Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware reinstalling: Adware.eLex.shrClin

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » June 27th, 2020, 11:53 am

Hello,

Malwarebytes is finding 16/18 files either PUP.Optional.Conduit, Adware.eLex.shrClin and PUP.Optional.Conduit.Trovigo.

There are no notable symptoms of these adware but they may be being blocked by my adblocker.

Malwarebytes quarantines and removes them but they reappear (I think whenever I use chrome although I am not certain).

Any help identifying how to remove these permanently would be much appreciated.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-06-2020
Ran by cgrog (administrator) on DESKTOP-263AI8E (Gigabyte Technology Co., Ltd. Z270-Gaming K3) (27-06-2020 16:45:38)
Running from C:\Users\cgrog\Downloads
Loaded Profiles: cgrog
Platform: Windows 10 Home Version 1903 18362.836 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Discord Inc. -> Discord Inc.) C:\Users\cgrog\AppData\Local\Discord\app-0.0.306\Discord.exe <4>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\cgrog\AppData\Local\FluxSoftware\Flux\flux.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_8c5e3f480513d171\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\RtWLan.exe
(Realtek) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\RtlService.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353776 2020-06-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2237256 2020-03-13] (voidtools -> voidtools)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [Spotify] => C:\Users\cgrog\AppData\Roaming\Spotify\Spotify.exe [22151072 2020-01-09] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [Discord] => C:\Users\cgrog\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [Ubisoft Game Launcher] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe [471360 2020-06-26] (Ubisoft Entertainment Sweden AB -> Ubisoft)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [8030280 2020-03-30] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [f.lux] => C:\Users\cgrog\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35960720 2019-11-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91585088 2020-03-31] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {0031cdd9-0d4f-11ea-9b15-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {0031cdf7-0d4f-11ea-9b15-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {13336801-0009-11ea-9b05-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {1bf507ee-0ccf-11ea-9b13-503eaa619505} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {3c5aadea-f25a-11e9-9afe-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {576ca0fe-120b-11ea-9b15-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {5ca27a4f-e304-11e9-9af6-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {5ca27acf-e304-11e9-9af6-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {8e7dfc87-18f1-11ea-9b18-e0d55e2ddd38} - "F:\setup.exe"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\MountPoints2: {d81490d1-02cb-11ea-9b08-e0d55e2ddd38} - "F:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-27] (Google LLC -> Google LLC)
Startup: C:\Users\cgrog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-04-19]
ShortcutTarget: MEGAsync.lnk -> C:\Users\cgrog\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BF7AA37-D79D-4E9A-AB40-1E3DF606AB3D} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed] [File is in use]
Task: {390B94F7-43B1-497F-B67E-5D89C9756E21} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EF687A2-5813-4190-BE08-75F96C6681EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-02] (Google Inc -> Google Inc.)
Task: {66E56C01-8DAC-4C10-A287-6C2BD08F0D36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70175117-96E3-4EFB-BDB8-BB3C261FE8C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-02] (Google Inc -> Google Inc.)
Task: {83518E0E-E3B2-4F62-8334-33C6BE812C95} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-124992116-1282473561-228682095-1001 => C:\Users\cgrog\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-01-15] (Mega Limited -> Mega Limited)
Task: {997D49D9-2ED0-46B6-B82A-5C90958F5B54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C00CBED4-F8A9-4549-8205-3DA500394C75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F12B2978-0D4A-4D83-A4A6-AD25A1D1A2CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{214a5e8e-2231-430e-9244-233f0e0dcd38}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4512021b-51b8-4399-aaed-eac94017d9ef}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{68d0d5ac-6623-46c7-8027-d0af370dcd59}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e2b89edd-c989-4abd-8735-0403cd6265b6}: [DhcpNameServer] 192.168.0.254 192.168.0.254

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-05] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
Edge Profile: C:\Users\cgrog\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-27]

FireFox:
========
FF DefaultProfile: u6s9dvft.default
FF ProfilePath: C:\Users\cgrog\AppData\Roaming\Mozilla\Firefox\Profiles\u6s9dvft.default [2020-04-13]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-30] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-124992116-1282473561-228682095-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cgrog\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-13] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default [2020-06-27]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.reddit.com/
CHR StartupUrls: Default -> "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP55C94456-270B-49D0-8F2C-C2D8B4343377&SSPV=SE1CG2_sp_ch","hxxp://www.mystartsearch.com/?type=hp&ts=1429455458&from=wpc&uid=HitachiXHTS541010A9E680_J5400071HHSK7CHHSK7CX","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-02]
CHR Extension: (Docs) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-02]
CHR Extension: (Google Drive) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-02]
CHR Extension: (YouTube) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-02]
CHR Extension: (uBlock Origin) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-06-27]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2020-06-26]
CHR Extension: (Sheets) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-02]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2020-06-26]
CHR Extension: (gScholar for Google Apps & Chrome) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnecgbocmpbaikjjielniibkjcbiaeao [2018-02-02]
CHR Extension: (Dropbox) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-04-22] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-12-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Incorporated -> Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1242696 2020-03-30] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-03-30] (GOG Sp. z o.o. -> GOG.com)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2425136 2019-11-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3303736 2019-11-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Realtek88EE; C:\Program Files (x86)\netis\PCIE Wireless LAN\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] [File is in use]
S2 RTLDHCPService; C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe [261848 2013-11-12] (Realtek Semiconductor Corp -> Realtek)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9824296 2020-06-24] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_8c5e3f480513d171\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_8c5e3f480513d171\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-15] (Microsoft Corporation) [File not signed] [File is in use]
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [33592 2020-03-17] (DEV47 APPS -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [229432 2020-03-17] (DEV47 APPS -> Dev47Apps)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2019-03-19] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2020-06-27] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_8c5e3f480513d171\nvlddmkm.sys [23439288 2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [9860088 2019-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 SaiK5263; C:\WINDOWS\system32\DRIVERS\SaiK5263.sys [182224 2017-02-07] (Mad Catz Inc -> Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23760 2017-02-07] (Mad Catz Inc -> Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51408 2017-02-07] (Mad Catz Inc -> Saitek)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6472256 2020-06-24] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [401120 2020-06-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-27 16:46 - 2020-06-27 16:46 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-27 16:45 - 2020-06-27 16:47 - 000021599 _____ C:\Users\cgrog\Downloads\FRST.txt
2020-06-27 16:36 - 2020-06-27 16:47 - 000000000 ____D C:\FRST
2020-06-27 16:35 - 2020-06-27 16:36 - 002291200 _____ (Farbar) C:\Users\cgrog\Downloads\FRST64.exe
2020-06-27 16:23 - 2020-06-27 16:40 - 000000000 ____D C:\AdwCleaner
2020-06-27 16:23 - 2020-06-27 16:23 - 008402608 _____ (Malwarebytes) C:\Users\cgrog\Downloads\adwcleaner_8.0.5.exe
2020-06-27 16:08 - 2020-06-27 16:08 - 000000907 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2020-06-27 16:08 - 2020-06-27 16:08 - 000000907 _____ C:\ProgramData\Desktop\qBittorrent.lnk
2020-06-27 16:08 - 2020-06-27 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-06-27 16:08 - 2020-06-27 16:08 - 000000000 ____D C:\Program Files\qBittorrent
2020-06-27 16:07 - 2020-06-27 16:07 - 000425304 _____ (Secure By Design Inc.) C:\Users\cgrog\Downloads\Ninite Everything qBittorrent Installer.exe
2020-06-27 16:07 - 2020-06-27 16:07 - 000001094 _____ C:\Users\cgrog\Desktop\Search Everything.lnk
2020-06-27 16:07 - 2020-06-27 16:07 - 000000000 ____D C:\Users\cgrog\AppData\Roaming\Everything
2020-06-27 16:07 - 2020-06-27 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything
2020-06-27 16:07 - 2020-06-27 16:07 - 000000000 ____D C:\Program Files\Everything
2020-06-27 16:02 - 2020-06-27 16:02 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-27 16:02 - 2020-06-27 16:02 - 000002332 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-27 16:01 - 2020-06-27 16:01 - 001295576 _____ (Google LLC) C:\Users\cgrog\Downloads\ChromeSetup.exe
2020-06-27 15:33 - 2020-06-27 15:34 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-27 15:33 - 2020-06-27 15:33 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-27 15:33 - 2020-06-27 15:33 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-26 15:58 - 2020-06-26 16:12 - 723080330 _____ C:\Users\cgrog\Downloads\signs-of-the-sojourner-win.zip
2020-06-26 15:54 - 2020-06-26 15:54 - 000007597 _____ C:\Users\cgrog\AppData\Local\Resmon.ResmonCfg
2020-06-26 10:20 - 2020-06-26 10:20 - 000140686 _____ C:\Users\cgrog\Downloads\Jobseekers Notification_{0_dd_MM_yy}.pdf
2020-06-26 10:16 - 2020-06-26 10:28 - 000000000 ____D C:\Users\cgrog\Desktop\Clean up 26.062020

