 10:55 - 2019-02-18 09:18 - 000055867 _ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-17 10:55 - 2019-02-17 10:55 - 000203680 _ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-02-17 10:55 - 2019-02-17 10:55 - 000203680 _ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-02-17 10:55 - 2019-02-17 10:55 - 000000000 ___DC C:\Users\Xander\AppData\Local\Wolf of Webstreet OPC Private Limited
2019-02-17 10:55 - 2019-02-17 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2019-02-17 10:54 - 2019-02-17 10:54 - 000000000 ___DC C:\Users\Xander\AppData\Local\Zemana
2019-02-17 10:45 - 2019-02-17 10:45 - 000003418 _ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-17 10:45 - 2019-02-17 10:45 - 000003294 _ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-17 10:45 - 2019-02-17 10:45 - 000002379 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 17:59 - 2019-02-15 17:59 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Brackeys
2019-02-14 15:49 - 2019-02-17 10:57 - 000000000 _SHDC C:\Users\Xander\AppData\Roaming\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.22923_none_ff1bb22c34862201
2019-02-14 15:49 - 2019-02-17 10:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\Z-1-9-58-1371741354-1393809609-1077592444-8253
2019-02-14 15:49 - 2019-02-14 15:49 - 000003584 _ C:\WINDOWS\SECOH-QAD.dll
2019-02-14 15:49 - 2010-12-06 03:16 - 000090112 _ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2019-02-14 15:44 - 2019-02-14 16:02 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-14 15:43 - 2019-02-14 15:43 - 000004218 _ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1550155430
2019-02-14 15:43 - 2019-02-14 15:43 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Opera Software
2019-02-14 15:43 - 2019-02-14 15:43 - 000000000 ___DC C:\Users\Xander\AppData\Local\Opera Software
2019-02-14 15:32 - 2019-02-14 15:52 - 000722944 ____C C:\Users\Xander\AppData\Local\sha.db
2019-02-14 15:31 - 2019-02-17 16:38 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2019-02-14 10:31 - 2019-02-14 10:31 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\uTorrent
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\2K
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Local\My Games
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Local\cache
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Local\2K
2019-02-12 20:44 - 2019-02-12 20:44 - 001689600 _ C:\WINDOWS\MzAyMGU0.exe
2019-02-12 20:44 - 2019-02-12 20:44 - 000111033 _ C:\WINDOWS\uninstaller.dat
2019-02-12 20:44 - 2019-02-12 20:44 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Frontier Developments
2019-02-12 20:44 - 2019-02-12 20:44 - 000000000 ___DC C:\Users\Xander\AppData\Local\Frontier Developments
2019-02-12 18:29 - 2019-02-12 18:29 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2019-02-12 16:52 - 2019-02-12 16:52 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Dry Cactus
2019-02-07 09:44 - 2019-01-01 07:52 - 002868536 _ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-02-07 09:44 - 2019-01-01 07:52 - 001610552 _ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000792376 _ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000689464 _ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000612152 _ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000480568 _ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000462648 _ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000451896 _ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000309560 _ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000144696 _ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-02-07 09:44 - 2019-01-01 07:51 - 000069944 _ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000035128 _ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-02-07 09:44 - 2019-01-01 07:47 - 008616760 _ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-07 09:44 - 2019-01-01 07:47 - 002394936 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-07 09:44 - 2019-01-01 07:47 - 000128312 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-07 09:44 - 2019-01-01 07:45 - 000542520 _ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-02-07 09:44 - 2019-01-01 07:45 - 000170808 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-07 09:44 - 2019-01-01 07:43 - 002735624 _ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-07 09:44 - 2019-01-01 07:43 - 000248632 _ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-07 09:44 - 2019-01-01 07:43 - 000027448 _ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-07 09:44 - 2019-01-01 07:42 - 003175128 _ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-07 09:44 - 2019-01-01 07:42 - 002415864 _ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-07 09:44 - 2019-01-01 07:42 - 000677392 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-07 09:44 - 2019-01-01 07:42 - 000418824 _ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-07 09:44 - 2019-01-01 07:07 - 000380728 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-02-07 09:44 - 2019-01-01 06:51 - 002216296 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-07 09:44 - 2019-01-01 06:50 - 001991792 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-07 09:44 - 2019-01-01 06:50 - 000353784 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-07 09:44 - 2019-01-01 06:49 - 002381256 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-07 09:44 - 2019-01-01 06:22 - 000016896 _ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.Native.dll
2019-02-07 09:44 - 2019-01-01 06:21 - 000012288 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.Native.dll
2019-02-07 09:44 - 2019-01-01 06:20 - 000331264 _ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-07 09:44 - 2019-01-01 06:20 - 000080896 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-07 09:44 - 2019-01-01 06:20 - 000054784 _ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-07 09:44 - 2019-01-01 06:20 - 000024576 _ (Microsoft Corporation) C:\WINDOWS\system32\PrintWorkflowProxy.dll
2019-02-07 09:44 - 2019-01-01 06:20 - 000016384 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowProxy.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000335360 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000167936 _ (Microsoft Corporation) C:\WINDOWS\system32\PrintWorkflowService.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000104960 _ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000079360 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-02-07 09:44 - 2019-01-01 06:18 - 000456192 _ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-07 09:44 - 2019-01-01 06:18 - 000136192 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowService.dll
2019-02-07 09:44 - 2019-01-01 06:17 - 000155136 _ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-07 09:44 - 2019-01-01 06:16 - 011925504 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-07 09:44 - 2019-01-01 06:15 - 006013440 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-07 09:44 - 2019-01-01 06:15 - 000773120 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-07 09:44 - 2019-01-01 06:13 - 001117184 _ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-07 09:44 - 2019-01-01 06:12 - 012834816 _ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-07 09:44 - 2019-01-01 06:12 - 000945152 _ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-07 09:44 - 2019-01-01 06:11 - 008062464 _ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-07 09:44 - 2019-01-01 06:11 - 000594944 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-07 09:44 - 2019-01-01 06:10 - 001561088 _ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-07 09:44 - 2019-01-01 06:10 - 000735744 _ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-07 09:44 - 2019-01-01 06:04 - 000067584 _ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-02-07 09:44 - 2019-01-01 06:04 - 000050176 _ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-02-07 09:44 - 2019-01-01 06:04 - 000012800 _ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-02-07 09:44 - 2018-12-11 03:20 - 000352768 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-01 14:41 - 2019-02-01 14:41 - 000000000 ____D C:\New folder
2019-01-31 16:14 - 2019-01-31 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2019-01-30 18:18 - 2019-01-31 16:14 - 000000000 ___DC C:\Users\Xander\AppData\Local\MediaHuman
2019-01-30 18:02 - 2019-01-30 18:02 - 000000000 ___DC C:\Users\Xander\AppData\Local\4kdownload.com
2019-01-27 18:51 - 2019-01-27 18:51 - 000000000 ___DC C:\Users\Xander\AppData\Local\chastgameForSite2
2019-01-26 17:04 - 2019-01-26 17:04 - 000000847 ____C C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\School.lnk
2019-01-24 12:25 - 2019-01-24 12:25 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Google
2019-01-20 18:15 - 2019-01-20 18:15 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Temp
2019-01-20 16:39 - 2018-12-14 06:56 - 000664576 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-01-20 16:39 - 2018-12-14 06:49 - 000808960 _ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-18 09:12 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-02-18 09:07 - 2017-12-05 21:03 - 005266788 _ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-18 09:01 - 2018-03-15 15:18 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Spotify
2019-02-18 09:01 - 2017-12-05 20:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-18 09:01 - 2017-07-09 23:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-18 09:01 - 2016-12-20 22:26 - 000000000 _RDCL C:\Users\Xander\OneDrive
2019-02-18 09:00 - 2017-09-29 09:45 - 000524288 _ C:\WINDOWS\system32\config\BBI
2019-02-18 08:50 - 2017-12-05 20:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-17 22:54 - 2016-12-21 13:14 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\vlc
2019-02-17 22:54 - 2016-12-21 10:40 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\obs-studio
2019-02-17 20:12 - 2016-12-21 10:07 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\discord
2019-02-17 20:10 - 2017-01-21 18:55 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\.minecraft
2019-02-17 16:29 - 2017-09-29 14:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-17 15:59 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-17 15:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-17 10:59 - 2018-03-15 15:18 - 000000000 ___DC C:\Users\Xander\AppData\Local\Spotify
2019-02-17 10:45 - 2016-12-20 22:39 - 000000000 ___DC C:\Users\Xander\AppData\Local\Google
2019-02-17 10:45 - 2016-12-20 22:39 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-17 10:25 - 2017-12-20 00:35 - 000000000 ____D C:\ProgramData\Logishrd
2019-02-16 16:29 - 2018-08-04 16:28 - 000000000 ____D C:\Program Files\rempl
2019-02-15 21:40 - 2017-12-07 18:41 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-02-14 16:01 - 2017-10-23 17:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-14 16:01 - 2016-12-21 13:15 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\uTorrent
2019-02-14 15:54 - 2017-12-05 20:54 - 000000000 ___DC C:\Users\Xander\AppData\Local\Packages
2019-02-14 15:45 - 2016-12-21 12:28 - 000000000 ___DC C:\Users\Xander\AppData\Local\CrashDumps
2019-02-14 15:33 - 2019-01-12 16:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-14 15:33 - 2017-10-23 17:44 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Mozilla
2019-02-14 15:33 - 2017-10-23 17:43 - 000001007 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-14 10:31 - 2017-12-05 20:52 - 000414856 _ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 20:55 - 2017-11-10 20:55 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\PopupBlocker
2019-02-12 20:21 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-08 21:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2019-02-08 13:45 - 2018-09-05 18:42 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 09:44 - 2016-12-21 16:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-07 09:42 - 2016-12-21 16:08 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-06 16:23 - 2018-06-20 18:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-03 16:37 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-02-02 22:29 - 2016-12-21 11:56 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\foobar2000
2019-02-01 23:05 - 2017-12-05 20:57 - 000003380 _ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061653555-2214285171-3603488753-1001
2019-02-01 23:05 - 2016-12-30 11:28 - 000002372 ____C C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-01 14:41 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2019-01-30 19:50 - 2017-12-05 20:54 - 000000000 ___DC C:\Users\Xander
2019-01-30 19:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-01-30 19:14 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\registration
2019-01-26 20:38 - 2018-03-15 15:18 - 000001843 ____C C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-01-24 11:47 - 2018-03-13 23:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2018-03-28 14:05 - 2018-03-28 14:05 - 000004642 ____C () C:\Users\Xander\AppData\Roaming\VoiceMeeterDefault.xml
2016-12-31 00:41 - 2018-07-03 23:41 - 000000475 ____C () C:\Users\Xander\AppData\Roaming\WB.CFG
2018-11-19 20:10 - 2018-11-19 20:11 - 000006656 ____C () C:\Users\Xander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-19 00:41 - 2017-12-19 00:41 - 000000068 ____C () C:\Users\Xander\AppData\Local\r18fpz9gq0
2019-02-14 15:32 - 2019-02-14 15:52 - 000722944 ____C () C:\Users\Xander\AppData\Local\sha.db
2016-12-21 11:15 - 2016-12-21 11:15 - 000000003 ____C () C:\Users\Xander\AppData\Local\updater.log
2016-12-21 11:15 - 2018-05-26 20:10 - 000000059 ____C () C:\Users\Xander\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2019-02-14 15:53 - 2019-02-14 15:32 - 000099896 ____C () C:\Users\Xander\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-13 20:52

==================== End of FRST.txt ============================
 

xandertje10

PCHF Member
PCHF Member
Nov 29, 2018
10
1
18
additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2019
Ran by Xander (18-02-2019 09:19:03)
Running from F:\Desktop
Windows 10 Pro Version 1709 16299.904 (X64) (2017-12-05 20:14:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3061653555-2214285171-3603488753-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3061653555-2214285171-3603488753-503 - Limited - Disabled)
Guest (S-1-5-21-3061653555-2214285171-3603488753-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3061653555-2214285171-3603488753-504 - Limited - Disabled)
Xander (S-1-5-21-3061653555-2214285171-3603488753-1001 - Administrator - Enabled) => C:\Users\Xander