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-27 16:46 - 2018-02-21 23:42 - 000000000 ____D C:\Users\cgrog\AppData\Roaming\discord
2020-06-27 16:44 - 2020-04-15 20:57 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2020-06-27 16:43 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-27 16:42 - 2019-08-03 01:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-27 16:41 - 2020-04-06 17:08 - 000017207 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-06-27 16:41 - 2020-04-06 17:08 - 000011410 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-06-27 16:41 - 2020-04-06 17:08 - 000008589 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-06-27 16:41 - 2020-04-06 17:08 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-06-27 16:41 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-06-27 16:30 - 2018-02-02 18:40 - 000000000 ____D C:\Users\cgrog\AppData\Roaming\qBittorrent
2020-06-27 16:13 - 2018-02-02 18:40 - 000000000 ____D C:\Users\cgrog\AppData\Local\qBittorrent
2020-06-27 16:02 - 2018-02-02 17:28 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-27 16:02 - 2018-02-02 17:28 - 000000000 ____D C:\Program Files (x86)\Google
2020-06-27 15:59 - 2019-01-26 17:35 - 000000000 ____D C:\Users\cgrog\AppData\Local\Rockstar Games
2020-06-27 15:59 - 2018-02-02 17:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-06-27 15:58 - 2018-04-09 18:58 - 000000000 ____D C:\Games
2020-06-27 15:49 - 2018-02-02 17:29 - 000000000 ____D C:\Program Files (x86)\Steam
2020-06-27 15:46 - 2019-03-09 17:23 - 000000000 ____D C:\Users\cgrog\AppData\Local\ElevatedDiagnostics
2020-06-27 15:41 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-27 15:39 - 2019-08-03 01:24 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-27 15:39 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-27 15:32 - 2020-04-15 19:45 - 000000000 ____D C:\Program Files\Riot Vanguard
2020-06-26 19:00 - 2020-04-09 00:48 - 000011525 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1
2020-06-26 18:52 - 2019-08-03 01:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-26 17:00 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-26 16:36 - 2018-02-02 17:22 - 000000000 ____D C:\Users\cgrog\AppData\Local\Packages
2020-06-26 16:23 - 2018-02-20 03:46 - 000000000 ____D C:\Users\cgrog\AppData\Local\Ubisoft Game Launcher
2020-06-26 16:14 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-26 15:51 - 2019-08-03 01:27 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-124992116-1282473561-228682095-1001
2020-06-26 15:49 - 2019-08-02 20:49 - 000002363 _____ C:\Users\cgrog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-26 15:49 - 2018-02-02 17:24 - 000000000 ___RD C:\Users\cgrog\OneDrive
2020-06-26 10:36 - 2020-04-06 23:14 - 000016843 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-26 10:27 - 2019-08-03 01:27 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-06-26 10:22 - 2018-09-03 19:02 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-26 10:15 - 2018-02-28 14:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-25 17:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-25 17:58 - 2019-06-18 19:41 - 000000000 ____D C:\Program Files\UNP
2020-06-25 17:55 - 2018-02-02 17:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-25 17:55 - 2018-02-02 17:22 - 000000000 ___RD C:\Users\cgrog\3D Objects
2020-06-05 22:03 - 2019-03-19 05:56 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-05 22:03 - 2019-03-19 05:56 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ========

2019-05-21 18:24 - 2019-05-21 18:24 - 000000731 _____ () C:\Users\cgrog\AppData\Local\recently-used.xbel
2020-06-26 15:54 - 2020-06-26 15:54 - 000007597 _____ () C:\Users\cgrog\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2020
Ran by cgrog (27-06-2020 16:48:59)
Running from C:\Users\cgrog\Downloads
Windows 10 Home Version 1903 18362.836 (X64) (2019-08-03 00:28:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-124992116-1282473561-228682095-500 - Administrator - Disabled)
cgrog (S-1-5-21-124992116-1282473561-228682095-1001 - Administrator - Enabled) => C:\Users\cgrog
DefaultAccount (S-1-5-21-124992116-1282473561-228682095-503 - Limited - Disabled)
Guest (S-1-5-21-124992116-1282473561-228682095-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-124992116-1282473561-228682095-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.4 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
Cultist Simulator (HKLM-x32\...\1456702644_is1) (Version: v2018.x.9 - GOG.com)
Cultist Simulator: Perpetual Edition (HKLM-x32\...\1556868113_is1) (Version: v2018.x.9 - GOG.com)
Deep Sky Derelicts (HKLM-x32\...\1629258827_is1) (Version: 1.5.1 - GOG.com)
Disco Elysium (HKLM-x32\...\Disco Elysium_is1) (Version: - )
Discord (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.11.0.13 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Everything 1.4.1.969 (x64) (HKLM\...\Everything) (Version: 1.4.1.969 - David Carpenter)
f.lux (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Flux) (Version: - f.lux Software LLC)
foobar2000 v1.5.3 (HKLM-x32\...\foobar2000) (Version: 1.5.3 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Frostpunk (HKLM-x32\...\1648559910_is1) (Version: 1.1.0 - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM\...\{D8BAA38A-97E1-3BD9-A877-673E81553618}) (Version: 83.0.4103.116 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Inkscape 0.92.4 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92.4.0 - Inkscape project)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Into the Breach (HKLM-x32\...\2004253604_is1) (Version: 1.0.16 - GOG.com)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Metal Gear Solid V - The Phantom Pain (HKLM-x32\...\Metal Gear Solid V - The Phantom Pain_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
netis Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0193 - netis Systems Co.,Ltd.)
netis Wireless LAN Driver and Utility (HKLM-x32\...\{526BEFE2-30FF-4123-98F4-01554316DF3B}) (Version: 1.00.0242 - netis Systems Co.,Ltd.)
NVIDIA Graphics Driver 445.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 445.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.55.33574 - Electronic Arts, Inc.)
Outer Wilds (HKLM-x32\...\Outer Wilds_is1) (Version: - )
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Skype version 8.58 (HKLM-x32\...\Skype_is1) (Version: 8.58 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Spotify) (Version: 1.1.22.633.g1bab253a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Quest Hand of Gilgamech (HKLM-x32\...\SteamWorld Quest Hand of Gilgamech_is1) (Version: - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
The Outer Worlds (HKLM-x32\...\The Outer Worlds_is1) (Version: - )
TP-Link TL-WN725N (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 2.1.0 - TP-Link)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VALORANT (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\WinDirStat) (Version: - )
Xenonauts (HKLM-x32\...\1207664803_is1) (Version: 2.3.0.13 - GOG.com)
Ziggurat (HKLM-x32\...\1437564865_is1) (Version: 2018-05-08 - GOG.com)
Zoom (HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-06-26] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.170.800.0_x86__kgqvnymyfvs32 [2020-06-26] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.1.2.2_x86__h6adky7gbf63m [2020-06-26] (Gameloft SE)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.9.0.7_x86__h6adky7gbf63m [2020-06-26] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-26] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-124992116-1282473561-228682095-1001_Classes\CLSID\{89B6C5DC-C8D4-4ADA-AC74-9F4939D563C6} -> [MEGAsync] => C:\Users\cgrog\Documents\MEGAsync [2018-04-19 20:19]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed] [File is in use]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed] [File is in use]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed] [File is in use]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed] [File is in use]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed] [File is in use]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_8c5e3f480513d171\nvshext.dll [2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed] [File is in use]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed] [File is in use]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-02-02 17:41 - 2012-08-08 22:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\P2PLib.dll
2018-02-02 17:41 - 2013-02-27 18:17 - 000221184 _____ () [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\EnumDevLib.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 000598528 _____ () [File not signed] [File is in use] C:\Users\cgrog\AppData\Local\MEGAsync\ShellExtX64.dll
2018-02-02 17:41 - 2013-12-23 12:26 - 000528384 _____ (Realtek Semiconductor Corp.) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\RtlLib.dll
2018-02-02 17:41 - 2012-09-13 10:25 - 000200704 _____ (Realtek) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\IpLib.dll
2018-02-02 17:41 - 2012-05-07 15:23 - 000040960 _____ (Realtek) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\RtlICS.dll
2018-02-02 17:41 - 2014-02-27 21:12 - 000272384 _____ (Realtek) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\RtlIhvOid.dll
2018-02-02 17:41 - 2012-06-22 17:01 - 000044544 _____ (Realtek) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\RtlQRCode.dll
2018-02-02 17:41 - 2009-07-23 18:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] [File is in use] C:\Program Files (x86)\netis\PCIE Wireless LAN\LIBEAY32.dll
2019-02-10 14:45 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] [File is in use] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-02-10 14:45 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] [File is in use] C:\Program Files (x86)\Origin\ssleay32.dll
2019-02-10 14:45 - 2019-07-12 09:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] [File is in use] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-11-22 18:58 - 2019-07-12 09:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] [File is in use] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-11-22 18:58 - 2019-07-12 09:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] [File is in use] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-11-22 18:58 - 2019-07-12 09:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] [File is in use] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-11-22 18:58 - 2019-07-12 09:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] [File is in use] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-11-22 18:58 - 2019-07-12 09:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] [File is in use] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cgrog\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-124992116-1282473561-228682095-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cgrog\Desktop\zzz Christinas World Andrew Wyeth large image.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0FC2B3BE4D0F00F8BA033BFC24C7AF01"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "Ubisoft Game Launcher"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-124992116-1282473561-228682095-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A8F80316-1A05-4EA3-881C-023A02344382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Winter\ProjectWinter.exe () [File not signed] [File is in use]
FirewallRules: [{67FD5410-2498-45D1-B4D8-C0F320B4E2D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Winter\ProjectWinter.exe () [File not signed] [File is in use]
FirewallRules: [{4ACC308C-3A59-4F94-8788-F38095291BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eternal Card Game\Eternal.exe (Dire Wolf Digital, LLC -> )
FirewallRules: [{D5F5C5A0-5B84-4DD5-BFB6-B0AB157F046B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eternal Card Game\Eternal.exe (Dire Wolf Digital, LLC -> )
FirewallRules: [{87FF93B4-2D27-4B4C-B29F-39BCC3EC5C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Offworld Trading Company\StardockLauncher.exe (STARDOCK SYSTEMS, INC. -> Stardock Corporation)
FirewallRules: [{DA5992A0-66A6-43DF-8CDB-7BFE466A0D51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Offworld Trading Company\StardockLauncher.exe (STARDOCK SYSTEMS, INC. -> Stardock Corporation)
FirewallRules: [{15799708-3C6C-4A6C-BF58-3C4FBBAC2EEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{035470DD-25B5-4F12-9BB6-4A3753B0A0C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{E76E2D2D-8DC7-4341-89D5-3F0F58F4659D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games AD -> Haemimont Games)
FirewallRules: [{B23B85BD-46B7-4902-86B5-56AECD2BEBD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games AD -> Haemimont Games)
FirewallRules: [{3778951F-5F3C-40E2-B04A-27CD34BFC5E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Baba Is You.exe (None) [File not signed] [File is in use]
FirewallRules: [{EBFF36BE-7FFE-4D16-A73C-BA2D2928CBDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Baba Is You.exe (None) [File not signed] [File is in use]
FirewallRules: [{724D099F-235E-4028-8BC6-8E8A3B9857EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{71A4F3F4-621E-46B9-A7FB-02E74AB9ACA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{8726181A-950A-4B4E-A8C3-2DE1533EF74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{5EC866B4-ACDE-4EF1-A779-C278EABE81FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe => No File