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
A Very Small Business v0.0.1 (HKLM-x32\...\{9D780EF7-E999-4F2B-8063-5F5866CC3028}_is1) (Version: 0.0.1 - Grabiobot)
AmaRecTV Live (HKLM-x32\...\AmaRecTV Live) (Version: - )
AnkhBotR2 version 1.0.2.16 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.2.16 - Marcin Swierzowski aka AnkhHeart)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Auto Clicker v14.1 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 14.1 - MurGee.com)
AutoHotkey 1.1.25.02 (HKLM\...\AutoHotkey) (Version: 1.1.25.02 - Lexikos)
AVerMedia Live Gamer EXTREME 3.0.64.97 (HKLM-x32\...\AVerMedia Live Gamer EXTREME) (Version: 3.0.64.97 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral 3 (HKLM-x32\...\{7e6fd995-6160-4ba6-9c71-57e67939a855}) (Version: 3.0.0.93 - AVerMedia TECHNOLOGIES, Inc)
AVerMedia RECentral 3 Installer (HKLM-x32\...\{D4F8EA9E-80D3-46B3-A5D9-7D264D319297}) (Version: 3.0.0.93 - AVerMedia TECHNOLOGIES, Inc.) Hidden
AxCrypt 2.1.1547.0 (HKLM\...\{AE82D8D1-799D-557C-F404-3757A323900D}) (Version: 2.1.1547.0 - AxCrypt AB) Hidden
AxCrypt 2.1.1547.0 (HKLM-x32\...\{586f398f-32ab-46c7-b9bb-59a6c1cd6433}) (Version: 2.1.1547.0 - AxCrypt AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - )
Clustertruck (HKLM-x32\...\{BB09E395-9405-44CA-A17C-98DF998CF216}) (Version: - TinyBuild LLC)
Corsair Utility Engine (HKLM-x32\...\{BB25387A-061E-42E9-AB2F-64073B3E3180}) (Version: 2.24.50 - Corsair)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Discord (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 3.12 - NCH Software)
EmoTracker (HKLM-x32\...\{0851E4A7-503B-4F58-A8DA-17B72D438E2C}_is1) (Version: 2.1.0.1 - EmoSaru)
Evoland (HKLM-x32\...\1207659200_is1) (Version: 1.1.2490 - GOG.com)
f.lux (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Flux) (Version: - f.lux Software LLC)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
FileZilla Client 3.29.0 (HKLM-x32\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
foobar2000 v1.3.13 (HKLM-x32\...\foobar2000) (Version: 1.3.13 - Peter Pawlowski)
GitHub Desktop (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\GitHubDesktop) (Version: 0.6.0 - GitHub, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel Media SDK DLLs 7.16.5.13 (HKLM-x32\...\libmfxsw_is1) (Version: 7.16.5.13 - )
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version: - iosinstaller.com)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 13.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
MediaHuman YouTube Downloader 3.9.9.11 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.9.11 - MediaHuman)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM-x32\...\{90150000-001F-0413-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 5.14 - NCH Software)
Pleasant Password Server (HKLM-x32\...\{342d1610-dbf0-4966-be85-fb1fb7713749}) (Version: 7.9.13 - Pleasant Solutions Inc.)
Pleasant Password Server (HKLM-x32\...\{89594A2E-A10E-457A-8A99-5DC66ACE8414}) (Version: 7.9.13 - Pleasant Solutions Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
Port Forward Network Utilities (HKLM-x32\...\{4C345FED-92FF-4F24-AD0E-F114F4216DC7}) (Version: 3.0.36 - Portforward, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 5.00 - NCH Software)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.2 r3111 - Rainmeter)
Rename Master (HKLM-x32\...\Rename Master_is1) (Version: - )
Resanance (HKLM\...\{07BB6181-E1D0-4283-87D0-BE4819535A3C}) (Version: 2.1.3 - WasntAFairFight)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}Office15.PROPLUS{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.3.1 - ShareX Team)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps)
Snaz version 1.12.5.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.5.0 - JimsApps)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Spotify) (Version: 1.1.0.237.g378f6f25 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Dig 2 (HKLM-x32\...\{0FA77531-EA32-4D0B-8FBB-E95517840472}) (Version: - Image & Form)
SteamWorld Heist (HKLM-x32\...\{2D7B207C-0E17-4444-8555-47EAECABAE57}) (Version: - Image & Form)
StreamLabels 0.2.10 (only current user) (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.10 - Streamlabs)
Streamlink (HKLM-x32\...\Streamlink) (Version: 0.14.2 - Streamlink)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
SUPERHOT (HKLM-x32\...\{62F505D5-9210-4784-9094-17CDC868F6DA}) (Version: - SUPERHOT Sp. z o.o.)
SURVEY_PROGRAM (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\SURVEY_PROGRAM) (Version: - )
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.0 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 4.08 - NCH Software)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
Titan Souls (HKLM-x32\...\{8D842248-54AE-4AA2-B4BF-362CB533982E}) (Version: - Devolver Digital)
TotalVPN 1.5.13 (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\TotalVPN) (Version: 1.5.13 - TotalVPN)
Twitch (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}Office15.PROPLUS{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}Office15.PROPLUS{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}Office15.PROPLUS{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.00 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.13 - NCH Software)
Windows Driver Package - I-O DATA DEVICE, INC. GV-USB2 (06/28/2010 1.1.0.93) (HKLM\...\B7A55616156C0785AF22DD6C01B2D883C06D9DDF) (Version: 06/28/2010 1.1.0.93 - I-O DATA DEVICE, INC.)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => E:\MalwareFox AntiMalware\ZAMShellExt64.dll [2019-02-17] (Zemana Ltd. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2017-12-06] (AxCrypt AB -> AxCrypt AB)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => E:\MalwareFox AntiMalware\ZAMShellExt64.dll [2019-02-17] (Zemana Ltd. -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2017-12-06] (AxCrypt AB -> AxCrypt AB)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049629A3-10C0-4DD4-9278-104265041E45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {055457B9-97B9-4C6E-AB17-17361490D432} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {17FC3F93-0319-4C7C-961F-5B019447E74D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {20120977-A125-43AF-A228-0AF39564CB0E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {27B654F0-9AF6-44CC-A0BF-B67900979D43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {34F45844-9E41-4808-9998-02DB5DB64077} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BC00F04-DC58-420D-A579-B7A55B36A89C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () [File not signed]
Task: {5D821483-858B-485D-9525-6F4DA33B48CD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E69794B-F80C-452B-9A8A-98A419FA528A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {70A214D9-4795-45CE-A8EE-B53D32140E2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {82FDF603-B594-4571-AF50-3BE149CFA03C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {851BC466-51DB-4320-82AB-6AFE41F68B04} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {8BF8C510-2E40-4C0B-9D9B-72B35EFBBE17} - System32\Tasks\Opera scheduled Autoupdate 1550155430 => C:\Users\Xander\AppData\Local\Programs\Opera\launcher.exe
Task: {8C07EFDF-C057-4BC1-820B-D40E0517D4E4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D81DB54-DAEA-4AE6-BAB3-74B9ECA01E50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {93807414-D34B-4076-8165-3722C26E7C9C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97D22907-16A2-4FFD-818B-18C974A9EE21} - System32\Tasks\update-S-1-5-21-3061653555-2214285171-3603488753-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {A499801E-A7E0-4A81-8AF1-67D788A4420D} - System32\Tasks\S-1-5-21-3061653555-2214285171-3603488753-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {A8599866-D584-4554-A894-88210549282C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A985B5CD-B4BA-4BD6-9329-7BD678F441D8} - System32\Tasks\NCH Software\PrismDowngrade => C:\Program Files (x86)\NCH Software\Prism\Prism.exe (NCH Software Pty Ltd -> NCH Software)
Task: {C329103D-202A-4097-9299-5788792F1DA4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE7809C4-8A1D-4A9C-94C7-4A3E69792A1F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D887445D-4307-4B81-9354-932EA5C7E39F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E669652E-E955-451F-950E-C4B5791D3DD6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {ED0013BD-F2DE-4CE0-BAD7-8B3CA8CC5176} - \Z-1-9-58-1371741354-1393809609-1077592444-8253\{1FHX4B32-5Q8I-LVO-NUOL-QZLR3VRZXH75} -> No File <==== ATTENTION
Task: {FBE6A1B7-6B42-4210-8DF3-66380B36FD16} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-3061653555-2214285171-3603488753-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-16 14:19 - 2018-03-16 14:19 - 000088888 _ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 14:19 - 2018-03-16 14:19 - 001356088 _ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-20 22:32 - 2018-03-14 14:05 - 001267648 _ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-10-14 19:45 - 2018-10-14 19:45 - 000230064 _ () E:\Notepad++\NppShell_06.dll
2019-02-17 10:55 - 2019-02-17 10:55 - 000155504 _ () E:\MalwareFox AntiMalware\ZAMShellExt64.dll
2018-11-08 10:05 - 2018-08-31 00:38 - 011044864 _ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-11-08 10:05 - 2018-08-31 00:35 - 001804288 _ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-15 12:25 - 2019-02-15 12:25 - 000182272 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-15 12:25 - 2019-02-15 12:25 - 000019456 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000908568 _ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-20 04:29 - 2017-10-20 04:29 - 001096824 _ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000060184 _ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-20 04:29 - 2017-10-20 04:29 - 000241784 _ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-04-17 14:41 - 2018-04-17 14:41 - 000190248 _ () C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
2017-10-20 04:02 - 2017-10-20 04:02 - 000077824 _ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-10-20 04:02 - 2017-10-20 04:02 - 000144896 _ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2017-06-08 19:00 - 2017-05-13 07:34 - 001211392 _ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2018-12-18 10:31 - 2018-12-18 10:32 - 001436760 _ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2019-02-17 10:45 - 2019-02-13 06:14 - 005186032 _ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-17 10:45 - 2019-02-13 06:14 - 000117232 _ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2017-09-26 14:37 - 2017-09-26 14:37 - 000311808 _ () D:\AVerMedia\AVerMedia RECentral 3\DeviceInfoParser.dll
2017-09-26 14:31 - 2017-09-26 14:31 - 000274432 _ () C:\Program Files (x86)\Common Files\AVerMedia\AVerMedia RECentral 3\dll\UVCDeviceControl.dll
2016-12-20 22:32 - 2018-03-14 14:05 - 001041344 _ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2019-01-16 14:47 - 2019-01-15 16:32 - 002000216 ____C () C:\Users\Xander\AppData\Local\Discord\app-0.0.304\ffmpeg.dll
2019-01-16 14:47 - 2019-01-15 16:32 - 004332376 ____C () C:\Users\Xander\AppData\Local\Discord\app-0.0.304\libglesv2.dll
2019-01-16 14:47 - 2019-01-15 16:32 - 000106328 ____C () C:\Users\Xander\AppData\Local\Discord\app-0.0.304\libegl.dll
2019-01-16 14:47 - 2019-01-25 15:05 - 011345240 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_voice\discord_voice.node
2019-01-16 14:47 - 2019-01-17 15:28 - 001723224 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_utils\discord_utils.node
2019-01-16 14:47 - 2019-01-17 15:28 - 001762648 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_game_utils\discord_game_utils.node
2019-01-16 14:47 - 2019-01-16 14:47 - 000553816 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_erlpack\discord_erlpack.node
2019-01-16 14:47 - 2019-01-16 14:47 - 002672984 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2019-01-16 14:47 - 2019-01-16 14:47 - 000837464 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2019-01-16 14:47 - 2019-01-16 14:47 - 000479064 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-01-16 14:47 - 2019-01-16 14:47 - 009914712 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_cloudsync\discord_cloudsync.node
2019-01-16 14:47 - 2019-01-16 14:47 - 002909016 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_rpc\discord_rpc.node
2019-02-09 16:22 - 2019-02-09 16:22 - 002284376 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_media\discord_media.node
2019-01-16 14:47 - 2019-01-16 14:47 - 001266008 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_modules\discord_modules.node
2019-01-16 14:47 - 2019-01-17 15:28 - 022327128 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_dispatch\discord_dispatch.node
2019-01-16 14:47 - 2019-01-16 14:47 - 002947416 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_contact_import\discord_contact_import.node
2019-01-16 14:47 - 2019-01-16 14:47 - 001297752 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_vigilante\discord_vigilante.node
2018-03-15 15:18 - 2019-02-13 15:38 - 088824552 ____C () C:\Users\Xander\AppData\Roaming\Spotify\libcef.dll
2018-03-15 15:18 - 2019-02-13 15:38 - 004239592 ____C () C:\Users\Xander\AppData\Roaming\Spotify\libglesv2.dll
2018-03-15 15:18 - 2019-02-13 15:38 - 000098024 ____C () C:\Users\Xander\AppData\Roaming\Spotify\libegl.dll
2018-03-27 18:18 - 2018-03-27 18:18 - 000197120 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2018-03-27 18:11 - 2018-03-27 18:11 - 000044544 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2018-03-27 18:42 - 2018-03-27 18:42 - 000151040 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2018-03-27 18:11 - 2018-03-27 18:11 - 000097280 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2017-10-02 07:54 - 2017-10-02 07:54 - 000013312 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-10-02 07:54 - 2017-10-02 07:54 - 001950720 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2016-12-20 22:32 - 2018-03-14 14:04 - 081563584 _ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-12-15 13:06 - 2018-03-14 14:04 - 002478016 _ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-12-15 13:06 - 2018-03-14 14:04 - 000125376 _ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\sharepoint.com -> hxxps://stichtinglvo-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2019-02-17 10:57 - 000000824 _ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;F:\Livestreamer;E:\Streamlink\bin
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6A445FE2-0AAB-4CBF-84B8-C473ADB8E44C}] => (Allow) C:\Users\Xander\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe (hxxps://www.AnkhBot.com)
FirewallRules: [{6B81C008-3726-416C-9151-03AB14CC95BF}] => (Allow) C:\Users\Xander\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe (hxxps://www.AnkhBot.com)
FirewallRules: [{CDF29C29-37F4-48C9-80B4-D960E9B513D8}] => (Allow) C:\Users\Xander\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe (hxxps://www.AnkhBot.com)
FirewallRules: [{7CE73091-802D-4CBA-B8A8-8912E2CF58AD}] => (Allow) E:\Steam\steamapps\common\Evoland 2\Evoland2.exe ()
FirewallRules: [{F96FEBB3-7FC6-407C-879F-965CA770D382}] => (Allow) E:\Steam\steamapps\common\Evoland 2\Evoland2.exe ()
FirewallRules: [UDP Query User{6270F36D-603E-4DEA-A329-D48E62B2B037}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [TCP Query User{AE281DF2-FEDF-4850-8827-C1DB6A1E984F}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [{E26805C6-AF60-4977-991F-63C44A7C294C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E11A4E45-31F8-4F58-82B4-46E5D887C131}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3F9BE10-7BED-4949-BA20-02D3DB5FBED8}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe (Playdead)
FirewallRules: [{F418E98E-A147-4EEE-BD99-A097B6FAE7DB}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe (Playdead)
FirewallRules: [{CA87E4A6-ADD5-4C92-AD3E-E61379D4485D}] => (Allow) E:\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe (Telltale Games)
FirewallRules: [{943AFB48-AAE7-4596-AF09-534DB04A7C46}] => (Allow) E:\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe (Telltale Games)
FirewallRules: [{1E2FC805-9F30-433A-ABC8-76ABD97616E4}] => (Allow) E:\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{0F949650-27A9-4BF5-9F6E-96716FD5E09A}] => (Allow) E:\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{A30594D8-8DB2-4B20-949C-0370A47C6C07}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe No File
FirewallRules: [{AF2017C3-AE2A-495C-99A4-AC22F696BB9C}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe No File
FirewallRules: [{04BC1728-E37A-4351-962E-600B299A8D3A}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe No File
FirewallRules: [{72F4E58C-880B-49BF-B4BD-901E97FB6C3E}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe No File