FirewallRules: [{A102ED61-1B9E-4720-A463-674F7C5F2A39}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{871C6D7E-2889-41D8-B564-F1C31C53F2A0}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [UDP Query User{AA8540F3-58CB-424E-9025-20CD40BC23A0}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe => No File
FirewallRules: [TCP Query User{D9E890E3-45BF-46C9-BDFA-C62BD842C828}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe => No File
FirewallRules: [{8BE78954-5A50-449B-8376-0F6B2AC09D8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe => No File
FirewallRules: [{BA51373E-1B7B-43D0-9FA1-55BD7EBDDA1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe => No File
FirewallRules: [UDP Query User{52526D01-EF1E-4E31-8597-0ED08AC03037}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{DA459C3B-FF08-477C-9D5F-57C641884E59}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe => No File
FirewallRules: [{144DAF60-1DBA-48E7-ACE6-A42415E71071}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BD96E0B5-9737-467B-B9C1-F52E6FDCC670}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EB80720E-8EB7-4376-B30B-E2697BC4B2C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{E5C83A79-49EA-4357-895D-707976D563EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{15578956-749E-4832-BADE-32BDCEE753BF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C4214449-FC09-4B4C-B8BF-2F2B32E9367B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{C7B74EFB-3FD8-4999-92DA-F454DCEABDC6}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe (Crytek GmbH -> Crytek GmbH)
FirewallRules: [TCP Query User{CBFFF17B-4D51-4785-8D84-5B3AB7D569FE}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe (Crytek GmbH -> Crytek GmbH)
FirewallRules: [{5366FA31-A836-4CAA-A4AA-5EFC2F0219E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{E199E926-2D19-4773-B90E-DD3D365D5B1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [UDP Query User{1B52CFE3-AF8C-420D-9C4C-99E2B6045730}C:\games\mr dj\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) C:\games\mr dj\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{9ACD6349-BD45-46BC-A49A-C126CDB806D0}C:\games\mr dj\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) C:\games\mr dj\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe => No File
FirewallRules: [{8E7E6576-B8CB-4A88-86D1-F86B2161EC1B}] => (Allow) C:\Games\Mr DJ\XCOM 2 War of the Chosen\Binaries\Win64\Launcher\ModLauncherWPF.exe => No File
FirewallRules: [{9F64C4CA-AB76-4CF0-8A3D-B7F8DC2CD5C8}] => (Allow) C:\Games\Mr DJ\XCOM 2 War of the Chosen\Binaries\Win64\Launcher\ModLauncherWPF.exe => No File
FirewallRules: [UDP Query User{3D2F3DCE-7434-40E9-A00D-8F3D265BDBA2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{FC29B90F-FE9D-4813-8A12-F3FDEF79C64B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe => No File
FirewallRules: [{561F02BD-F56A-4EF3-AD84-E9C0EC634DD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed] [File is in use]
FirewallRules: [{E8AF65C0-31A6-4EEC-8241-AD00C4A21F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed] [File is in use]
FirewallRules: [UDP Query User{514CD0F5-761D-4649-B178-3574C459D977}C:\games\dishonored - goty edition\binaries\win32\dishonored.exe] => (Allow) C:\games\dishonored - goty edition\binaries\win32\dishonored.exe => No File
FirewallRules: [TCP Query User{91E1F8FB-5540-47D5-828D-928D4C905AA5}C:\games\dishonored - goty edition\binaries\win32\dishonored.exe] => (Allow) C:\games\dishonored - goty edition\binaries\win32\dishonored.exe => No File
FirewallRules: [{F405894C-0278-4206-9B6B-53D12DC36CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{65F9148D-DE14-45A0-A65C-3375BD9391F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{4FA1A890-4B66-4B90-B7D9-023F68E707ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{C05AEF40-E98F-4DBA-BA4C-31CA8875B6FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{4B4E5391-DEBF-45E9-8B63-0F11DC9C81F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EE723586-791D-4812-A7C6-D8E5D19928EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E9068F93-EEDA-46DE-99F2-425C9DAD283C}] => (Allow) LPort=53
FirewallRules: [{2CBAB189-FE2E-4CB5-BB2B-0B565CF9BBCF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{541C3CAF-E36D-46CB-B4F9-C7DF2005E4EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{07D0EBDE-FDC5-49B2-AB84-97DCCBB6EBD6}C:\users\cgrog\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cgrog\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FE1F484F-1471-4F46-A6B6-4FE3564DF829}C:\users\cgrog\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cgrog\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D69876D-B357-4521-9F83-C244C58A7BDF}] => (Block) C:\users\cgrog\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9CEA6EEA-D89D-4327-BF10-7D7A60B4BBC9}] => (Block) C:\users\cgrog\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DDCA5B73-5CFA-42E6-8265-36CE90F13EEB}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed] [File is in use]
FirewallRules: [{C9D463EE-4D86-478E-96DC-7C1F36B3B1BB}] => (Allow) LPort=1542
FirewallRules: [{A73CF471-03ED-41E3-ADF6-9C7429E57B3C}] => (Allow) LPort=1542
FirewallRules: [{1A517CE8-F5AD-449C-8E58-1DF91986AD95}] => (Allow) LPort=53
FirewallRules: [{8FB0DB24-CC7F-4FBB-8D72-12AD07A83207}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{43D13F8E-893B-4800-A08F-BF3684CD08A5}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{FA29F2A5-3A37-4F01-8993-80B7DB0D6F40}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{61376F53-8479-4F82-9B3A-1F30865F34F4}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{DA36ED88-48AB-4948-937E-418DDDACB991}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{01E691E9-4A29-4F44-8E40-29E47C464370}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{9327C384-7B71-4948-9EFE-9F03E37AE8A4}] => (Allow) C:\Program Files (x86)\netis\PCIE Wireless LAN\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{4C2AA4F6-AFD5-4F5A-A151-FA32926DCB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{2FFEE081-DC1B-4F7D-A86A-63DF5E6938E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [TCP Query User{B0AFC1AE-4B27-4E7D-BB67-51EDCA467B0D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{6F61CB23-2999-4B58-B2B8-4622759F6280}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{60BD4778-3BAF-4B55-8392-7A105E9CF299}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{134A6C46-A5DD-40E1-B267-188181744EDD}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{1510BB1F-FD8C-4971-BC6A-4BF954C5CAE8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EEB37B5C-68CB-4A2B-A02C-2D374E80B79F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C5CBD237-FCD3-4F3F-9CE9-08497ED184D9}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] [File is in use]
FirewallRules: [UDP Query User{6257F8B9-9ABF-44F7-AD78-B665F21C65BB}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] [File is in use]
FirewallRules: [TCP Query User{686F427D-6101-4768-96BF-A0DC21FDCD6C}C:\users\cgrog\videos\subnautica.v58064\subnautica.v58064\subnautica.exe] => (Allow) C:\users\cgrog\videos\subnautica.v58064\subnautica.v58064\subnautica.exe => No File
FirewallRules: [UDP Query User{61A75CD5-ED94-45C5-BADB-A9A6FA46086F}C:\users\cgrog\videos\subnautica.v58064\subnautica.v58064\subnautica.exe] => (Allow) C:\users\cgrog\videos\subnautica.v58064\subnautica.v58064\subnautica.exe => No File
FirewallRules: [TCP Query User{7D34718A-BF0A-4184-92FD-27D87BAA98C7}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe => No File
FirewallRules: [UDP Query User{55FB3F21-1E27-4D2B-A5DA-99B8D8E49ADD}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{DDB8F511-FE43-4477-9FCC-072AFAAB68F9}C:\gog games\into the breach\breach.exe] => (Allow) C:\gog games\into the breach\breach.exe () [File not signed] [File is in use]
FirewallRules: [UDP Query User{DC6956DC-440D-4B01-9003-7C966C4BCD1F}C:\gog games\into the breach\breach.exe] => (Allow) C:\gog games\into the breach\breach.exe () [File not signed] [File is in use]
FirewallRules: [TCP Query User{246E1017-DF9B-469A-AF21-564F856B19D8}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe => No File
FirewallRules: [UDP Query User{976F9502-5DE9-49A2-9C7B-E5028B28341F}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe => No File
FirewallRules: [TCP Query User{D9FAC373-AAB3-43AE-B3BB-01D49F5BF91E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{084EBF22-C126-42F2-84E7-F83923834FAF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{8E489763-6473-4C7B-A8F2-A104A839BD2C}C:\programdata\battle.net\agent\agent.6155\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6155\agent.exe => No File
FirewallRules: [UDP Query User{11F56EAF-F6D8-452F-AFF9-1B415C3B01F6}C:\programdata\battle.net\agent\agent.6155\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6155\agent.exe => No File
FirewallRules: [TCP Query User{56617D50-DCC4-4DBF-8859-CCE1DF2FF9B5}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6160\agent.exe => No File
FirewallRules: [UDP Query User{752AB1B0-233F-4805-997D-D6A338AAB622}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6160\agent.exe => No File
FirewallRules: [{E6C302A7-CA39-455B-960D-BD98E421E186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed] [File is in use]
FirewallRules: [{3B1BFFCC-BEDA-4BA2-BEA8-B62C5F50F3E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed] [File is in use]
FirewallRules: [TCP Query User{5529911E-A797-4264-BB30-96D5A48BD762}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe (Ghost Ship Games) [File not signed] [File is in use]
FirewallRules: [UDP Query User{6792506F-D98D-4DB2-8443-AF6BB264DB0E}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe (Ghost Ship Games) [File not signed] [File is in use]
FirewallRules: [{AAA71EE9-BD46-4962-BEFE-69311747C602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [{D190A23D-13C7-4BD7-B2D0-E5AF17B81EAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe (IO INTERACTIVE A/S -> )
FirewallRules: [TCP Query User{0F3877C7-9EE9-4572-B98C-AC2E7FE60E34}C:\program files\epic games\johnwickhex\john wick hex.exe] => (Allow) C:\program files\epic games\johnwickhex\john wick hex.exe () [File not signed] [File is in use]
FirewallRules: [UDP Query User{C3FAB759-62FF-44BF-BD40-492BFAA3FAE8}C:\program files\epic games\johnwickhex\john wick hex.exe] => (Allow) C:\program files\epic games\johnwickhex\john wick hex.exe () [File not signed] [File is in use]
FirewallRules: [{6E58C9FE-CEBD-4031-88A5-3817071047D3}] => (Block) C:\program files\epic games\johnwickhex\john wick hex.exe () [File not signed] [File is in use]
FirewallRules: [{B53F2E76-1FC8-4829-8976-2196C8B741EF}] => (Block) C:\program files\epic games\johnwickhex\john wick hex.exe () [File not signed] [File is in use]
FirewallRules: [TCP Query User{A2F39AF8-4057-428F-A52E-753DA02C5F10}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{2DAC261F-D2D5-4F42-AD51-F6DEB290FECF}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{EEABE256-D226-4E21-A5BE-197C226E10F1}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{9836FA66-C0A0-4AB6-8CEF-64298DF518BD}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{0C8CFDB4-F3FF-45C7-9D9B-C6C059F4B049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed] [File is in use]
FirewallRules: [{EC8AFA49-3B72-45A9-B69B-1D1E8ABDC1C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed] [File is in use]
FirewallRules: [TCP Query User{C0A00263-D4BA-4317-881A-C1C8B7315159}C:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) C:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe (Rocksteady Studios Ltd.) [File not signed] [File is in use]
FirewallRules: [UDP Query User{75913ADD-F09B-424E-AED8-EAA990255BF7}C:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) C:\program files\epic games\batmanarkhamcity\binaries\win32\batmanac.exe (Rocksteady Studios Ltd.) [File not signed] [File is in use]
FirewallRules: [{79DB18DF-73CD-4E78-B32A-87C0C80BF13C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed] [File is in use]
FirewallRules: [{85EB7AA3-3CBC-409E-BD85-CB02C84EA7CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed] [File is in use]
FirewallRules: [{22F9F5F5-4748-40C2-8CBF-907FF3B4EE56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTO.exe (BRIGHTROCK GAMES LIMITED -> )
FirewallRules: [{5DE9C338-DF04-4F0C-8937-451DC3533489}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTO.exe (BRIGHTROCK GAMES LIMITED -> )
FirewallRules: [TCP Query User{0E459B0B-B681-4AAC-B702-FD8C1CD02962}C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe () [File not signed] [File is in use]
FirewallRules: [UDP Query User{AB638387-C4AD-49CE-BF34-A22DD8162168}C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe () [File not signed] [File is in use]
FirewallRules: [TCP Query User{31CCCA15-A99D-45AE-8DEF-520B92AC75E7}F:\codex\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) F:\codex\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [UDP Query User{56275C57-5634-498E-A70E-89983E0F36D2}F:\codex\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) F:\codex\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [TCP Query User{76BCE5AC-626B-4F9B-B517-4F94D6CB63F5}C:\program files (x86)\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) C:\program files (x86)\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [UDP Query User{75972760-BC9A-4767-9F8C-551C305153E1}C:\program files (x86)\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) C:\program files (x86)\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [{A429533A-D83A-4585-9926-5EDD2144EAE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed] [File is in use]
FirewallRules: [{05BC1E45-A0C5-4152-B3B0-EAB38E665968}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed] [File is in use]
FirewallRules: [TCP Query User{6A6E5B58-A246-4B94-8E44-E49E0758B006}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe (Crytek GmbH -> Crytek GmbH)
FirewallRules: [UDP Query User{CA51D4F2-827E-4054-823E-960CED09FCCE}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe (Crytek GmbH -> Crytek GmbH)
FirewallRules: [{55470A04-941F-4EB4-A502-2C9181AA2962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed] [File is in use]
FirewallRules: [{02FCEAB2-B8D8-4EA3-AACD-C41C7F982B48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed] [File is in use]
FirewallRules: [TCP Query User{9AFA1826-627C-4423-A2E4-8320274476F2}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C7AB5364-F447-455D-872E-39941BDAE00A}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [{9ACDDD0B-5F6B-4AA0-BD8C-689A484AB9FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed] [File is in use]
FirewallRules: [{FF42E987-4A15-4CE3-95F7-66325DBD7D6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed] [File is in use]
FirewallRules: [{3446BAB3-D856-42C4-999A-EBD583909109}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{107D66ED-97FC-46F0-98F4-ABCD2C91591C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{E6F840B7-9116-4E71-A38E-938E0DEAA1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{80803894-BEF6-445F-8FD5-60670071BB57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{B592ABCE-CE21-4EC0-984D-C0C28C8E10CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mythgard\Mythgard.exe () [File not signed] [File is in use]
FirewallRules: [{850969C5-C29F-4E00-A673-D5B63E0F0FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mythgard\Mythgard.exe () [File not signed] [File is in use]
FirewallRules: [{D73D2F8F-D63A-4D9C-B9C5-9564C2A07949}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed] [File is in use]
FirewallRules: [{61256816-7E16-416D-8E5A-A9E508423705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed] [File is in use]
FirewallRules: [{44B47753-B7F5-4AC9-BEDB-7D35502D049A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thumper\THUMPER_win8.exe () [File not signed] [File is in use]
FirewallRules: [{5EB73DED-3F8B-45AE-9AC3-C6AB62C59813}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thumper\THUMPER_win8.exe () [File not signed] [File is in use]
FirewallRules: [{9366A6CA-98DE-41D9-A4F4-9545AC153EC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thumper\THUMPER_dx9.exe () [File not signed] [File is in use]
FirewallRules: [{F615C8E5-C3D0-4C5C-8FD3-C68FFEC8F1E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thumper\THUMPER_dx9.exe () [File not signed] [File is in use]
FirewallRules: [{1CFA9348-12CF-423F-809A-2A7221FBCBAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Decadence\AoD64.exe (Iron Tower Studio) [File not signed] [File is in use]
FirewallRules: [{192A3D2F-4FF8-4F0C-B8C4-9D563BDEC298}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Decadence\AoD64.exe (Iron Tower Studio) [File not signed] [File is in use]
FirewallRules: [{D2BFF5CA-D0D6-4132-9A51-6EAFE820BCEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Decadence\AoD.exe (Iron Tower Studio) [File not signed] [File is in use]
FirewallRules: [{C4567230-FC3C-4502-BE99-BA06D52A3302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Decadence\AoD.exe (Iron Tower Studio) [File not signed] [File is in use]
FirewallRules: [{F25D9852-0603-49C8-90C7-56F268509BDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Throne of Lies\ThroneOfLies.exe () [File not signed] [File is in use]
FirewallRules: [{CE38D3B3-F2C3-4FC0-86CB-31DF700E72A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Throne of Lies\ThroneOfLies.exe () [File not signed] [File is in use]
FirewallRules: [{59327B78-17E7-4C8C-B116-173B72E2D2DD}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{744630DA-3069-465A-983F-E5CC19BEAA08}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe (DEV47 APPS -> )
FirewallRules: [{AEE02136-4C3E-40DB-966F-10EF267AF14D}] => (Allow) C:\Users\cgrog\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6717BAD2-7DA8-48B3-AD79-036FCF45BA56}] => (Allow) C:\Users\cgrog\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{35A76CBF-D34B-4418-A9A7-0B43407D34C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed] [File is in use]
FirewallRules: [{748599B4-8639-445B-8D1F-2368197D0AB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed] [File is in use]
FirewallRules: [{FC835F5E-EACA-4A27-95D7-2760431816E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{299D6EF2-2F3F-4D56-888E-3B6FDCE9775D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{657EBCBD-82AC-41E8-B698-0A1BD402EF0C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC397F52-16B7-4E65-B984-3623D6B5EA79}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{70B107E0-C59B-45EC-AF9E-F78AAA92630F}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{79AC8B87-C98A-42D0-A742-E40F6A78B56C}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{F1597A83-A3A3-4942-9A70-0BF6C7E48AD7}] => (Block) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{FA4FB4E8-CBA2-49BA-B044-647E2931C138}] => (Block) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{6C40E889-EEC7-4DD3-BD84-F770EE326691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Artifact\game\bin\win64\dcg.exe (Valve -> Valve Software)
FirewallRules: [{FE8F992D-7B06-4659-86FE-94E7A4D200E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Artifact\game\bin\win64\dcg.exe (Valve -> Valve Software)
FirewallRules: [{00F22E30-3CAF-4B7B-A051-C743C49F5CC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe (Psyonix, Inc. -> Psyonix LLC)
FirewallRules: [{E4B89C8C-0880-4833-AF4D-45B0BEC83632}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe (Psyonix, Inc. -> Psyonix LLC)
FirewallRules: [{5628201D-6D22-44D8-A3D3-3F17880ED563}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{34F9B5D5-873F-4914-AD93-7478190A3DFA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] [File is in use]
FirewallRules: [{A5AEFB7C-68C8-4686-B472-2D31C9A60BD1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] [File is in use]