FirewallRules: [{13ACE381-6BBB-4177-89F3-5E4D46C3FC71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{7B3CC466-E59E-46B2-A6EF-115D17CB5E43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5F55B611-7B8F-4F39-B280-B270FA6E4C5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{ACA7146A-A3FD-49E5-9AE7-E4E607369270}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{3F335917-D91D-4BC6-AF36-FD83D4E182AB}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{503F7DC2-4B96-4D28-A2D3-E0A58F70B03B}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D8A4648C-3CB2-4314-A7A8-E47B5B1E511B}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{556E21AB-444F-4021-9132-7F69780C8541}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6D1011F9-AFCD-4368-BEA4-8A2CDEC33491}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EBE2FE35-B6FC-4A32-8145-8742D76C9B7E}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4E0BF4B1-FBEC-4326-AEBB-C154E98F8893}] => (Allow) G:\Microsoft Office Professional Plus (x64) 2013 Incl Activator P2P\Microsoft Toolkit.exe No File
FirewallRules: [{09530892-5B5E-42FC-AF9F-30E7BFC6321C}] => (Allow) G:\Microsoft Office Professional Plus (x64) 2013 Incl Activator P2P\Microsoft Toolkit.exe No File
FirewallRules: [{A71DE2FD-0D77-4A5B-84B4-0869FCE8A666}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6251F719-0128-4E18-9019-B3DE1D64F40B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06A0B452-6F52-47E3-BF6C-0654ABA019F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{693BF07C-8EA7-411C-837F-3BF4A37154F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{49091292-39F6-4767-A309-ADC2616327C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA44465B-034A-4A6F-A3E1-9BE0A4C651C5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E468FD24-AFC2-471D-9F6A-5B4D5CFD8FA7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97E0C27B-B344-466A-8FCC-2CADEB8DE112}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8B8A689-92C1-44A3-BBC8-7D1ADF2307EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{537FFCC5-1D19-43E5-9142-488AAD80FF96}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5164ED6D-9A80-48E0-99F5-98393187E625}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{16A153D2-1C1E-49FC-B703-AF7D1890A373}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{32F974BA-A793-4EB4-AB9F-373F249D8BFD}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{D39E53F1-3091-4DE1-A9EC-C83C60236B83}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{1937B8AC-C82F-46BF-9419-40FF6983AA8A}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{A4E5B2AA-A42B-4B49-A74C-D4432516FC3C}] => (Allow) E:\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe ()
FirewallRules: [{C47F7FCE-0CBE-4009-BED7-C31AD6547E33}] => (Allow) E:\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe ()
FirewallRules: [{305597A7-1A63-4E6B-B4F5-EC9B0219D2E2}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe (Telltale Games)
FirewallRules: [{ACA35DB5-DDFA-4192-A5B0-B110AA5942A8}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe (Telltale Games)
FirewallRules: [{E1296F63-77FA-435F-B2CF-A0C9F9800C8E}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe (Telltale Games)
FirewallRules: [{16CA020A-98A9-455A-B2B7-99ED61D4D500}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe (Telltale Games)
FirewallRules: [{A5841E1B-C5D2-48F6-8458-0B46B92B0C7B}] => (Allow) E:\Steam\steamapps\common\vvvvvv\VVVVVV.exe ()
FirewallRules: [{ECAC52AF-15B9-4FC0-958A-8B2BC2F78514}] => (Allow) E:\Steam\steamapps\common\vvvvvv\VVVVVV.exe ()
FirewallRules: [{7319173F-A336-4F72-B252-5BCA132703DA}] => (Allow) E:\Steam\steamapps\common\DYE\dyegame.exe ()
FirewallRules: [{03BD2F49-FDB5-4F13-8F06-5CB43C0C07D5}] => (Allow) E:\Steam\steamapps\common\DYE\dyegame.exe ()
FirewallRules: [{7DF2F318-8445-4F59-8D31-4B95E30F1EA7}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe ()
FirewallRules: [{527A18E5-AB49-4BAF-A3D8-9FC27EBE015F}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe ()
FirewallRules: [TCP Query User{E1015871-7087-4A81-AFB7-21816AF8C28D}D:\games\linux debug\undertale.exe] => (Allow) D:\games\linux debug\undertale.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Toby Fox )
FirewallRules: [UDP Query User{B54A4194-EBF7-4A35-807A-BF7E9B987A2C}D:\games\linux debug\undertale.exe] => (Allow) D:\games\linux debug\undertale.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Toby Fox )
FirewallRules: [{0AF6A036-9689-4DBD-A4AC-D656FCF098EB}] => (Allow) E:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe ()
FirewallRules: [{94AC3F1C-E2C3-4F80-B38C-C97A3FC7F652}] => (Allow) E:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe ()
FirewallRules: [{2D5387B5-B49E-4717-AFEA-3C58F600EE4D}] => (Allow) E:\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe (Experimental Gameplay Group LLC)
FirewallRules: [{8C074802-B5D1-40BB-A15D-2272E3CB05AE}] => (Allow) E:\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe (Experimental Gameplay Group LLC)
FirewallRules: [{96054777-BAC2-4DB3-A1E0-38150C225C26}] => (Allow) E:\Steam\steamapps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe (Telltale Games)
FirewallRules: [{8D21FE49-133B-4690-88CE-94B407298DFA}] => (Allow) E:\Steam\steamapps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe (Telltale Games)
FirewallRules: [{E59BFAC9-DC0E-4969-B5E8-23A60B93F585}] => (Allow) E:\Steam\steamapps\common\You Have to Win the Game\TheGame.exe ()
FirewallRules: [{390B8604-9001-4DC1-BF10-E19F71568A07}] => (Allow) E:\Steam\steamapps\common\You Have to Win the Game\TheGame.exe ()
FirewallRules: [TCP Query User{6975A5B5-ED31-421F-9E90-29BC55DBCCE6}C:\programdata\oracle\java\javapath_target_246634250\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [UDP Query User{1C4D9976-7CF8-43B3-85B4-29BA1E0FA1C1}C:\programdata\oracle\java\javapath_target_246634250\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [{40BDCE77-BD16-44C1-BBDB-36596B74D596}] => (Block) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [{572DB6BC-8A9C-41FF-99E2-825535FAF355}] => (Block) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [TCP Query User{96307E66-F3F5-4DA2-B5BC-AE7840D9716C}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [UDP Query User{945DDC87-130E-4587-B646-5353B819EBD9}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [{88068439-5908-4EB3-9BF1-A717AF042EAC}] => (Block) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [{3F4E31DD-1734-4B38-8AE3-BBD40C308223}] => (Block) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [TCP Query User{D678744E-CF13-404C-90A1-948E11448F09}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{21C263AC-EE57-4B92-ACA6-B5E710D34B88}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{09D98E7A-993A-47F1-A246-57FA387F25C5}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{74DB560A-6CC4-43F7-BF80-B350D1678ED6}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{B55ADC00-B038-4F12-B331-EF71EDAA4835}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.808\Microsoft Toolkit.exe No File
FirewallRules: [{A7FBB137-7AD0-4CFE-944A-0D130957FE43}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.808\Microsoft Toolkit.exe No File
FirewallRules: [{86EA4240-EB7C-4E7B-9D99-708BB5A2CEC8}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.614\Microsoft Toolkit.exe No File
FirewallRules: [{868CCF7A-33B1-472F-937B-2288EB93C593}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.614\Microsoft Toolkit.exe No File
FirewallRules: [{5F561433-B7AB-4063-B923-0FE49D15359D}] => (Allow) E:\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe ()
FirewallRules: [{217E422C-AEE4-4E14-B118-191C39C1D6E9}] => (Allow) E:\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe ()
FirewallRules: [{47570F06-68F5-4E10-B73C-611E118E5BED}] => (Allow) E:\Steam\steamapps\common\FEZ\FEZ.exe (Polytron Corporation)
FirewallRules: [{358D1382-80BF-4B95-9C17-042455563F79}] => (Allow) E:\Steam\steamapps\common\FEZ\FEZ.exe (Polytron Corporation)
FirewallRules: [{62D9E12B-B0BA-40A6-BA26-5DEDB1C6B1C8}] => (Allow) E:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe ()
FirewallRules: [{24B9AAAC-F357-4ABF-B9C2-93788F036AC6}] => (Allow) E:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe ()
FirewallRules: [{FC305F31-BE3E-4E93-B638-C69E89A8984F}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe ()
FirewallRules: [{926FD4B2-4519-4758-A85C-9B64907A34CA}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe ()
FirewallRules: [{B7649B57-CEA6-46F0-AE7E-513F454F947E}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe ()
FirewallRules: [{76F2C6DD-F14B-430C-8DCE-DA2D5F987493}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe ()
FirewallRules: [{15D3CFC8-E47B-408C-A850-93ADC324FB55}] => (Allow) E:\Steam\steamapps\common\Cuphead\Cuphead.exe ()
FirewallRules: [{67AE6A61-DDB0-4D0A-ADE3-29C9EDE804F3}] => (Allow) E:\Steam\steamapps\common\Cuphead\Cuphead.exe ()
FirewallRules: [{5C090355-8BD6-48BA-BE58-738E13EF79FB}] => (Allow) E:\Steam\steamapps\common\Infinifactory\infinifactory.exe (Unity Technologies SF -> )
FirewallRules: [{08F87010-57C9-4001-A422-A844D472E488}] => (Allow) E:\Steam\steamapps\common\Infinifactory\infinifactory.exe (Unity Technologies SF -> )
FirewallRules: [TCP Query User{C39A0128-FF5C-478D-B639-EC8661BD9BF2}C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{092EA041-518E-484D-9B08-5FFCF480E7E8}C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{E7D36957-1FF4-406D-A863-9B8E1FBAFDED}] => (Block) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{57E10342-D9D5-4563-AC7E-7FF47861AE62}] => (Block) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{389E0800-28F8-44F0-984D-83621BFC449C}] => (Allow) E:\Steam\steamapps\common\VRChat\VRChat.exe ()
FirewallRules: [{B733C22D-0567-4692-96BD-418EEE6F988E}] => (Allow) E:\Steam\steamapps\common\VRChat\VRChat.exe ()
FirewallRules: [{1BFA2A8D-D8A8-4866-B4B7-2CBB146CDC94}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{6285D462-700E-4F31-8994-8DC9E1F01656}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{7C65169A-78E0-4073-8ACB-0330A719787D}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B32B3944-F3E6-4FE5-8D96-4C8C7E272B81}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E6B2B99D-76E9-4623-A49F-CE15438A19E3}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{01318FEA-E74E-4043-BA6C-AE721956A47B}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{88EF8660-14B3-4B10-ADA5-934025DF9FBF}C:\users\xander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{74E5E23E-DE64-42CF-A2FF-38B10DAE24FE}C:\users\xander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76ECFE45-6872-454F-B303-86B5CFD7F00D}] => (Block) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6030466-3D3B-4B36-9199-2945524C87F9}] => (Block) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D21B143-5389-43BA-8968-4528C85E9373}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe No File
FirewallRules: [{408AB209-BAE2-46D9-A842-68E61A35DF89}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe No File
FirewallRules: [{B6313CAA-2010-4B5E-9F45-90C477DDF661}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76439858-E356-45C3-B877-9C0229799A78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{507907BA-4635-49D5-9B75-C51A57B509F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AEE0284C-4C85-441F-96FF-2AE90F04445B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4C889938-9C61-4363-9C3B-7D3C77A3DABB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57271342-AA15-4090-9118-EC3409E12808}] => (Allow) E:\iTunes.exe No File
FirewallRules: [{F41B8329-BE54-473B-9841-36B802A442E0}] => (Allow) E:\iOSinstaller\iOSinstaller.exe (iosinstaller.com)
FirewallRules: [{4E23D748-C275-49F6-BBD6-954BE65D72F1}] => (Allow) E:\iOSinstaller\iOSinstaller.exe (iosinstaller.com)
FirewallRules: [{389C25AD-7BC2-44DF-AD5E-7517370696E1}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A3B447DE-BC8E-4910-B43E-DF842E2E198D}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{657FC60F-3F63-4861-9356-CD688A68FF4D}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [UDP Query User{B30CE9C6-FC5E-480A-A9FE-C10FDCAC41D5}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [{4818BA13-34DF-41B7-B9C3-958304513DDE}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3.exe (Telltale Games)
FirewallRules: [{9668DC0F-5F1D-4D2B-A159-7E531E82B7A2}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3.exe (Telltale Games)
FirewallRules: [{54E9975B-6711-43C8-A161-0691B0854843}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9282164C-22C1-4EB7-9511-E238BB6D6AB8}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2F9982B7-E3C2-4E71-BE70-6E803CF87A69}] => (Allow) E:\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{8FD891B1-F4E9-4C89-9002-A16028D8B7C8}] => (Allow) E:\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{03776FD6-C2F4-438B-91CB-A9A4C42685EF}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe ()
FirewallRules: [{F865395B-9F16-4749-88A8-8DB7B5579BBA}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe ()
FirewallRules: [TCP Query User{D501AF8A-64BD-4B43-B6B9-9F82BAC479BE}E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe ()
FirewallRules: [UDP Query User{AECFE91E-D8F3-44CC-85DB-CC136D99BF32}E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe ()
FirewallRules: [{38FED70F-5B8B-4824-BD8D-C79A66AC3DE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32910FF9-079B-46E6-B7CC-09E802381160}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D04AB0F7-ACBC-4E39-8897-7975E3C49528}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E3E7F11B-D091-4E6F-9527-30F33EA5DF1D}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0129FA2F-288A-4710-A36F-2B5B83548DC7}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{43119E99-21EB-4795-A41F-67BB98C315EA}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B9BCC3BC-88A6-4F19-A486-E11F15BA1137}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C2FD868-3CD0-4837-AD8F-C35EA24E279E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{00AC8585-997A-46F6-AF65-100DCC5BB20D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{98205AF8-6885-43A8-979A-7B23CB5C6979}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DAFA368A-E1B2-4A27-8A30-785F09F4B298}] => (Allow) E:\Steam\steamapps\common\Tales from the Borderlands\Borderlands.exe (Telltale Games)
FirewallRules: [{1994E697-D263-4A21-AE2C-EFA6BA46DBE6}] => (Allow) E:\Steam\steamapps\common\Tales from the Borderlands\Borderlands.exe (Telltale Games)
FirewallRules: [{5799309A-8DA3-4494-A161-20AAE80602F3}] => (Allow) LPort=10001
FirewallRules: [{677B52EE-E5A4-401B-AE8E-E1663F18DBB6}] => (Allow) E:\Steam\steamapps\common\Poly Bridge\polybridge.exe ()
FirewallRules: [{1C2571BE-AE41-4A87-A994-4B0C55E0ED24}] => (Allow) E:\Steam\steamapps\common\Poly Bridge\polybridge.exe ()
FirewallRules: [{C250DFA1-879C-45CC-9DBE-54E9C72B0EA0}] => (Allow) E:\Steam\steamapps\common\Hacknet\Hacknet.exe ()
FirewallRules: [{F8553144-DAD1-4E29-B6A2-86FCA5D29BC3}] => (Allow) E:\Steam\steamapps\common\Hacknet\Hacknet.exe ()
FirewallRules: [{23F34CF1-29DE-4FD9-BD32-ED958B85A3FD}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments)
FirewallRules: [{CA7663C7-7934-4D86-B3B7-94333622E70A}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments)
FirewallRules: [{4619584A-C250-44E9-8FF0-CC951E0BD8AC}] => (Allow) E:\Steam\steamapps\common\The Stanley Parable\stanley.exe ()
FirewallRules: [{8D0F822E-F7F6-4908-B8F6-7B72F703DDEA}] => (Allow) E:\Steam\steamapps\common\The Stanley Parable\stanley.exe ()
FirewallRules: [{D447A3BD-0EE0-4D91-929C-26DF1E19EBDB}] => (Allow) E:\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe ()
FirewallRules: [{C3226B02-F6D2-4338-B326-EDB770C684A5}] => (Allow) E:\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe ()
FirewallRules: [{96F491DA-4726-4A5D-B2A9-E53249ADC492}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe (Starbreeze Studios AB)
FirewallRules: [{E2E61318-C97B-4C2A-B6F8-8D42C177D0AA}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe (Starbreeze Studios AB)
FirewallRules: [{869B1BBE-EC4C-4BD3-9A13-28E09210980A}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe (Starbreeze)
FirewallRules: [{0F6997AC-80D4-4E34-BBD1-6C8AA6BE6B92}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe (Starbreeze)
FirewallRules: [{A995C499-EE77-4FC1-9275-4ACFFE745462}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe ()
FirewallRules: [{A141A3B2-42E5-4B54-AFDD-092AC18C1343}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe ()
FirewallRules: [{195C16F1-414B-4498-8296-3CB503FC9B20}] => (Allow) E:\Steam\steamapps\common\South Park The Fractured But Whole\SouthPark_TFBW.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{7DE8DE78-0F60-4292-84D5-32A6EA58D979}] => (Allow) E:\Steam\steamapps\common\South Park The Fractured But Whole\SouthPark_TFBW.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{23FDA574-A399-4506-A45A-9563DC710EDD}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{9B141FFB-A241-4BA2-A556-4513BAE731F2}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{BC0F8E13-909A-4A20-9DE7-EA38FAC1C173}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{A832DBE7-27A2-4EFD-BBDC-9B65CDAEB422}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{89ACBF08-95AA-4149-B529-17A2118897D8}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C6908EFB-4480-4694-8DEF-BF2B1723771E}] => (Allow) C:\Users\Xander\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe No File
FirewallRules: [{8F474072-D836-41D6-81B5-71EFB5E3653C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