==================== Restore Points =========================

02-05-2020 12:51:19 Scheduled Checkpoint
26-05-2020 23:21:09 Windows Update
26-06-2020 16:08:02 Windows Update
27-06-2020 16:38:17 27.06.2020 restore point

==================== Faulty Device Manager Devices ============

Name: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/27/2020 04:18:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8728,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/27/2020 04:13:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4568,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/27/2020 04:01:01 PM) (Source: MsiInstaller) (EventID: 11730) (User: DESKTOP-263AI8E)
Description: Product: The Witcher 3 Mod Manager -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (06/27/2020 03:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.1.0.1840, time stamp: 0x5d5c13ae
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5cba0161
Exception code: 0xc0000005
Fault offset: 0x0018dc19
Faulting process ID: 0x2908
Faulting application start time: 0x01d64c904dc3b7d5
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report ID: faacb24b-e443-44cd-b440-dc9d4ab0de5a
Faulting package full name:
Faulting package-relative application ID:

Error: (06/26/2020 07:00:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (06/26/2020 07:00:54 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (06/26/2020 05:05:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8508,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/26/2020 04:59:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5044,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (06/27/2020 04:43:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Reader Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek88EE service terminated unexpectedly. It has done this 1 time(s).

Error: (06/27/2020 04:40:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2020-06-27 15:47:28.592
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {059B01D7-857F-40F0-9271-0D4DB30998E9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-07 16:42:13.681
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {481088D5-C6B3-4A92-A320-0289864E92EE}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-18 20:34:39.364
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {26CAB7CF-1892-4896-A7BF-6C171CD64543}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-26 10:22:13.911
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.173.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-06-26 10:16:13.813
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.150.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-06-25 17:55:46.435
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.150.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-06-25 17:55:46.435
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.150.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-06-25 17:55:46.435
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.150.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: American Megatrends Inc. F8 07/06/2017
Motherboard: Gigabyte Technology Co., Ltd. Z270-Gaming K3
Processor: Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 44%
Total physical RAM: 8146.21 MB
Available physical RAM: 4512.1 MB
Total Virtual: 32722.21 MB
Available Virtual: 27529.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:297.66 GB) NTFS

\\?\Volume{a3385d6f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{a3385d6f-0000-0000-0000-40c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A3385D6F)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=519 MB) - (Type=27)

==================== End of Addition.txt =======================
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am
Advertisement
Register to Remove

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » June 27th, 2020, 3:25 pm

Hello chriskg22,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » June 27th, 2020, 8:44 pm

Hello chriskg22,

P2P Advisory!
IMPORTANT: There are sign of P2P (Peer to Peer) File Sharing Program installed on your computer:

qBittorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    qBittorrent
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Then:
Please tell me, is this computer used for business purposes or connected to any business network?
I need to know it - so I can provide the proper instructions.

Step 2.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select "Run as administrator...", then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 4.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Your decision about P2P program.
  2. Do you have any problems executing the instructions?
  3. Answer for my question related to type of using of your computer.
  4. Contents of a log created by CKFiles.txt
  5. Contents of the codecheck.txt log file
  6. Contents of SysInfo scan
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » June 29th, 2020, 12:31 pm

I have deleted the P2P programme from my computer and my computer is a home computer not connected to any work networks.

I have not noticed any differences in computer behaviour due to the adware, it is possible that it has been there for some time without me noticing as it wasn't picked up by windows antivirus scans.

I have posted the logs of CKscanner, Sys info and codecheck below.

Thank you very much for your help so far.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\gog games\into the breach\maps\crosscrack.map
c:\gog games\into the breach\maps\crosscrack10.map
c:\gog games\into the breach\maps\crosscrack11.map
c:\gog games\into the breach\maps\crosscrack12.map
c:\gog games\into the breach\maps\crosscrack13.map
c:\gog games\into the breach\maps\crosscrack14.map
c:\gog games\into the breach\maps\crosscrack15.map
c:\gog games\into the breach\maps\crosscrack2.map
c:\gog games\into the breach\maps\crosscrack3.map
c:\gog games\into the breach\maps\crosscrack4.map
c:\gog games\into the breach\maps\crosscrack5.map
c:\gog games\into the breach\maps\crosscrack6.map
c:\gog games\into the breach\maps\crosscrack7.map
c:\gog games\into the breach\maps\crosscrack8.map
c:\gog games\into the breach\maps\crosscrack9.map
c:\gog games\into the breach\scripts\missions\sand\mission_crack.lua
c:\program files\inkscape\lib\python2.7\site-packages\numpy\f2py\crackfortran.py
c:\program files\inkscape\lib\python2.7\site-packages\numpy\f2py\crackfortran.pyc
c:\program files\inkscape\lib\python2.7\site-packages\numpy\f2py\crackfortran.pyo
c:\program files (x86)\steam\steamapps\common\age of decadence\art\shapes\common\decal_cracks.dts
c:\program files (x86)\steam\steamapps\common\age of decadence\art\shapes\common\decal_cracks_dif.dds
c:\program files (x86)\steam\steamapps\common\age of decadence\art\shapes\locations\decal_cracks.dts
c:\program files (x86)\steam\steamapps\common\age of decadence\art\shapes\locations\decal_cracks_dif.dds
c:\program files (x86)\steam\steamapps\common\age of decadence\art\sounds\fireplaces\crackling_fire.ogg
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\antenna_nutcracker_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\antenna_nutcracker_t_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_t_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\playerbanner_crackedegg_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\playerbanner_crackedegg_t_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\skin_carrot_panelcracked_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\skin_carrot_panelcracked_t_sf.upk
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~18362.836.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.657_none_1275b434415f6995\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~18362.836.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.657_none_1275b434415f6995\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.1_none_8f03ecc82cf7c75c\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.657_none_1275b434415f6995\ssh-keygen.exe

scanner sequence 3.ZZ.11.QRAPTZ
----- EOF -----

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 18362, Installed 20190803012821.000000+060
Processor: Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz, Intel64 Family 6 Model 158 Stepping 9, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: NVIDIA GeForce GTX 1060 6GB
Hard Drives: C: 930 GB (299 GB Free);
Motherboard: Gigabyte Technology Co., Ltd. Z270-Gaming K3, ver x.x, s/n Default string
System: American Megatrends Inc., ver ALASKA - 1072009, s/n Default string
Antivirus: Windows Defender, Enabled and Updated

Codecheck Version 1.0

06029
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » June 29th, 2020, 3:34 pm

Hello chriskg22,

Thank you for your answers and welcomes. ;)

Let's start our treatment...

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. Please download TCRB from HERE and save it to your Desktop, then double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  2. Launch TCRB.
  3. Click the Backup Registry tab and make sure all the boxes are checked.
  4. Click on Backup Now.
  5. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it. If it will ask for update please decline it.
  3. Click Yes on UAC question and I Agree on Welcome window.
  4. Click Scan now button and wait for a while until the scan finish... then click on Cancel button.
  5. On the vertical left side menu select Log Files, click on it, and you will see the list of log files.
  6. Find most recent one AdwCleaner[Sxx].txt with a type of Scan and double click on it - the Notepad with a log file will be opened.
  7. Close the AdwCleaner.
  8. Please post the contents of AdwCleaner[Sxx].txt log file from Notepad with your next reply.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Content of the C:\AdwCleaner[Sxx].txt
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » June 29th, 2020, 3:45 pm

Thanks for getting back to me I successfully created a backup and I have attached the log from AdwCleaner below.


# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-29-2020
# Duration: 00:00:18
# OS: Windows 10 Home
# Scanned: 31836
# Detected: 14


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\cgrog\Desktop\SysInfo.exe
PUP.Optional.Legacy C:\Users\cgrog\Downloads\SysInfo.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Babylon howmanymilestoba
PUP.Optional.Legacy Conduit Search
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.trovigo.com/?gd=&ctid=CT3324 ... 1CG2_sp_ch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.SafeFinder SNPedia (en)

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1703 octets] - [27/06/2020 16:39:56]
AdwCleaner[C00].txt - [1765 octets] - [27/06/2020 16:41:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » June 29th, 2020, 5:00 pm

Hello chriskg22,

Thank you for your quick response!
Let's continue our treatment...

Step 1.
Scan and Clean with AdwCleaner.
  1. Please close all open programs and windows.
  2. You should still have the AdwCleaner.exe on your Desktop. If it not, please download AdwCleaner and save it to your Desktop.
  3. Double click AdwCleaner.exe to run it. If it will ask for update please decline it.
  4. Click Yes on UAC question and I Agree on Welcome window.
  5. Click Scan now button and wait for a while until the scan finish... if something will be found you will see Scan results, then click on Quarantine button.
  6. At the finish of Quarantine process, AdwCleaner will ask you to restart - please allow it.
  7. On reboot a log will open AdwCleaner[Cxx].txt. Copy and paste the contents of that log file in your reply.
  8. You can also find the most recent log file at C:\AdwCleaner\AdwCleaner[Cxx].txt.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    CHR StartupUrls: Default -> "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP55C94456-270B-49D0-8F2C-C2D8B4343377&SSPV=SE1CG2_sp_ch","hxxp://www.mystartsearch.com/?type=hp&ts=1429455458&from=wpc&uid=HitachiXHTS541010A9E680_J5400071HHSK7CHHSK7CX","hxxps://www.google.com/"
    2020-06-27 16:08 - 2020-06-27 16:08 - 000000907 _____ C:\Users\Public\Desktop\qBittorrent.lnk
    2020-06-27 16:08 - 2020-06-27 16:08 - 000000907 _____ C:\ProgramData\Desktop\qBittorrent.lnk
    2020-06-27 16:08 - 2020-06-27 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
    2020-06-27 16:08 - 2020-06-27 16:08 - 000000000 ____D C:\Program Files\qBittorrent
    2020-06-27 16:07 - 2020-06-27 16:07 - 000425304 _____ (Secure By Design Inc.) C:\Users\cgrog\Downloads\Ninite Everything qBittorrent Installer.exe
    2020-06-27 16:30 - 2018-02-02 18:40 - 000000000 ____D C:\Users\cgrog\AppData\Roaming\qBittorrent
    2020-06-27 16:13 - 2018-02-02 18:40 - 000000000 ____D C:\Users\cgrog\AppData\Local\qBittorrent
    FirewallRules: [TCP Query User{C5CBD237-FCD3-4F3F-9CE9-08497ED184D9}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] [File is in use]
    FirewallRules: [UDP Query User{6257F8B9-9ABF-44F7-AD78-B665F21C65BB}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] [File is in use]
    FirewallRules: [{34F9B5D5-873F-4914-AD93-7478190A3DFA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] [File is in use]
    FirewallRules: [{A5AEFB7C-68C8-4686-B472-2D31C9A60BD1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] [File is in use]
    AlternateDataStreams: C:\Users\cgrog\AppData\Local\Temp:$DATA​ [16]
    AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart - if not, please do it manually. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Cxx].txt log file
  3. Contents of the Fixlog.txt log file
  4. Contents of the FRST.txt log file after fresh FRST scan
  5. Contents of the Addition.txt log file after fresh FRST scan
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » June 30th, 2020, 12:44 pm

Hello I have followed the instructions, and I have included the file outputs below (Last 2 are in another post as they were too long for this one):


# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-30-2020
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Users\cgrog\Desktop\SysInfo.exe
Deleted C:\Users\cgrog\Downloads\SysInfo.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Conduit Search
Deleted SNPedia (en)
Deleted howmanymilestoba
Deleted http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
Deleted http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
Deleted http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
Deleted http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
Deleted http://www.trovigo.com/?gd=&ctid=CT3324 ... 1CG2_sp_ch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1703 octets] - [27/06/2020 16:39:56]
AdwCleaner[C00].txt - [1765 octets] - [27/06/2020 16:41:01]
AdwCleaner[S01].txt - [2698 octets] - [29/06/2020 20:43:21]
AdwCleaner[S02].txt - [2759 octets] - [30/06/2020 17:18:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########


Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by cgrog (30-06-2020 17:25:12) Run:1
Running from C:\Users\cgrog\Desktop
Loaded Profiles: cgrog
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

CHR StartupUrls: Default -> "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP55C94456-270B-49D0-8F2C-C2D8B4343377&SSPV=SE1CG2_sp_ch","hxxp://www.mystartsearch.com/?type=hp&ts=1429455458&from=wpc&uid=HitachiXHTS541010A9E680_J5400071HHSK7CHHSK7CX","hxxps://www.google.com/"
2020-06-27 16:08 - 2020-06-27 16:08 - 000000907 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2020-06-27 16:08 - 2020-06-27 16:08 - 000000907 _____ C:\ProgramData\Desktop\qBittorrent.lnk
2020-06-27 16:08 - 2020-06-27 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-06-27 16:08 - 2020-06-27 16:08 - 000000000 ____D C:\Program Files\qBittorrent
2020-06-27 16:07 - 2020-06-27 16:07 - 000425304 _____ (Secure By Design Inc.) C:\Users\cgrog\Downloads\Ninite Everything qBittorrent Installer.exe
2020-06-27 16:30 - 2018-02-02 18:40 - 000000000 ____D C:\Users\cgrog\AppData\Roaming\qBittorrent
2020-06-27 16:13 - 2018-02-02 18:40 - 000000000 ____D C:\Users\cgrog\AppData\Local\qBittorrent
FirewallRules: [TCP Query User{C5CBD237-FCD3-4F3F-9CE9-08497ED184D9}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] [File is in use]
FirewallRules: [UDP Query User{6257F8B9-9ABF-44F7-AD78-B665F21C65BB}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed] [File is in use]
FirewallRules: [{34F9B5D5-873F-4914-AD93-7478190A3DFA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] [File is in use]
FirewallRules: [{A5AEFB7C-68C8-4686-B472-2D31C9A60BD1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] [File is in use]
AlternateDataStreams: C:\Users\cgrog\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
"Chrome StartupUrls" => removed successfully
"C:\Users\Public\Desktop\qBittorrent.lnk" => not found
"C:\ProgramData\Desktop\qBittorrent.lnk" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent" => not found
"C:\Program Files\qBittorrent" => not found
C:\Users\cgrog\Downloads\Ninite Everything qBittorrent Installer.exe => moved successfully
C:\Users\cgrog\AppData\Roaming\qBittorrent => moved successfully
"C:\Users\cgrog\AppData\Local\qBittorrent" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C5CBD237-FCD3-4F3F-9CE9-08497ED184D9}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6257F8B9-9ABF-44F7-AD78-B665F21C65BB}C:\program files\qbittorrent\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34F9B5D5-873F-4914-AD93-7478190A3DFA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5AEFB7C-68C8-4686-B472-2D31C9A60BD1}" => not found
C:\Users\cgrog\AppData\Local\Temp => ":$DATA​" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 495271429 B
Java, Flash, Steam htmlcache => 589948297 B
Windows/system/drivers => 8227692 B
Edge => 2347146 B
Chrome => 643632202 B
Firefox => 109892982 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 13766892 B
cgrog => 80890051 B

RecycleBin => 40314779057 B
EmptyTemp: => 39.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:28:58 ====
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » June 30th, 2020, 12:48 pm

FRST and addtion.txt files are too long so I have attached them I hope that is ok.
You do not have the required permissions to view the files attached to this post.
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » June 30th, 2020, 11:59 pm

Hello chriskg22,
chriskg22 wrote:... (Last 2 are in another post as they were too long for this one)

For the future, I would like to draw your attention to the fact that you are not limited in the number of posts that you answer to my instructions.
As a rule, with very few exceptions, any one log is placed in a one post or you can continue to post it in sections.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
Do you remember this note at the end of my previous post?
Attachment is done only then, I will ask you about this.

And one more. please answer every time on my last question about any changes in computer behavior - during the time between our posts you can obtain something bad or you ca see some improvement. In both cases i need to know it.

Well.. Let's continue our treatment.

Step 1.
FRST Search
  1. Double click Frst64.exe to launch it.
  2. FRST will start to run.
  3. When the tool opens click Yes to the disclaimer.
  4. Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;howmanymilestoba;iLivid;Istartsurf;kelkoopartners;Luckysearches;mystartsearch;QuickSurf;Searchnu;Searchqu;SharkManCoupon;SNPedia;sushileads;SweetIM;SweetPacks;SafeFinder;TidyNetwork;trolltech;trovigo;whitesmoke;Wordinator;WordSurfer
  5. Press the Search Registry button.
  6. When finished searching a log will open on your Desktop ... SearchReg.txt
  7. Please post it in your next reply.

Step 2.
I need to have a list of Chrome Extensions you have. Please do the following:

List Chrome Extensions
  1. Please type or copy chrome://extensions in Chrome’s address bar and Chrome will display your extensions in a nice grid.
    Each extension shows the icon, name, brief description, Details and Remove buttons, and status toggle.
  2. List just a names of all Chrome Extensions you can see

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SearchReg.txt log file
  3. The full list of Chrome Extensions you have
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » July 1st, 2020, 6:00 pm

Please include in your next reply:
Do you have any problems executing the instructions?
Contents of the SearchReg.txt log file
The full list of Chrome Extensions you have
Do you see any changes in computer behavior?

I had no issue following the requests, I'll include all future text logs copied into the forum rather than as attachments. Thanks again for your help with all of this.