18-02-2019 09:15:24 18 02 2019

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter OAS
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #2
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #3
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #4
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #5
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #6
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #7
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #8
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #9
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #10
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #11
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #12
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #13
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #14
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #15
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #16
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #17
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #18
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #19
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #20
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #21
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #22
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #23
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #24
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2019 09:11:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PassMan.WindowsService.exe, version: 0.0.0.0, time stamp: 0x5bd8e41f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.820, time stamp: 0xe0e03037
Exception code: 0xe0434352
Fault offset: 0x00000000000454d8
Faulting process id: 0xe4c
Faulting application start time: 0x01d4c76016c84e58
Faulting application path: C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.WindowsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6b35bf4d-03c8-4993-a18c-ab26ecb5c67b
Faulting package full name:
Faulting package-relative application ID:

Error: (02/18/2019 09:11:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PassMan.WindowsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
at PassMan.WindowsService.PasswordManagerService.PingServer()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (02/18/2019 09:19:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (02/18/2019 09:17:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/18/2019 09:15:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/18/2019 09:13:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/18/2019 09:11:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/18/2019 09:09:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (02/18/2019 09:07:27 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMRO5S9)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-IMRO5S9\Xander SID (S-1-5-21-3061653555-2214285171-3603488753-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2019 09:07:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-02-17 11:04:15.281
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Xander\AppData\Local\Temp\18036265\ic-0.90b027a2b94f4.exe; file:_C:\Users\Xander\AppData\Local\Temp\ncv.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Signature Version: AV: 1.287.166.0, AS: 1.287.166.0, NIS: 1.287.166.0
Engine Version: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-17 11:04:14.064
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Xander\AppData\Local\Temp\18036265\ic-0.90b027a2b94f4.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Signature Version: AV: 1.287.166.0, AS: 1.287.166.0, NIS: 1.287.166.0
Engine Version: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-16 18:02:59.169
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CD783E3A-31DF-42D9-A392-7F173C929DF6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-16 17:48:51.399
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {637AF27F-61F3-444E-A18F-6F5688113C18}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-16 17:12:18.127
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6679842C-7D62-44F3-AA51-666975C0A0A7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-14 13:54:56.030
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.488.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-02-18 09:18:06.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-18 09:18:06.050
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-18 09:16:08.338
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-18 09:16:08.336
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-18 09:16:07.723
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-18 09:16:07.721
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-18 09:14:05.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-18 09:14:05.793
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 16331.9 MB
Available physical RAM: 11817.98 MB
Total Virtual: 17355.9 MB
Available Virtual: 11539.09 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:97.17 GB) (Free:27.9 GB) NTFS
Drive d: (Processes) (Fixed) (Total:140.82 GB) (Free:133.86 GB) NTFS
Drive e: (Programs/Games) (Fixed) (Total:488.28 GB) (Free:250.09 GB) NTFS
Drive f: (Storage) (Fixed) (Total:443.23 GB) (Free:263.23 GB) NTFS
Drive g: (Ugreen_CSR) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS

\\?\Volume{6530e1bf-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 6530E1BF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6530E1B2)
Partition 1: (Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,462
1,694
Sydney, Australia
pchelpforum.net
Thank you for the logs, before we proceed can I alert you to the dangers of file sharing software? With programs like Utorrent you have opened your PC to share much more than files, and this program may well have been the source of infections. If not in this instance it most certainly is a HUGE risk for future malware.
The choice is ultimately yours but can I ask that you remove Utorrent?

Can you also remove all pirated software from your machine?

Also would suggest you install your security software on the operating system drive and not another partition. You should NEVER have more than one realtime security suite running at the same time. Can you please attend to these matters and upload new frst logs?
 
Last edited:

xandertje10

PCHF Member
PCHF Member
Nov 29, 2018
10
1
18
I believe I've done all that. Here are the new logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.02.2019
Ran by Xander (administrator) on DESKTOP-IMRO5S9 (19-02-2019 13:52:27)
Running from F:\Desktop
Loaded Profiles: Xander (Available Profiles: Xander)
Platform: Windows 10 Pro Version 1709 16299.904 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(<AVerMedia>) C:\Program Files (x86)\AVerMedia\AVerMedia Live Gamer EXTREME\AVerUSBPortChecker.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(AVerMedia TECHNOLOGIES, Inc.) D:\AVerMedia\AVerMedia RECentral 3\RECentralService.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
(f.lux Software LLC) C:\Users\Xander\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Spotify Ltd) C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe
(ShareX Team) E:\ShareX\ShareX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.2492.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => "E:\iTunesHelper.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942744 2018-12-17] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [21430992 2018-03-27] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => E:\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-07-06] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => E:\Cyberlink\Power2Go8\VirtualDrive.exe [499640 2015-07-06] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => E:\Cyberlink\YouCam\YouCamService.exe [265656 2015-06-15] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [Discord] => C:\Users\Xander\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [Steam] => E:\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [Spotify] => C:\Users\Xander\AppData\Roaming\Spotify\Spotify.exe [26118888 2019-02-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [f.lux] => C:\Users\Xander\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7391816 2018-10-22] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\MountPoints2: {9c91266c-f5a4-11e8-80c2-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\setup.exe
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [55296 2005-01-22] ()
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [309248 2015-12-18] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [67072 2017-09-29] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.)
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] ()
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-17] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> E:\Cyberlink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-06-15] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GambatteSwitch.lnk [2017-06-09]
ShortcutTarget: GambatteSwitch.lnk -> D:\NirCmd\Music_On_Off\GambatteSwitch.ahk ()
Startup: C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusicSwitch.lnk [2017-06-09]
ShortcutTarget: MusicSwitch.lnk -> D:\NirCmd\Music_On_Off\MusicSwitch.ahk ()
Startup: C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> E:\ShareX\ShareX.exe (ShareX Team)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{16cae30b-79b3-48c8-8e36-35a8bc836264}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-47498d6a
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3061653555-2214285171-3603488753-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2djoilab.default
FF ProfilePath: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\2djoilab.default [2019-02-18]
FF Homepage: Mozilla\Firefox\Profiles\2djoilab.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\2djoilab.default -> about:newtab
FF Extension: (Popup-Blocker) - C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\2djoilab.default\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi [2018-03-18]
FF SearchPlugin: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\2djoilab.default\searchplugins\bing-lavasoft-ff59.xml [2018-06-12]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.twitch.tv/directory/following"
CHR Profile: C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default [2019-02-19]
CHR Extension: (Google Translate) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-02-17]
CHR Extension: (Slides) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-17]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2019-02-17]
CHR Extension: (The FFZ Add-On Pack) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimboljphncldaakcnapfolgnjonlea [2019-02-17] [UpdateUrl:hxxps://cdn.ffzap.com/firefox-updates.json] <==== ATTENTION
CHR Extension: (BetterTTV) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-02-17]
CHR Extension: (Docs) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-17]
CHR Extension: (Google Drive) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-17]
CHR Extension: (YouTube) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-17]
CHR Extension: (Honey) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-17]
CHR Extension: (uBlock Origin) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-17]
CHR Extension: (Tampermonkey) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-17]
CHR Extension: (FrankerFaceZ) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-02-17]
CHR Extension: (Sheets) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-17]
CHR Extension: (HTTPS Everywhere) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-17]
CHR Extension: (Gmail) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc. -> Apple Inc.)
R2 AVerUSBPortChecker; C:\Program Files (x86)\AVerMedia\AVerMedia Live Gamer EXTREME\AVerUSBPortChecker.exe [191496 2016-11-16] (Microsoft Windows Hardware Compatibility Publisher -> <AVerMedia>)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [706120 2018-10-22] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7112264 2018-10-02] (GOG Sp. z o.o. -> GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OVPNService; C:\Users\Xander\AppData\Local\TotalVPN\OVPN.Service.exe [20080 2016-06-28] (PSEUDiO Ltd -> )
S2 Pleasant Password Server; C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.WindowsService.exe [112640 2018-10-30] (Pleasant Solutions) [File not signed]
R2 RECentralService; D:\AVerMedia\AVerMedia RECentral 3\RECentralService.exe [2632288 2017-09-26] (AVerMedia TECHNOLOGIES, INC. -> AVerMedia TECHNOLOGIES, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMU3GC55064; C:\WINDOWS\system32\drivers\avmu3gc550_x64.sys [690440 2017-10-16] (AVerMedia TECHNOLOGIES, Inc. -> AVerMedia TECHNOLOGIES, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2017-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2017-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 GVUSB2.X64; C:\WINDOWS\SYSTEM32\DRIVERS\GVUSB2.X64.SYS [565248 2010-07-05] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-20] (Logitech Inc -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-20] (Logitech -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-19] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (Microsoft Windows -> MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a5e9eb9bc021c27a\nvlddmkm.sys [20337080 2018-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [30720 2012-07-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-03-28] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-02-17] (Zemana Ltd. -> Zemana Ltd.)
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; \SystemRoot\System32\drivers\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-19 13:18 - 2019-02-19 13:18 - 000274416 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-19 13:18 - 2019-02-19 13:18 - 000127136 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-19 13:18 - 2019-02-19 13:18 - 000114040 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-19 13:18 - 2019-02-19 13:18 - 000072864 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-19 13:18 - 2019-02-19 13:18 - 000000000 ___HD C:\OneDriveTemp
2019-02-18 09:12 - 2019-02-19 13:52 - 000000000 ____D C:\FRST
2019-02-18 08:51 - 2019-02-18 09:00 - 000000000 ____D C:\AdwCleaner
2019-02-17 16:38 - 2019-02-17 16:41 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-02-17 16:29 - 2019-02-17 16:29 - 000198512 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ___DC C:\Users\Xander\AppData\Local\mbamtray
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ___DC C:\Users\Xander\AppData\Local\mbam
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-17 16:29 - 2019-02-17 16:29 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-17 16:29 - 2019-02-01 11:20 - 000020936 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-17 16:29 - 2019-01-08 15:32 - 000153328 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-17 10:55 - 2019-02-19 13:52 - 000106617 _ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-17 10:55 - 2019-02-19 13:44 - 000560088 _ C:\WINDOWS\ZAM.krnl.trace
2019-02-17 10:55 - 2019-02-17 10:55 - 000203680 _ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-02-17 10:55 - 2019-02-17 10:55 - 000000000 ___DC C:\Users\Xander\AppData\Local\Wolf of Webstreet OPC Private Limited
2019-02-17 10:54 - 2019-02-17 10:54 - 000000000 ___DC C:\Users\Xander\AppData\Local\Zemana
2019-02-17 10:45 - 2019-02-17 10:45 - 000003418 _ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-17 10:45 - 2019-02-17 10:45 - 000003294 _ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-17 10:45 - 2019-02-17 10:45 - 000002379 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 17:59 - 2019-02-15 17:59 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Brackeys
2019-02-14 15:49 - 2019-02-17 10:57 - 000000000 _SHDC C:\Users\Xander\AppData\Roaming\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.22923_none_ff1bb22c34862201
2019-02-14 15:49 - 2019-02-17 10:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\Z-1-9-58-1371741354-1393809609-1077592444-8253
2019-02-14 15:49 - 2019-02-14 15:49 - 000003584 _ C:\WINDOWS\SECOH-QAD.dll
2019-02-14 15:49 - 2010-12-06 03:16 - 000090112 _ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2019-02-14 15:44 - 2019-02-14 16:02 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-14 15:43 - 2019-02-14 15:43 - 000004218 _ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1550155430
2019-02-14 15:43 - 2019-02-14 15:43 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Opera Software
2019-02-14 15:43 - 2019-02-14 15:43 - 000000000 ___DC C:\Users\Xander\AppData\Local\Opera Software
2019-02-14 15:32 - 2019-02-14 15:52 - 000722944 ____C C:\Users\Xander\AppData\Local\sha.db
2019-02-14 10:31 - 2019-02-14 10:31 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\uTorrent
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\2K
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Local\My Games
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Local\cache
2019-02-13 15:50 - 2019-02-13 15:50 - 000000000 ___DC C:\Users\Xander\AppData\Local\2K
2019-02-12 20:44 - 2019-02-12 20:44 - 001689600 _ C:\WINDOWS\MzAyMGU0.exe
2019-02-12 20:44 - 2019-02-12 20:44 - 000111033 _ C:\WINDOWS\uninstaller.dat
2019-02-12 20:44 - 2019-02-12 20:44 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Frontier Developments
2019-02-12 20:44 - 2019-02-12 20:44 - 000000000 ___DC C:\Users\Xander\AppData\Local\Frontier Developments
2019-02-12 18:29 - 2019-02-12 18:29 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2019-02-12 16:52 - 2019-02-12 16:52 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Dry Cactus
2019-02-07 09:44 - 2019-01-01 07:52 - 002868536 _ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-02-07 09:44 - 2019-01-01 07:52 - 001610552 _ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000792376 _ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000689464 _ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000612152 _ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000480568 _ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000462648 _ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000451896 _ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000309560 _ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000144696 _ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-02-07 09:44 - 2019-01-01 07:51 - 000069944 _ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-02-07 09:44 - 2019-01-01 07:51 - 000035128 _ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-02-07 09:44 - 2019-01-01 07:47 - 008616760 _ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-07 09:44 - 2019-01-01 07:47 - 002394936 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-07 09:44 - 2019-01-01 07:47 - 000128312 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-07 09:44 - 2019-01-01 07:45 - 000542520 _ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-02-07 09:44 - 2019-01-01 07:45 - 000170808 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-07 09:44 - 2019-01-01 07:43 - 002735624 _ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-07 09:44 - 2019-01-01 07:43 - 000248632 _ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-07 09:44 - 2019-01-01 07:43 - 000027448 _ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-07 09:44 - 2019-01-01 07:42 - 003175128 _ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-07 09:44 - 2019-01-01 07:42 - 002415864 _ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-07 09:44 - 2019-01-01 07:42 - 000677392 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-07 09:44 - 2019-01-01 07:42 - 000418824 _ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-07 09:44 - 2019-01-01 07:07 - 000380728 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-02-07 09:44 - 2019-01-01 06:51 - 002216296 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-07 09:44 - 2019-01-01 06:50 - 001991792 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-07 09:44 - 2019-01-01 06:50 - 000353784 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-07 09:44 - 2019-01-01 06:49 - 002381256 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-07 09:44 - 2019-01-01 06:22 - 000016896 _ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.Native.dll
2019-02-07 09:44 - 2019-01-01 06:21 - 000012288 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.Native.dll
2019-02-07 09:44 - 2019-01-01 06:20 - 000331264 _ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-07 09:44 - 2019-01-01 06:20 - 000080896 _ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-07 09:44 - 2019-01-01 06:20 - 000054784 _ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-07 09:44 - 2019-01-01 06:20 - 000024576 _ (Microsoft Corporation) C:\WINDOWS\system32\PrintWorkflowProxy.dll
2019-02-07 09:44 - 2019-01-01 06:20 - 000016384 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowProxy.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000335360 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000167936 _ (Microsoft Corporation) C:\WINDOWS\system32\PrintWorkflowService.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000104960 _ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-07 09:44 - 2019-01-01 06:19 - 000079360 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-02-07 09:44 - 2019-01-01 06:18 - 000456192 _ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-07 09:44 - 2019-01-01 06:18 - 000136192 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowService.dll
2019-02-07 09:44 - 2019-01-01 06:17 - 000155136 _ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-07 09:44 - 2019-01-01 06:16 - 011925504 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-07 09:44 - 2019-01-01 06:15 - 006013440 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-07 09:44 - 2019-01-01 06:15 - 000773120 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-07 09:44 - 2019-01-01 06:13 - 001117184 _ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-07 09:44 - 2019-01-01 06:12 - 012834816 _ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-07 09:44 - 2019-01-01 06:12 - 000945152 _ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-07 09:44 - 2019-01-01 06:11 - 008062464 _ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-07 09:44 - 2019-01-01 06:11 - 000594944 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-07 09:44 - 2019-01-01 06:10 - 001561088 _ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-07 09:44 - 2019-01-01 06:10 - 000735744 _ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-07 09:44 - 2019-01-01 06:04 - 000067584 _ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-02-07 09:44 - 2019-01-01 06:04 - 000050176 _ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-02-07 09:44 - 2019-01-01 06:04 - 000012800 _ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-02-07 09:44 - 2018-12-11 03:20 - 000352768 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-01 14:41 - 2019-02-01 14:41 - 000000000 ____D C:\New folder
2019-01-31 16:14 - 2019-01-31 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2019-01-30 18:18 - 2019-01-31 16:14 - 000000000 ___DC C:\Users\Xander\AppData\Local\MediaHuman
2019-01-30 18:02 - 2019-01-30 18:02 - 000000000 ___DC C:\Users\Xander\AppData\Local\4kdownload.com
2019-01-27 18:51 - 2019-01-27 18:51 - 000000000 ___DC C:\Users\Xander\AppData\Local\chastgameForSite2
2019-01-26 17:04 - 2019-01-26 17:04 - 000000847 ____C C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\School.lnk
2019-01-24 12:25 - 2019-01-24 12:25 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Google
2019-01-20 18:15 - 2019-01-20 18:15 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Temp
2019-01-20 16:39 - 2018-12-14 06:56 - 000664576 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-01-20 16:39 - 2018-12-14 06:49 - 000808960 _ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-19 13:38 - 2016-12-21 13:15 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\uTorrent
2019-02-19 13:38 - 2016-12-20 22:30 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-19 13:24 - 2017-12-05 21:03 - 005284838 _ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-19 13:24 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-19 13:24 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-02-19 13:24 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-19 13:19 - 2017-07-09 23:12 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-19 13:18 - 2018-03-15 15:18 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\Spotify
2019-02-19 13:18 - 2018-03-15 15:18 - 000000000 ___DC C:\Users\Xander\AppData\Local\Spotify
2019-02-19 13:18 - 2017-12-05 20:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-19 13:18 - 2016-12-20 22:26 - 000000000 _RDCL C:\Users\Xander\OneDrive
2019-02-18 23:39 - 2017-09-29 09:45 - 000524288 _ C:\WINDOWS\system32\config\BBI
2019-02-18 23:31 - 2017-12-05 20:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-18 21:01 - 2016-12-21 13:14 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\vlc
2019-02-18 20:54 - 2017-01-21 18:55 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\.minecraft
2019-02-18 16:23 - 2016-12-21 12:28 - 000000000 ___DC C:\Users\Xander\AppData\Local\CrashDumps
2019-02-17 22:54 - 2016-12-21 10:40 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\obs-studio
2019-02-17 20:12 - 2016-12-21 10:07 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\discord
2019-02-17 16:29 - 2017-09-29 14:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-17 10:45 - 2016-12-20 22:39 - 000000000 ___DC C:\Users\Xander\AppData\Local\Google
2019-02-17 10:45 - 2016-12-20 22:39 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-17 10:25 - 2017-12-20 00:35 - 000000000 ____D C:\ProgramData\Logishrd
2019-02-16 16:29 - 2018-08-04 16:28 - 000000000 ____D C:\Program Files\rempl
2019-02-14 16:01 - 2017-10-23 17:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-14 15:54 - 2017-12-05 20:54 - 000000000 ___DC C:\Users\Xander\AppData\Local\Packages
2019-02-14 15:33 - 2019-01-12 16:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-14 15:33 - 2017-10-23 17:44 - 000000000 ___DC C:\Users\Xander\AppData\LocalLow\Mozilla
2019-02-14 15:33 - 2017-10-23 17:43 - 000001007 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-14 10:31 - 2017-12-05 20:52 - 000414856 _ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 20:55 - 2017-11-10 20:55 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\PopupBlocker
2019-02-12 20:21 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-08 21:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2019-02-08 13:45 - 2018-09-05 18:42 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 09:44 - 2016-12-21 16:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-07 09:42 - 2016-12-21 16:08 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-06 16:23 - 2018-06-20 18:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-03 16:37 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-02-02 22:29 - 2016-12-21 11:56 - 000000000 ___DC C:\Users\Xander\AppData\Roaming\foobar2000
2019-02-01 23:05 - 2017-12-05 20:57 - 000003380 _ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061653555-2214285171-3603488753-1001
2019-02-01 23:05 - 2016-12-30 11:28 - 000002372 ____C C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-01 14:41 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2019-01-30 19:50 - 2017-12-05 20:54 - 000000000 ___DC C:\Users\Xander
2019-01-30 19:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-01-30 19:14 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\registration
2019-01-26 20:38 - 2018-03-15 15:18 - 000001843 ____C C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-01-24 11:47 - 2018-03-13 23:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2018-03-28 14:05 - 2018-03-28 14:05 - 000004642 ____C () C:\Users\Xander\AppData\Roaming\VoiceMeeterDefault.xml
2016-12-31 00:41 - 2018-07-03 23:41 - 000000475 ____C () C:\Users\Xander\AppData\Roaming\WB.CFG
2018-11-19 20:10 - 2018-11-19 20:11 - 000006656 ____C () C:\Users\Xander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-19 00:41 - 2017-12-19 00:41 - 000000068 ____C () C:\Users\Xander\AppData\Local\r18fpz9gq0
2019-02-14 15:32 - 2019-02-14 15:52 - 000722944 ____C () C:\Users\Xander\AppData\Local\sha.db
2016-12-21 11:15 - 2016-12-21 11:15 - 000000003 ____C () C:\Users\Xander\AppData\Local\updater.log
2016-12-21 11:15 - 2018-05-26 20:10 - 000000059 ____C () C:\Users\Xander\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2019-02-14 15:53 - 2019-02-14 15:32 - 000099896 ____C () C:\Users\Xander\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-13 20:52

==================== End of FRST.txt ============================







Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.02.2019
Ran by Xander (19-02-2019 13:53:06)
Running from F:\Desktop
Windows 10 Pro Version 1709 16299.904 (X64) (2017-12-05 20:14:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3061653555-2214285171-3603488753-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3061653555-2214285171-3603488753-503 - Limited - Disabled)
Guest (S-1-5-21-3061653555-2214285171-3603488753-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3061653555-2214285171-3603488753-504 - Limited - Disabled)
Xander (S-1-5-21-3061653555-2214285171-3603488753-1001 - Administrator - Enabled) => C:\Users\Xander

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
A Very Small Business v0.0.1 (HKLM-x32\...\{9D780EF7-E999-4F2B-8063-5F5866CC3028}_is1) (Version: 0.0.1 - Grabiobot)
AmaRecTV Live (HKLM-x32\...\AmaRecTV Live) (Version: - )
AnkhBotR2 version 1.0.2.16 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.2.16 - Marcin Swierzowski aka AnkhHeart)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Auto Clicker v14.1 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 14.1 - MurGee.com)
AutoHotkey 1.1.25.02 (HKLM\...\AutoHotkey) (Version: 1.1.25.02 - Lexikos)
AVerMedia Live Gamer EXTREME 3.0.64.97 (HKLM-x32\...\AVerMedia Live Gamer EXTREME) (Version: 3.0.64.97 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral 3 (HKLM-x32\...\{7e6fd995-6160-4ba6-9c71-57e67939a855}) (Version: 3.0.0.93 - AVerMedia TECHNOLOGIES, Inc)
AVerMedia RECentral 3 Installer (HKLM-x32\...\{D4F8EA9E-80D3-46B3-A5D9-7D264D319297}) (Version: 3.0.0.93 - AVerMedia TECHNOLOGIES, Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - )
Clustertruck (HKLM-x32\...\{BB09E395-9405-44CA-A17C-98DF998CF216}) (Version: - TinyBuild LLC)
Corsair Utility Engine (HKLM-x32\...\{BB25387A-061E-42E9-AB2F-64073B3E3180}) (Version: 2.24.50 - Corsair)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Discord (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 3.12 - NCH Software)
EmoTracker (HKLM-x32\...\{0851E4A7-503B-4F58-A8DA-17B72D438E2C}_is1) (Version: 2.1.0.1 - EmoSaru)
Evoland (HKLM-x32\...\1207659200_is1) (Version: 1.1.2490 - GOG.com)
f.lux (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Flux) (Version: - f.lux Software LLC)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
FileZilla Client 3.29.0 (HKLM-x32\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
foobar2000 v1.3.13 (HKLM-x32\...\foobar2000) (Version: 1.3.13 - Peter Pawlowski)
GitHub Desktop (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\GitHubDesktop) (Version: 0.6.0 - GitHub, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel Media SDK DLLs 7.16.5.13 (HKLM-x32\...\libmfxsw_is1) (Version: 7.16.5.13 - )
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version: - iosinstaller.com)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 13.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MediaHuman YouTube Downloader 3.9.9.11 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.9.11 - MediaHuman)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM-x32\...\{90150000-001F-0413-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 5.14 - NCH Software)
Pleasant Password Server (HKLM-x32\...\{342d1610-dbf0-4966-be85-fb1fb7713749}) (Version: 7.9.13 - Pleasant Solutions Inc.)
Pleasant Password Server (HKLM-x32\...\{89594A2E-A10E-457A-8A99-5DC66ACE8414}) (Version: 7.9.13 - Pleasant Solutions Inc.) Hidden
Port Forward Network Utilities (HKLM-x32\...\{4C345FED-92FF-4F24-AD0E-F114F4216DC7}) (Version: 3.0.36 - Portforward, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 5.00 - NCH Software)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.2 r3111 - Rainmeter)
Rename Master (HKLM-x32\...\Rename Master_is1) (Version: - )
Resanance (HKLM\...\{07BB6181-E1D0-4283-87D0-BE4819535A3C}) (Version: 2.1.3 - WasntAFairFight)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}Office15.PROPLUS{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.3.1 - ShareX Team)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps)
Snaz version 1.12.5.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.5.0 - JimsApps)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\Spotify) (Version: 1.1.0.237.g378f6f25 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Dig 2 (HKLM-x32\...\{0FA77531-EA32-4D0B-8FBB-E95517840472}) (Version: - Image & Form)
SteamWorld Heist (HKLM-x32\...\{2D7B207C-0E17-4444-8555-47EAECABAE57}) (Version: - Image & Form)
StreamLabels 0.2.10 (only current user) (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.10 - Streamlabs)
Streamlink (HKLM-x32\...\Streamlink) (Version: 0.14.2 - Streamlink)
SUPERHOT (HKLM-x32\...\{62F505D5-9210-4784-9094-17CDC868F6DA}) (Version: - SUPERHOT Sp. z o.o.)
SURVEY_PROGRAM (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\SURVEY_PROGRAM) (Version: - )
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.0 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 4.08 - NCH Software)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
Titan Souls (HKLM-x32\...\{8D842248-54AE-4AA2-B4BF-362CB533982E}) (Version: - Devolver Digital)
TotalVPN 1.5.13 (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\TotalVPN) (Version: 1.5.13 - TotalVPN)
Twitch (HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}Office15.PROPLUS{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}Office15.PROPLUS{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}Office15.PROPLUS{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.00 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.13 - NCH Software)
Windows Driver Package - I-O DATA DEVICE, INC. GV-USB2 (06/28/2010 1.1.0.93) (HKLM\...\B7A55616156C0785AF22DD6C01B2D883C06D9DDF) (Version: 06/28/2010 1.1.0.93 - I-O DATA DEVICE, INC.)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049629A3-10C0-4DD4-9278-104265041E45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {055457B9-97B9-4C6E-AB17-17361490D432} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {17FC3F93-0319-4C7C-961F-5B019447E74D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {20120977-A125-43AF-A228-0AF39564CB0E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {27B654F0-9AF6-44CC-A0BF-B67900979D43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {34F45844-9E41-4808-9998-02DB5DB64077} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BC00F04-DC58-420D-A579-B7A55B36A89C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () [File not signed]
Task: {5D821483-858B-485D-9525-6F4DA33B48CD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E69794B-F80C-452B-9A8A-98A419FA528A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {70A214D9-4795-45CE-A8EE-B53D32140E2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {82FDF603-B594-4571-AF50-3BE149CFA03C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {851BC466-51DB-4320-82AB-6AFE41F68B04} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {8BF8C510-2E40-4C0B-9D9B-72B35EFBBE17} - System32\Tasks\Opera scheduled Autoupdate 1550155430 => C:\Users\Xander\AppData\Local\Programs\Opera\launcher.exe
Task: {8C07EFDF-C057-4BC1-820B-D40E0517D4E4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D81DB54-DAEA-4AE6-BAB3-74B9ECA01E50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {93807414-D34B-4076-8165-3722C26E7C9C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97D22907-16A2-4FFD-818B-18C974A9EE21} - System32\Tasks\update-S-1-5-21-3061653555-2214285171-3603488753-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {A499801E-A7E0-4A81-8AF1-67D788A4420D} - System32\Tasks\S-1-5-21-3061653555-2214285171-3603488753-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {A8599866-D584-4554-A894-88210549282C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A985B5CD-B4BA-4BD6-9329-7BD678F441D8} - System32\Tasks\NCH Software\PrismDowngrade => C:\Program Files (x86)\NCH Software\Prism\Prism.exe (NCH Software Pty Ltd -> NCH Software)
Task: {C329103D-202A-4097-9299-5788792F1DA4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE7809C4-8A1D-4A9C-94C7-4A3E69792A1F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D887445D-4307-4B81-9354-932EA5C7E39F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E669652E-E955-451F-950E-C4B5791D3DD6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {ED0013BD-F2DE-4CE0-BAD7-8B3CA8CC5176} - \Z-1-9-58-1371741354-1393809609-1077592444-8253\{1FHX4B32-5Q8I-LVO-NUOL-QZLR3VRZXH75} -> No File <==== ATTENTION
Task: {FBE6A1B7-6B42-4210-8DF3-66380B36FD16} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-3061653555-2214285171-3603488753-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-16 14:19 - 2018-03-16 14:19 - 000088888 _ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 14:19 - 2018-03-16 14:19 - 001356088 _ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-20 22:32 - 2018-03-14 14:05 - 001267648 _ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-06 20:32 - 2017-11-06 20:32 - 000076456 _ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-11-08 10:05 - 2018-08-31 00:38 - 011044864 _ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-11-08 10:05 - 2018-08-31 00:35 - 001804288 _ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-15 12:25 - 2019-02-15 12:25 - 000182272 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-15 12:25 - 2019-02-15 12:25 - 000019456 _ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000908568 _ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-20 04:29 - 2017-10-20 04:29 - 001096824 _ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000060184 _ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-20 04:29 - 2017-10-20 04:29 - 000241784 _ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-10-20 04:02 - 2017-10-20 04:02 - 000077824 _ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-10-20 04:02 - 2017-10-20 04:02 - 000144896 _ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2017-06-08 19:00 - 2017-05-13 07:34 - 001211392 _ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2018-12-18 10:31 - 2018-12-18 10:32 - 001436760 _ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-09-18 19:56 - 2018-09-18 19:56 - 004048384 _ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.2492.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-05 18:45 - 2018-09-05 18:45 - 000634880 _ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.2492.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-02-17 10:45 - 2019-02-13 06:14 - 005186032 _ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-17 10:45 - 2019-02-13 06:14 - 000117232 _ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2017-09-26 14:37 - 2017-09-26 14:37 - 000311808 _ () D:\AVerMedia\AVerMedia RECentral 3\DeviceInfoParser.dll
2017-09-26 14:31 - 2017-09-26 14:31 - 000274432 _ () C:\Program Files (x86)\Common Files\AVerMedia\AVerMedia RECentral 3\dll\UVCDeviceControl.dll
2016-12-20 22:32 - 2018-03-14 14:05 - 001041344 _ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2019-01-16 14:47 - 2019-01-15 16:32 - 002000216 ____C () C:\Users\Xander\AppData\Local\Discord\app-0.0.304\ffmpeg.dll
2019-01-16 14:47 - 2019-01-15 16:32 - 004332376 ____C () C:\Users\Xander\AppData\Local\Discord\app-0.0.304\libglesv2.dll
2019-01-16 14:47 - 2019-01-15 16:32 - 000106328 ____C () C:\Users\Xander\AppData\Local\Discord\app-0.0.304\libegl.dll
2019-01-16 14:47 - 2019-01-25 15:05 - 011345240 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_voice\discord_voice.node
2019-01-16 14:47 - 2019-01-17 15:28 - 001723224 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_utils\discord_utils.node
2019-01-16 14:47 - 2019-01-17 15:28 - 001762648 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_game_utils\discord_game_utils.node
2019-01-16 14:47 - 2019-01-16 14:47 - 000553816 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_erlpack\discord_erlpack.node
2019-01-16 14:47 - 2019-01-16 14:47 - 002672984 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2019-01-16 14:47 - 2019-01-16 14:47 - 000837464 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2019-01-16 14:47 - 2019-01-16 14:47 - 000479064 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-01-16 14:47 - 2019-01-16 14:47 - 009914712 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_cloudsync\discord_cloudsync.node
2019-01-16 14:47 - 2019-01-16 14:47 - 002909016 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_rpc\discord_rpc.node
2019-02-09 16:22 - 2019-02-09 16:22 - 002284376 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_media\discord_media.node
2019-01-16 14:47 - 2019-01-16 14:47 - 001266008 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_modules\discord_modules.node
2019-01-16 14:47 - 2019-01-17 15:28 - 022327128 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_dispatch\discord_dispatch.node
2019-01-16 14:47 - 2019-01-16 14:47 - 002947416 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_contact_import\discord_contact_import.node
2019-01-16 14:47 - 2019-01-16 14:47 - 001297752 ____C () \\?\C:\Users\Xander\AppData\Roaming\discord\0.0.304\modules\discord_vigilante\discord_vigilante.node
2018-03-15 15:18 - 2019-02-13 15:38 - 088824552 ____C () C:\Users\Xander\AppData\Roaming\Spotify\libcef.dll
2018-03-15 15:18 - 2019-02-13 15:38 - 004239592 ____C () C:\Users\Xander\AppData\Roaming\Spotify\libglesv2.dll
2018-03-15 15:18 - 2019-02-13 15:38 - 000098024 ____C () C:\Users\Xander\AppData\Roaming\Spotify\libegl.dll
2018-03-27 18:18 - 2018-03-27 18:18 - 000197120 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2018-03-27 18:11 - 2018-03-27 18:11 - 000044544 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2018-03-27 18:42 - 2018-03-27 18:42 - 000151040 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2018-03-27 18:11 - 2018-03-27 18:11 - 000097280 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2017-10-02 07:54 - 2017-10-02 07:54 - 000013312 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-10-02 07:54 - 2017-10-02 07:54 - 001950720 _ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2016-12-20 22:32 - 2018-03-14 14:04 - 081563584 _ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-12-15 13:06 - 2018-03-14 14:04 - 002478016 _ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-12-15 13:06 - 2018-03-14 14:04 - 000125376 _ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\sharepoint.com -> hxxps://stichtinglvo-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2019-02-17 10:57 - 000000824 _ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;F:\Livestreamer;E:\Streamlink\bin
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3061653555-2214285171-3603488753-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6A445FE2-0AAB-4CBF-84B8-C473ADB8E44C}] => (Allow) C:\Users\Xander\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe (hxxps://www.AnkhBot.com)
FirewallRules: [{6B81C008-3726-416C-9151-03AB14CC95BF}] => (Allow) C:\Users\Xander\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe (hxxps://www.AnkhBot.com)
FirewallRules: [{CDF29C29-37F4-48C9-80B4-D960E9B513D8}] => (Allow) C:\Users\Xander\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe (hxxps://www.AnkhBot.com)
FirewallRules: [{7CE73091-802D-4CBA-B8A8-8912E2CF58AD}] => (Allow) E:\Steam\steamapps\common\Evoland 2\Evoland2.exe ()
FirewallRules: [{F96FEBB3-7FC6-407C-879F-965CA770D382}] => (Allow) E:\Steam\steamapps\common\Evoland 2\Evoland2.exe ()
FirewallRules: [UDP Query User{6270F36D-603E-4DEA-A329-D48E62B2B037}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [TCP Query User{AE281DF2-FEDF-4850-8827-C1DB6A1E984F}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [{E26805C6-AF60-4977-991F-63C44A7C294C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E11A4E45-31F8-4F58-82B4-46E5D887C131}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3F9BE10-7BED-4949-BA20-02D3DB5FBED8}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe (Playdead)
FirewallRules: [{F418E98E-A147-4EEE-BD99-A097B6FAE7DB}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe (Playdead)
FirewallRules: [{CA87E4A6-ADD5-4C92-AD3E-E61379D4485D}] => (Allow) E:\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe (Telltale Games)
FirewallRules: [{943AFB48-AAE7-4596-AF09-534DB04A7C46}] => (Allow) E:\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe (Telltale Games)
FirewallRules: [{1E2FC805-9F30-433A-ABC8-76ABD97616E4}] => (Allow) E:\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{0F949650-27A9-4BF5-9F6E-96716FD5E09A}] => (Allow) E:\Steam\steamapps\common\Jotun\Jotun.exe ()
FirewallRules: [{A30594D8-8DB2-4B20-949C-0370A47C6C07}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe No File
FirewallRules: [{AF2017C3-AE2A-495C-99A4-AC22F696BB9C}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe No File
FirewallRules: [{04BC1728-E37A-4351-962E-600B299A8D3A}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe No File
FirewallRules: [{72F4E58C-880B-49BF-B4BD-901E97FB6C3E}] => (Allow) E:\TWD A New Frontier\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe No File
FirewallRules: [{13ACE381-6BBB-4177-89F3-5E4D46C3FC71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{7B3CC466-E59E-46B2-A6EF-115D17CB5E43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5F55B611-7B8F-4F39-B280-B270FA6E4C5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{ACA7146A-A3FD-49E5-9AE7-E4E607369270}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{3F335917-D91D-4BC6-AF36-FD83D4E182AB}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{503F7DC2-4B96-4D28-A2D3-E0A58F70B03B}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{D8A4648C-3CB2-4314-A7A8-E47B5B1E511B}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{556E21AB-444F-4021-9132-7F69780C8541}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{6D1011F9-AFCD-4368-BEA4-8A2CDEC33491}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{EBE2FE35-B6FC-4A32-8145-8742D76C9B7E}] => (Allow) C:\Users\Xander\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{4E0BF4B1-FBEC-4326-AEBB-C154E98F8893}] => (Allow) G:\Microsoft Office Professional Plus (x64) 2013 Incl Activator P2P\Microsoft Toolkit.exe No File
FirewallRules: [{09530892-5B5E-42FC-AF9F-30E7BFC6321C}] => (Allow) G:\Microsoft Office Professional Plus (x64) 2013 Incl Activator P2P\Microsoft Toolkit.exe No File
FirewallRules: [{A71DE2FD-0D77-4A5B-84B4-0869FCE8A666}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6251F719-0128-4E18-9019-B3DE1D64F40B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06A0B452-6F52-47E3-BF6C-0654ABA019F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{693BF07C-8EA7-411C-837F-3BF4A37154F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{49091292-39F6-4767-A309-ADC2616327C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA44465B-034A-4A6F-A3E1-9BE0A4C651C5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E468FD24-AFC2-471D-9F6A-5B4D5CFD8FA7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97E0C27B-B344-466A-8FCC-2CADEB8DE112}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8B8A689-92C1-44A3-BBC8-7D1ADF2307EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{537FFCC5-1D19-43E5-9142-488AAD80FF96}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5164ED6D-9A80-48E0-99F5-98393187E625}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{16A153D2-1C1E-49FC-B703-AF7D1890A373}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{32F974BA-A793-4EB4-AB9F-373F249D8BFD}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{D39E53F1-3091-4DE1-A9EC-C83C60236B83}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{1937B8AC-C82F-46BF-9419-40FF6983AA8A}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{A4E5B2AA-A42B-4B49-A74C-D4432516FC3C}] => (Allow) E:\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe ()
FirewallRules: [{C47F7FCE-0CBE-4009-BED7-C31AD6547E33}] => (Allow) E:\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe ()
FirewallRules: [{305597A7-1A63-4E6B-B4F5-EC9B0219D2E2}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe (Telltale Games)
FirewallRules: [{ACA35DB5-DDFA-4192-A5B0-B110AA5942A8}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe (Telltale Games)
FirewallRules: [{E1296F63-77FA-435F-B2CF-A0C9F9800C8E}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe (Telltale Games)
FirewallRules: [{16CA020A-98A9-455A-B2B7-99ED61D4D500}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe (Telltale Games)
FirewallRules: [{A5841E1B-C5D2-48F6-8458-0B46B92B0C7B}] => (Allow) E:\Steam\steamapps\common\vvvvvv\VVVVVV.exe ()
FirewallRules: [{ECAC52AF-15B9-4FC0-958A-8B2BC2F78514}] => (Allow) E:\Steam\steamapps\common\vvvvvv\VVVVVV.exe ()
FirewallRules: [{7319173F-A336-4F72-B252-5BCA132703DA}] => (Allow) E:\Steam\steamapps\common\DYE\dyegame.exe ()
FirewallRules: [{03BD2F49-FDB5-4F13-8F06-5CB43C0C07D5}] => (Allow) E:\Steam\steamapps\common\DYE\dyegame.exe ()
FirewallRules: [{7DF2F318-8445-4F59-8D31-4B95E30F1EA7}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe ()
FirewallRules: [{527A18E5-AB49-4BAF-A3D8-9FC27EBE015F}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe ()
FirewallRules: [TCP Query User{E1015871-7087-4A81-AFB7-21816AF8C28D}D:\games\linux debug\undertale.exe] => (Allow) D:\games\linux debug\undertale.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Toby Fox )
FirewallRules: [UDP Query User{B54A4194-EBF7-4A35-807A-BF7E9B987A2C}D:\games\linux debug\undertale.exe] => (Allow) D:\games\linux debug\undertale.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Toby Fox )
FirewallRules: [{0AF6A036-9689-4DBD-A4AC-D656FCF098EB}] => (Allow) E:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe ()
FirewallRules: [{94AC3F1C-E2C3-4F80-B38C-C97A3FC7F652}] => (Allow) E:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe ()
FirewallRules: [{2D5387B5-B49E-4717-AFEA-3C58F600EE4D}] => (Allow) E:\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe (Experimental Gameplay Group LLC)
FirewallRules: [{8C074802-B5D1-40BB-A15D-2272E3CB05AE}] => (Allow) E:\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe (Experimental Gameplay Group LLC)
FirewallRules: [{96054777-BAC2-4DB3-A1E0-38150C225C26}] => (Allow) E:\Steam\steamapps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe (Telltale Games)
FirewallRules: [{8D21FE49-133B-4690-88CE-94B407298DFA}] => (Allow) E:\Steam\steamapps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe (Telltale Games)
FirewallRules: [{E59BFAC9-DC0E-4969-B5E8-23A60B93F585}] => (Allow) E:\Steam\steamapps\common\You Have to Win the Game\TheGame.exe ()
FirewallRules: [{390B8604-9001-4DC1-BF10-E19F71568A07}] => (Allow) E:\Steam\steamapps\common\You Have to Win the Game\TheGame.exe ()
FirewallRules: [TCP Query User{6975A5B5-ED31-421F-9E90-29BC55DBCCE6}C:\programdata\oracle\java\javapath_target_246634250\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [UDP Query User{1C4D9976-7CF8-43B3-85B4-29BA1E0FA1C1}C:\programdata\oracle\java\javapath_target_246634250\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [{40BDCE77-BD16-44C1-BBDB-36596B74D596}] => (Block) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [{572DB6BC-8A9C-41FF-99E2-825535FAF355}] => (Block) C:\programdata\oracle\java\javapath_target_246634250\java.exe No File
FirewallRules: [TCP Query User{96307E66-F3F5-4DA2-B5BC-AE7840D9716C}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [UDP Query User{945DDC87-130E-4587-B646-5353B819EBD9}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [{88068439-5908-4EB3-9BF1-A717AF042EAC}] => (Block) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [{3F4E31DD-1734-4B38-8AE3-BBD40C308223}] => (Block) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [TCP Query User{D678744E-CF13-404C-90A1-948E11448F09}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{21C263AC-EE57-4B92-ACA6-B5E710D34B88}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{09D98E7A-993A-47F1-A246-57FA387F25C5}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{74DB560A-6CC4-43F7-BF80-B350D1678ED6}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{B55ADC00-B038-4F12-B331-EF71EDAA4835}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.808\Microsoft Toolkit.exe No File
FirewallRules: [{A7FBB137-7AD0-4CFE-944A-0D130957FE43}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.808\Microsoft Toolkit.exe No File
FirewallRules: [{86EA4240-EB7C-4E7B-9D99-708BB5A2CEC8}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.614\Microsoft Toolkit.exe No File
FirewallRules: [{868CCF7A-33B1-472F-937B-2288EB93C593}] => (Allow) C:\Users\Xander\AppData\Local\Temp\Rar$EXa0.614\Microsoft Toolkit.exe No File
FirewallRules: [{5F561433-B7AB-4063-B923-0FE49D15359D}] => (Allow) E:\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe ()
FirewallRules: [{217E422C-AEE4-4E14-B118-191C39C1D6E9}] => (Allow) E:\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe ()
FirewallRules: [{47570F06-68F5-4E10-B73C-611E118E5BED}] => (Allow) E:\Steam\steamapps\common\FEZ\FEZ.exe (Polytron Corporation)
FirewallRules: [{358D1382-80BF-4B95-9C17-042455563F79}] => (Allow) E:\Steam\steamapps\common\FEZ\FEZ.exe (Polytron Corporation)
FirewallRules: [{62D9E12B-B0BA-40A6-BA26-5DEDB1C6B1C8}] => (Allow) E:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe ()
FirewallRules: [{24B9AAAC-F357-4ABF-B9C2-93788F036AC6}] => (Allow) E:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe ()
FirewallRules: [{FC305F31-BE3E-4E93-B638-C69E89A8984F}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe ()
FirewallRules: [{926FD4B2-4519-4758-A85C-9B64907A34CA}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe ()
FirewallRules: [{B7649B57-CEA6-46F0-AE7E-513F454F947E}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe ()
FirewallRules: [{76F2C6DD-F14B-430C-8DCE-DA2D5F987493}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe ()
FirewallRules: [{15D3CFC8-E47B-408C-A850-93ADC324FB55}] => (Allow) E:\Steam\steamapps\common\Cuphead\Cuphead.exe ()
FirewallRules: [{67AE6A61-DDB0-4D0A-ADE3-29C9EDE804F3}] => (Allow) E:\Steam\steamapps\common\Cuphead\Cuphead.exe ()
FirewallRules: [{5C090355-8BD6-48BA-BE58-738E13EF79FB}] => (Allow) E:\Steam\steamapps\common\Infinifactory\infinifactory.exe (Unity Technologies SF -> )
FirewallRules: [{08F87010-57C9-4001-A422-A844D472E488}] => (Allow) E:\Steam\steamapps\common\Infinifactory\infinifactory.exe (Unity Technologies SF -> )
FirewallRules: [TCP Query User{C39A0128-FF5C-478D-B639-EC8661BD9BF2}C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{092EA041-518E-484D-9B08-5FFCF480E7E8}C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{E7D36957-1FF4-406D-A863-9B8E1FBAFDED}] => (Block) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{57E10342-D9D5-4563-AC7E-7FF47861AE62}] => (Block) C:\users\xander\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{389E0800-28F8-44F0-984D-83621BFC449C}] => (Allow) E:\Steam\steamapps\common\VRChat\VRChat.exe ()
FirewallRules: [{B733C22D-0567-4692-96BD-418EEE6F988E}] => (Allow) E:\Steam\steamapps\common\VRChat\VRChat.exe ()
FirewallRules: [{1BFA2A8D-D8A8-4866-B4B7-2CBB146CDC94}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{6285D462-700E-4F31-8994-8DC9E1F01656}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{7C65169A-78E0-4073-8ACB-0330A719787D}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B32B3944-F3E6-4FE5-8D96-4C8C7E272B81}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E6B2B99D-76E9-4623-A49F-CE15438A19E3}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{01318FEA-E74E-4043-BA6C-AE721956A47B}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{88EF8660-14B3-4B10-ADA5-934025DF9FBF}C:\users\xander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{74E5E23E-DE64-42CF-A2FF-38B10DAE24FE}C:\users\xander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76ECFE45-6872-454F-B303-86B5CFD7F00D}] => (Block) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6030466-3D3B-4B36-9199-2945524C87F9}] => (Block) C:\users\xander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D21B143-5389-43BA-8968-4528C85E9373}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe No File
FirewallRules: [{408AB209-BAE2-46D9-A842-68E61A35DF89}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe No File
FirewallRules: [{B6313CAA-2010-4B5E-9F45-90C477DDF661}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76439858-E356-45C3-B877-9C0229799A78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{507907BA-4635-49D5-9B75-C51A57B509F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AEE0284C-4C85-441F-96FF-2AE90F04445B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4C889938-9C61-4363-9C3B-7D3C77A3DABB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57271342-AA15-4090-9118-EC3409E12808}] => (Allow) E:\iTunes.exe No File
FirewallRules: [{F41B8329-BE54-473B-9841-36B802A442E0}] => (Allow) E:\iOSinstaller\iOSinstaller.exe (iosinstaller.com)
FirewallRules: [{4E23D748-C275-49F6-BBD6-954BE65D72F1}] => (Allow) E:\iOSinstaller\iOSinstaller.exe (iosinstaller.com)
FirewallRules: [TCP Query User{657FC60F-3F63-4861-9356-CD688A68FF4D}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [UDP Query User{B30CE9C6-FC5E-480A-A9FE-C10FDCAC41D5}D:\avermedia\avermedia recentral 3\recentral 3.exe] => (Allow) D:\avermedia\avermedia recentral 3\recentral 3.exe (AVerMedia TECHNOLOGIES, INC. -> AVerMedia Technologies, Inc.)
FirewallRules: [{4818BA13-34DF-41B7-B9C3-958304513DDE}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3.exe (Telltale Games)
FirewallRules: [{9668DC0F-5F1D-4D2B-A159-7E531E82B7A2}] => (Allow) E:\Steam\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3.exe (Telltale Games)
FirewallRules: [{54E9975B-6711-43C8-A161-0691B0854843}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9282164C-22C1-4EB7-9511-E238BB6D6AB8}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2F9982B7-E3C2-4E71-BE70-6E803CF87A69}] => (Allow) E:\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{8FD891B1-F4E9-4C89-9002-A16028D8B7C8}] => (Allow) E:\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{03776FD6-C2F4-438B-91CB-A9A4C42685EF}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe ()
FirewallRules: [{F865395B-9F16-4749-88A8-8DB7B5579BBA}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe ()
FirewallRules: [TCP Query User{D501AF8A-64BD-4B43-B6B9-9F82BAC479BE}E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{AECFE91E-D8F3-44CC-85DB-CC136D99BF32}E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{38FED70F-5B8B-4824-BD8D-C79A66AC3DE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32910FF9-079B-46E6-B7CC-09E802381160}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D04AB0F7-ACBC-4E39-8897-7975E3C49528}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E3E7F11B-D091-4E6F-9527-30F33EA5DF1D}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0129FA2F-288A-4710-A36F-2B5B83548DC7}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{43119E99-21EB-4795-A41F-67BB98C315EA}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B9BCC3BC-88A6-4F19-A486-E11F15BA1137}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C2FD868-3CD0-4837-AD8F-C35EA24E279E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{00AC8585-997A-46F6-AF65-100DCC5BB20D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{98205AF8-6885-43A8-979A-7B23CB5C6979}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DAFA368A-E1B2-4A27-8A30-785F09F4B298}] => (Allow) E:\Steam\steamapps\common\Tales from the Borderlands\Borderlands.exe (Telltale Games)
FirewallRules: [{1994E697-D263-4A21-AE2C-EFA6BA46DBE6}] => (Allow) E:\Steam\steamapps\common\Tales from the Borderlands\Borderlands.exe (Telltale Games)
FirewallRules: [{5799309A-8DA3-4494-A161-20AAE80602F3}] => (Allow) LPort=10001
FirewallRules: [{677B52EE-E5A4-401B-AE8E-E1663F18DBB6}] => (Allow) E:\Steam\steamapps\common\Poly Bridge\polybridge.exe ()
FirewallRules: [{1C2571BE-AE41-4A87-A994-4B0C55E0ED24}] => (Allow) E:\Steam\steamapps\common\Poly Bridge\polybridge.exe ()
FirewallRules: [{C250DFA1-879C-45CC-9DBE-54E9C72B0EA0}] => (Allow) E:\Steam\steamapps\common\Hacknet\Hacknet.exe ()
FirewallRules: [{F8553144-DAD1-4E29-B6A2-86FCA5D29BC3}] => (Allow) E:\Steam\steamapps\common\Hacknet\Hacknet.exe ()
FirewallRules: [{23F34CF1-29DE-4FD9-BD32-ED958B85A3FD}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments)
FirewallRules: [{CA7663C7-7934-4D86-B3B7-94333622E70A}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments)
FirewallRules: [{4619584A-C250-44E9-8FF0-CC951E0BD8AC}] => (Allow) E:\Steam\steamapps\common\The Stanley Parable\stanley.exe ()
FirewallRules: [{8D0F822E-F7F6-4908-B8F6-7B72F703DDEA}] => (Allow) E:\Steam\steamapps\common\The Stanley Parable\stanley.exe ()
FirewallRules: [{D447A3BD-0EE0-4D91-929C-26DF1E19EBDB}] => (Allow) E:\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe ()
FirewallRules: [{C3226B02-F6D2-4338-B326-EDB770C684A5}] => (Allow) E:\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe ()
FirewallRules: [{96F491DA-4726-4A5D-B2A9-E53249ADC492}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe (Starbreeze Studios AB)
FirewallRules: [{E2E61318-C97B-4C2A-B6F8-8D42C177D0AA}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe (Starbreeze Studios AB)
FirewallRules: [{869B1BBE-EC4C-4BD3-9A13-28E09210980A}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe (Starbreeze)
FirewallRules: [{0F6997AC-80D4-4E34-BBD1-6C8AA6BE6B92}] => (Allow) E:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe (Starbreeze)
FirewallRules: [{A995C499-EE77-4FC1-9275-4ACFFE745462}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe ()
FirewallRules: [{A141A3B2-42E5-4B54-AFDD-092AC18C1343}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe ()
FirewallRules: [{195C16F1-414B-4498-8296-3CB503FC9B20}] => (Allow) E:\Steam\steamapps\common\South Park The Fractured But Whole\SouthPark_TFBW.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{7DE8DE78-0F60-4292-84D5-32A6EA58D979}] => (Allow) E:\Steam\steamapps\common\South Park The Fractured But Whole\SouthPark_TFBW.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{23FDA574-A399-4506-A45A-9563DC710EDD}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{9B141FFB-A241-4BA2-A556-4513BAE731F2}] => (Allow) E:\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS)
FirewallRules: [{BC0F8E13-909A-4A20-9DE7-EA38FAC1C173}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{A832DBE7-27A2-4EFD-BBDC-9B65CDAEB422}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe ()
FirewallRules: [{89ACBF08-95AA-4149-B529-17A2118897D8}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C6908EFB-4480-4694-8DEF-BF2B1723771E}] => (Allow) C:\Users\Xander\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe No File
FirewallRules: [{8F474072-D836-41D6-81B5-71EFB5E3653C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

18-02-2019 09:15:24 18 02 2019

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter OAS
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #2
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #3
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #4
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #5
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #6
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #7
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #8
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #9
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #10
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #11
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #12
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #13
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #14
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #15
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #16
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #17
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #18
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #19
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #20
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #21
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #22
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #23
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter OAS #24
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2019 01:38:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/19/2019 01:28:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PassMan.WindowsService.exe, version: 0.0.0.0, time stamp: 0x5bd8e41f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.820, time stamp: 0xe0e03037
Exception code: 0xe0434352
Fault offset: 0x00000000000454d8
Faulting process id: 0xeb0
Faulting application start time: 0x01d4c84d32b86dfd
Faulting application path: C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\PassMan.WindowsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 45be97a9-b660-45eb-be1b-3f6bccbabb5f
Faulting package full name:
Faulting package-relative application ID:

Error: (02/19/2019 01:28:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PassMan.WindowsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
at PassMan.WindowsService.PasswordManagerService.PingServer()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (02/19/2019 01:52:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/19/2019 01:50:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/19/2019 01:48:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/19/2019 01:46:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/19/2019 01:44:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (02/19/2019 01:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/19/2019 01:42:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.

Error: (02/19/2019 01:40:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IMRO5S9)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-02-18 21:16:59.446
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2C63325C-9EDE-4E4C-98A2-1C3FEF893DAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-17 11:04:15.281
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Xander\AppData\Local\Temp\18036265\ic-0.90b027a2b94f4.exe; file:_C:\Users\Xander\AppData\Local\Temp\ncv.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Signature Version: AV: 1.287.166.0, AS: 1.287.166.0, NIS: 1.287.166.0
Engine Version: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-17 11:04:14.064
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Xander\AppData\Local\Temp\18036265\ic-0.90b027a2b94f4.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Signature Version: AV: 1.287.166.0, AS: 1.287.166.0, NIS: 1.287.166.0
Engine Version: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-16 18:02:59.169
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CD783E3A-31DF-42D9-A392-7F173C929DF6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-16 17:48:51.399
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {637AF27F-61F3-444E-A18F-6F5688113C18}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-14 13:54:56.030
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.488.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-02-19 13:53:42.331
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:42.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:41.737
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:41.736
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:10.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:10.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:10.470
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-19 13:53:10.469
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 30%
Total physical RAM: 16331.9 MB
Available physical RAM: 11390.66 MB
Total Virtual: 17355.9 MB
Available Virtual: 11182.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:97.17 GB) (Free:27.44 GB) NTFS
Drive d: (Processes) (Fixed) (Total:140.82 GB) (Free:133.86 GB) NTFS
Drive e: (Programs/Games) (Fixed) (Total:488.28 GB) (Free:250.56 GB) NTFS
Drive f: (Storage) (Fixed) (Total:443.23 GB) (Free:263.23 GB) NTFS
Drive g: (Ugreen_CSR) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS

\\?\Volume{6530e1bf-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 6530E1BF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6530E1B2)
Partition 1: (Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,462
1,694
Sydney, Australia
pchelpforum.net
Thank you for the logs, and whilst I look at them, can you explain why you have a non legitimate Windows activator on your system.
 
Last edited:
Status
Not open for further replies.