My chrome extensions are:

uBlock Origin
(note below are listed as chrome apps)
Docs
Google Keep - Notes and Lists
Sheets
Slides
Videostream for Google Chromecast™


I have not noticed any changes in computer behaviour since completing above task, or previous task - I will make sure to answer this question each time you ask going forward.

Below I have copied the SearchReg log:

Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by cgrog (01-07-2020 22:59:05)
Running from C:\Users\cgrog\Desktop
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;howmanymilestoba;iLivid;Istartsurf;kelkoopartners;Luckysearches;mystartsearch;QuickSurf;Searchnu;Searchqu;SharkManCoupon;SNPedia;sushileads;SweetIM;SweetPacks;SafeFinder;TidyNetwork;trolltech;trovigo;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Bandoo" ==========


===================== Search result for "CleverSearch" ==========


===================== Search result for "conduit" ==========


===================== Search result for "datamngr" ==========


===================== Search result for "Fun4IM" ==========


===================== Search result for "howmanymilestoba" ==========


===================== Search result for "iLivid" ==========


===================== Search result for "Istartsurf" ==========


===================== Search result for "kelkoopartners" ==========


===================== Search result for "Luckysearches" ==========


===================== Search result for "mystartsearch" ==========


===================== Search result for "QuickSurf" ==========


===================== Search result for "Searchnu" ==========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]


===================== Search result for "SharkManCoupon" ==========


===================== Search result for "SNPedia" ==========


===================== Search result for "sushileads" ==========


===================== Search result for "SweetIM" ==========


===================== Search result for "SweetPacks" ==========


===================== Search result for "SafeFinder" ==========


===================== Search result for "TidyNetwork" ==========


===================== Search result for "trolltech" ==========


===================== Search result for "trovigo" ==========


===================== Search result for "whitesmoke" ==========


===================== Search result for "Wordinator" ==========


===================== Search result for "WordSurfer" ==========

====== End of Search ======
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » July 2nd, 2020, 1:23 am

Hello chriskg22,

Step 1.
Please do the following...
  1. Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  2. Press Ctrl+y (Ctrl and y keys at the same time)
  3. A blank notepad file randomly named will open.
  4. Copy and paste the following into it ...
    Code: Select all
    CreateRestorePoint:
    
    CHR StartupUrls: Default -> "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP55C94456-270B-49D0-8F2C-C2D8B4343377&SSPV=SE1CG2_sp_ch","hxxp://www.mystartsearch.com/?type=hp&ts=1429455458&from=wpc&uid=HitachiXHTS541010A9E680_J5400071HHSK7CHHSK7CX","hxxps://www.google.com/"
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    

    • Press Ctrl+s to save the fixlist
    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  5. Now press the Fix button once and wait.
  6. FRST will process fixlist
  7. When finished, it will produce a log fixlog.txt in the same folder/directory as FRST
  8. Please post me the log

Step 2.
ESET Online Scanner
  1. Please close all open programs and windows.
  2. Please go HERE, then click on ONE-TIME SCAN and save esetonlinescanner_enu.exe on your Desktop.
  3. Double-click on esetsmartinstaller_enu.exe to run it - it will start downloading some modules to be get ready for scan...
  4. Then it will start scanning... You need to be patient and wait for a while - it can take even a few hours to finish.
  5. When completed, in case anything will be found, you will need to click on Save scan log button and save the log on your Desktop as ESET.txt.
  6. Click on Continue, do it one more time on the next screen, then exit out of ESET Online Scanner by clicking on Close button.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Contents of the ESET.txt log file if it was saved
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » July 2nd, 2020, 3:31 pm

Do you have any problems executing the instructions?
Contents of the Fixlog.txt log file
Contents of the ESET.txt log file if it was saved
Do you see any changes in computer behavior?

No issues following instructions and I have not noticed any changes in computer behaviour. Below I have copied the fix log file content and then the eset log file content.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by cgrog (02-07-2020 17:41:50) Run:2
Running from C:\Users\cgrog\Desktop
Loaded Profiles: cgrog
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

CHR StartupUrls: Default -> "hxxp://www.trovigo.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP55C94456-270B-49D0-8F2C-C2D8B4343377&SSPV=SE1CG2_sp_ch","hxxp://www.mystartsearch.com/?type=hp&ts=1429455458&from=wpc&uid=HitachiXHTS541010A9E680_J5400071HHSK7CHHSK7CX","hxxps://www.google.com/"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

Hosts:
CMD: ipconfig /flushdns
EmptyTemp:

*****************

Restore point was successfully created.
"Chrome StartupUrls" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12946505 B
Java, Flash, Steam htmlcache => 16479687 B
Windows/system/drivers => 2436471 B
Edge => 0 B
Chrome => 18024392 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 4248 B
cgrog => 2227175 B

RecycleBin => 0 B
EmptyTemp: => 60.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:43:37 ====

eset scan:

02/07/2020 20:28:18
Files scanned: 465726
Detected files: 0
Cleaned files: 0
Total scan time: 02:19:01
Scan status: Finished
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby pgmigg » July 2nd, 2020, 5:40 pm

Hi chriskg22,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.

  • Please don't forget to enable and update all your defense software!

Then...
  1. Rename Frst.exe or Frst64.exe to Uninstall.exe
  2. With the computer booted into Normal Mode run the renamed Frst.
  3. The computer will reboot, and on boot up will delete all files related to FRST.

Finally:
Please click HERE
to find a short guide to staying safer online.


Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4893
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Adware reinstalling: Adware.eLex.shrClin

Unread postby chriskg22 » July 2nd, 2020, 6:13 pm

Thanks very much for all your help.

I renamed and uninstalled that programme and restarted my computer.

I then ran a quick scan of Malwarebytes and their adware cleaner to confirm that the files were removed.

However after computer restart malwarebytes still finds the same adware.


I have included logs of below for malwarebytes scans both of there normal scan and the Adwcleaner:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 02/07/2020
Scan Time: 22:59
Log File: 5ebe4d24-bcaf-11ea-80a0-e0d55e2ddd38.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.16900
Licence: Free

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: DESKTOP-263AI8E\cgrog

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296370
Threats Detected: 18
Threats Quarantined: 0
Time Elapsed: 10 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
Adware.Elex.ShrtCln, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [295], [454711],1.0.16900
PUP.Optional.Trovigo, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [458], [455258],1.0.16900
Adware.Elex.ShrtCln, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [295], [454711],1.0.16900
PUP.Optional.Conduit, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [194], [454832],1.0.16900
PUP.Optional.Trovigo, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, [458], [455258],1.0.16900

File: 13
Generic.Malware/Suspicious, C:\USERS\CGROG\DESKTOP\CODECHECK.EXE, No Action By User, [0], [392686],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.log, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\Users\cgrog\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, [295], [454711],1.0.16900
Adware.Elex.ShrtCln, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [295], [454711],1.0.16900
PUP.Optional.Trovigo, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [458], [455258],1.0.16900
Adware.Elex.ShrtCln, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [295], [454711],1.0.16900
PUP.Optional.Conduit, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [194], [454832],1.0.16900
PUP.Optional.Trovigo, C:\USERS\CGROG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [458], [455258],1.0.16900

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-02-2020
# Duration: 00:01:05
# OS: Windows 10 Home
# Scanned: 31836
# Detected: 12


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Babylon howmanymilestoba
PUP.Optional.Legacy Conduit Search
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.mystartsearch.com/?type=hp&t ... K7CHHSK7CX
PUP.Optional.Legacy http://www.trovigo.com/?gd=&ctid=CT3324 ... 1CG2_sp_ch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.Legacy mystartsearch
PUP.Optional.SafeFinder SNPedia (en)

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1703 octets] - [27/06/2020 16:39:56]
AdwCleaner[C00].txt - [1765 octets] - [27/06/2020 16:41:01]
AdwCleaner[S01].txt - [2698 octets] - [29/06/2020 20:43:21]
AdwCleaner[S02].txt - [2759 octets] - [30/06/2020 17:18:07]
AdwCleaner[C02].txt - [2693 octets] - [30/06/2020 17:18:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
chriskg22
Active Member
 
Posts: 10
Joined: June 27th, 2020, 11:29 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware