Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Chrome is running slower and displaying ads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 30th, 2017, 7:42 pm

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.03.30.09
rootkit: v2017.03.11.01

Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
Primitive :: RANY [administrator]

3/30/2017 7:11:27 PM
mbar-log-2017-03-30 (19-11-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 367281
Time elapsed: 15 minute(s), 30 second(s)

Memory Processes Detected: 8
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Adware.Yelloader) -> 8312 -> Delete on reboot. [85acb41cccdcc76fe1eda2d93bc601ff]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> 5764 -> Delete on reboot. [63ceab25495f6acc4b2ab2c5e71ad12f]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> 2384 -> Delete on reboot. [63ceab25495f6acc4b2ab2c5e71ad12f]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> 860 -> Delete on reboot. [63ceab25495f6acc4b2ab2c5e71ad12f]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> 6888 -> Delete on reboot. [63ceab25495f6acc4b2ab2c5e71ad12f]
C:\Users\Primitive\AppData\Local\microlabs\ct.exe (Trojan.Clicker) -> 3392 -> Delete on reboot. [ab8657798226cb6becc44406d72b34cc]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp (Adware.ConvertAd.Generic) -> 1568 -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs (Adware.ConvertAd.Generic) -> 1832 -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]

Memory Modules Detected: 12
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]

Registry Keys Detected: 21
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [2011af21495f58dec2ab8aed2ad7d62a]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Trojan.Clicker) -> Delete on reboot. [ab8657798226cb6becc44406d72b34cc]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\servervo (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gemeloki (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
HKLM\SOFTWARE\RunBooster (Adware.RunBooster) -> Delete on reboot. [f83923ad9a0ec67080bc6394f30dfb05]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [d25fede3981050e654c4407f1ee3738d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [ff32ce029117e452753d512bf20fa45c]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]

Registry Values Detected: 6
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Adware.Yelloader) -> Data: "C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [85acb41cccdcc76fe1eda2d93bc601ff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\Primitive\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [cd6404cceeba3cfa984ae77050b2f40c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gemeloki|ImagePath (Adware.ConvertAd.Generic) -> Data: C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs -> Delete on reboot. [ab86339d7b2d1f17864bab2e5ca4728e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\servervo|ImagePath (Adware.ConvertAd.Generic) -> Data: C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp -> Delete on reboot. [67ca616f8127d462ce03518831cff20e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\PRIMIT~1\AppData\Local\NTUSER~1\dataup\dataup.exe -> Delete on reboot. [b67b5779e2c64ceaf7b9e6970ff2659b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: "C:\Users\Primitive\AppData\Local\microlabs\ct.exe" /svc -> Delete on reboot. [e849d7f9cfd990a640fa4413c73b6a96]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 28
C:\Windows\src_srv (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1a17e8e8961283b3486b2a48cb351ae6]
C:\Users\Primitive\AppData\Local\microlabs (Trojan.Clicker) -> Delete on reboot. [ab8657798226cb6becc44406d72b34cc]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447 (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Users\Primitive\AppData\Local\llssoft\winvmx (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\dump (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\qdcomsvc (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]

Files Detected: 252
C:\WINDOWS\SYSTEM32\drivers\1d160a49fc8ecb3cfce1289a40c9b4dc.sys (Adware.Social2Search) -> Delete on reboot. [23232dccce49afc4102e7ec4d879efd0]
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [b82af19ea4f351ab70ceeeec014dcc62]
C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [2011af21495f58dec2ab8aed2ad7d62a]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Adware.Yelloader) -> Delete on reboot. [85acb41cccdcc76fe1eda2d93bc601ff]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> Delete on reboot. [63ceab25495f6acc4b2ab2c5e71ad12f]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [e64b3e926c3cd85ed6727fcebd45f808]
C:\Windows\SysWOW64\SurfShield.exe (Trojan.MalPack) -> Delete on reboot. [6ec3f0e050587fb7f7f8f551837f946c]
C:\Users\Primitive\AppData\Local\Temp\1490577405\s5-20150702.exe (Rootkit.Agent.PUA) -> Delete on reboot. [ea47923e1f892a0cc7687cd545bde719]
C:\Users\Primitive\AppData\Local\Temp\172776218\RunBoosterSetup64_3231.exe (Adware.RunBooster) -> Delete on reboot. [55dcdef254542e0881a03b5853adc937]
C:\Windows\Temp\9279.tmp (Adware.ConvertAd) -> Delete on reboot. [8ca5a42c8325cf6785d1d0fcc23fdf21]
C:\Windows\Temp\927F.tmp (Trojan.Agent) -> Delete on reboot. [2f0280506147ce68b53d5aa7ce34ba46]
C:\Windows\Temp\928B.tmp (Trojan.Bunitu) -> Delete on reboot. [b879527e099f5fd737b2e076a55dfe02]
C:\Users\Primitive\AppData\Local\ntuserlitelist\qdcomsvc\kpiumycw.exe (Rootkit.Agent.PUA) -> Delete on reboot. [d65b11bf367245f114c871daf111c63a]
C:\Users\Primitive\AppData\Local\ntuserlitelist\winscr\winscr.exe (Adware.Yelloader) -> Delete on reboot. [37faae226543cb6b6e0697e0c23f9d63]
C:\Windows\src_srv\Trusted.Web.Proxy.dll (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1a17e8e8961283b3486b2a48cb351ae6]
C:\Windows\src_srv\accept_cert.exe (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1a17e8e8961283b3486b2a48cb351ae6]
C:\Windows\src_srv\Ionic.Zip.dll (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1a17e8e8961283b3486b2a48cb351ae6]
C:\Windows\src_srv\rootCert.pfx (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1a17e8e8961283b3486b2a48cb351ae6]
C:\Windows\src_srv\winsrcsrv.exe (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [1a17e8e8961283b3486b2a48cb351ae6]
C:\Users\Primitive\AppData\Local\microlabs\ct.exe (Trojan.Clicker) -> Delete on reboot. [ab8657798226cb6becc44406d72b34cc]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns2411.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\knsF876.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\pro175E.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\pro1BE4.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\pro3C53.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\pro9729.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\proB94D.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\proD661.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\proF5B7.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\proF6FE.tmp (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs (Adware.ConvertAd.Generic) -> Delete on reboot. [230ed7f9beeab284868aa2b32ed45ca4]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data603\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data614\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data618\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data638\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data673\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data680\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data685\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\Cookies (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\llssoft\winvmx\data691\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [41f08c44baee35014013ad31b34de51b]
C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\regtool\regtool.exe (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\svcvmx.log (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Users\Primitive\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [71c087492f79d3631616f45137cbfc04]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921c060b712f6.r30.cf2.rackcdn.com) Good: () -> Replace on reboot. [979acf01a305c96d6ef35121936e59a7]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (ac1b4997db921c060b712f6.r30.cf2.rackcdn.co) Good: () -> Replace on reboot. [b0816f61891fda5c461b7cf6778ab44c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [5bd6a729c1e741f5540d7cf6a9582dd3]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [70c112be8424aa8cb3ae621051b034cc]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [f73a933d377174c25f02beb456abbc44]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997d) Good: () -> Replace on reboot. [7fb20ac68325b383b3ae591923de649c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (19.169 469ba60d9681f961064c-3cca6631dac1b4997d) Good: () -> Replace on reboot. [cc657957901842f49ec3abc730d18779]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [1a175e720f99cf67c8998de5fd04ff01]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [d061a22eb6f2f145d8899ad812eff010]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [c0719e325c4c132374ed4a2805fc02fe]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [a78aa22e53555ed8174a383a877ad62a]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [77ba1cb401a7360094cd2b47b8496799]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [fd343a96a40488ae461bbab8b74a55ab]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [2011fad646623ff72d34135fea17946c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4997d) Good: () -> Replace on reboot. [d061c60abdebf640cb963939ae533ac6]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b4997db) Good: () -> Replace on reboot. [56dbad23e5c3fd3994cd92e00cf59a66]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [55dc0cc49414b0862f326a089c6536ca]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [6ec34888931504323a271959c53c1ee2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [3bf6e2ee773195a148194d25e31edd23]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (19.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [38f98947b0f81d193d24a8ca71903ac6]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (

92.53.119.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [5ad708c8288037ff412085edfe03ae52]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (169 469ba60d9681f961064c-3cca6631dac1b4997db9) Good: () -> Replace on reboot. [2f028b45b3f5bb7b2f32b4bec23fda26]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [042db020e4c48caa86db0270f60bb749]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [db56c10f3276013519487ff3ab5632ce]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [c76a3b958f1976c028395220e918e41c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [53de7a563e6a033329388fe3b1504bb5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [56db58785553bd79bba6650dc43dcd33]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [171ab9174068ee487de4ec865ba650b0]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (19.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [af8216ba8226b3835809cba77e830af6]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [35fcc907396fdd593b26d99961a08f71]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [e150d000a10754e24021dd95ed14e917]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca663) Good: () -> Replace on reboot. [ae832da3e3c56dc97ce597db30d13cc4]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [c46d0ec207a146f0e879cea438c902fe]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [70c1725e54545adccd943f33e120d52b]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [18196a661b8d2e0870f1f97927da24dc]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [161b8e427137bf770f52274bf50c5ba5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [62cf2aa6f4b4dd59adb49dd535cc06fa]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [c76a4c844b5dd26481e04d25748dac54]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [1a172da3e0c8a09682df81f1ba475fa1]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [ea47d6fa2484bc7a68f9d79b976a837d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [a28f458b48609d99a8b95c16a8594ab6]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [013020b0684049edbaa78fe3a25fdb25]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b4997d) Good: () -> Replace on reboot. [48e92ba54c5cc2746ef3b9b9f30e9a66]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921c0) Good: () -> Replace on reboot. [52df755bb7f11026b1b0f47ed52c2bd5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (69 469ba60d9681f961064c-3cca6631dac1b4997db921c060b712f) Good: () -> Replace on reboot. [e84902cea7013afc86dbbcb64fb2f010]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (69 469ba60d9681f961064c-3cca6631dac1b4997db9) Good: () -> Replace on reboot. [4fe220b02e7a142287daf67c946d53ad]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631d) Good: () -> Replace on reboot. [f63b25abccdc83b377eabfb3fb0606fa]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [9b96ede3e4c45cdaf26fb0c2e51cfa06]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [ea474789beead95d540d9cd67889f808]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [c36ee7e9d6d2d363abb6d99942bf8e72]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db9) Good: () -> Replace on reboot. [51e000d0783072c4045d462c0af7f60a]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [86ab06ca8c1c082e4e136c06d0319868]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [b08107c9dfc95dd9a7ba2f43966b827e]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [2011369accdcda5c01601b577e83e41c]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [3cf5e7e9f1b72412441de48e1ae75aa6]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (

92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [fd34ac24396fb284d78ae58d42bf5da3]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [65cc478997113006adb4264c08f9738d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [161b11bf0e9a67cf20412f43a25f02fe]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [ce635080fbadc373134ecfa3c9387b85]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [f0416e62f2b6ef47bda4027043be3bc5]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4997db92) Good: () -> Replace on reboot. [85ac4a86b1f7fb3b322f9ed45ca55da3]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [c56c5d7343658ea8fa671c562ad78f71]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca) Good: () -> Replace on reboot. [072a9c346345df575a071e543bc6639d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (

92.53.119.169 469ba60d9681f961064c-3cca6631) Good: () -> Replace on reboot. [76bb01cf268258de461b363c4eb39070]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b49) Good: () -> Replace on reboot. [1a1701cf4a5e2e08b8a93f3305fc49b7]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db92) Good: () -> Replace on reboot. [01307a566e3a78be88d988ead42dc33d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (169 469ba60d9681f961064c-3cca6631dac1b4997d) Good: () -> Replace on reboot. [022f9c34e0c845f1f170244e7a87ed13]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db) Good: () -> Replace on reboot. [86ab339dc1e789ad1150640e37ca26da]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (69 469ba60d9681f961064c-3cca6631dac1b4997db921c060b7) Good: () -> Replace on reboot. [072aa03030781c1ae978254d10f105fb]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [89a8cf016444ec4aa0c1304228d946ba]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca66) Good: () -> Replace on reboot. [2d043b95693f76c0f56c3042e0219868]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [90a14f81a6022b0b86dbf082f908eb15]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631da) Good: () -> Replace on reboot. [5ad7f0e0a9ff56e08fd2c4ae8f728977]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [cb666e62b9efcc6a89d86a08bd449967]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (2.53.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [0829824e990f7bbb263b551dd52c60a0]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [da5799373f6981b5e57cf37fee1355ab]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (

92.53.119.169 469ba60d9681f961064c-3cca6) Good: () -> Replace on reboot. [6dc46b658523f93d3b260c66010056aa]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997) Good: () -> Replace on reboot. [d160cb051d8b78be90d1f082f20fb947]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921) Good: () -> Replace on reboot. [85acffd1c5e3c2741c454c262ed3a858]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.169 469ba60d9681f961064c-3cca6631dac1b4997db921c060b) Good: () -> Replace on reboot. [6bc69739ffa9ac8a68f9076b887924dc]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.169 469ba60d9681f961064c-3cca6631dac1b4997db9) Good: () -> Replace on reboot. [c968a22e6147cc6ac69b284a5ca5da26]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921c) Good: () -> Replace on reboot. [a48d527ef4b441f50859531f29d8ca36]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9 469ba60d9681f961064c-3cca6631dac1b4997db921) Good: () -> Replace on reboot. [e150a12fa20692a48fd288ea05fc9868]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (119.169 469ba60d9681f961064c-3cca6631dac1b4997db92) Good: () -> Replace on reboot. [ef422ba54662b97d86db6909a35ed22e]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [5bd63c94aff99d990d545c1645bcfb05]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (.119.169 469ba60d9681f961064c-3cca6631dac1b4) Good: () -> Replace on reboot. [74bd9b355b4d2f07055cc3afa0610ef2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (
92.53.119.169 469ba60d9681f961064c-3cca6631dac) Good: () -> Replace on reboot. [57da15bbaafe9a9c1051c5adb150b947]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: ( 92.53.119.169 469ba60d9681f961064c-3cca6631dac1b499) Good: () -> Replace on reboot. [f33e913f81279e98d38ee191e31ec33d]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9.169 469ba60d9681f961064c-3cca6631dac1b4997db921) Good: () -> Replace on reboot. [4ae7f0e0e3c5989e352c0270d130b050]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (53.119.169 469ba60d9681f961064c-3cca6631dac1b) Good: () -> Replace on reboot. [250c755bd2d6171fc69bf1815da4e719]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9.169 469ba60d9681f961064c-3cca6631dac1b4997db921c06) Good: () -> Replace on reboot. [8da46769387075c18ad7452d59a88878]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (9.169 469ba60d9681f961064c-3cca6631dac1b4997d) Good: () -> Replace on reboot. [8aa75a76ecbc8bab97ca2f4327da4eb2]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (3.119.169 469ba60d9681f961064c-3cca6631dac1) Good: () -> Replace on reboot. [87aa339d53552c0af170bdb5e02139c7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Advertisement
Register to Remove

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 31st, 2017, 12:43 am

Hello JustTheEngineer,


Please do the following..

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs (if present):
    • Cloud Penguin
    • Online.io Application
    • Traffic Exchange
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.


Next..


Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Clean.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.


I need to see a fresh set of FRST logs..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble with any of the steps?
  • Adwcleaner report
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 31st, 2017, 4:55 pm

I had no issues completing these steps. The only thing worth noting is that by background has gone black and the shortcuts to pictures, documents, etc. in the start menu have been replaced with "<No Text>". Got some error message saying the desktop was deleted but the files I saved in the desktop are still accessible.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 31st, 2017, 4:56 pm

# AdwCleaner v6.045 - Logfile created 31/03/2017 at 16:45:31
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Primitive - RANY
# Running from : C:\Users\Primitive\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\f8ff187d-1425-0
[-] Folder deleted: C:\ProgramData\f8ff187d-7e47-1
[-] Folder deleted: C:\Users\Primitive\.proxycheck
[-] Folder deleted: C:\Users\Primitive\.AnonymizerLauncher
[-] Folder deleted: C:\Users\Primitive\AppData\Local\AnonymizerLauncher
[-] Folder deleted: C:\Users\Primitive\AppData\Local\AppTrailers
[-] Folder deleted: C:\Users\Primitive\AppData\Local\llssoft
[-] Folder deleted: C:\Users\Primitive\AppData\Roaming\Note-up
[-] Folder deleted: C:\Users\Primitive\AppData\Roaming\Tencent
[-] Folder deleted: C:\Users\Primitive\AppData\Roaming\Microleaves
[-] Folder deleted: C:\Users\Primitive\AppData\Roaming\Screenshot Pro
[-] Folder deleted: C:\Users\Primitive\AppData\Roaming\Interstatnogui
[#] Folder deleted on reboot: C:\Users\Primitive\AppData\Roaming\Note-UP
[-] Folder deleted: C:\ProgramData\Tencent
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tencent
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Program Files (x86)\S5
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Program Files (x86)\Microleaves
[-] Folder deleted: C:\Program Files (x86)\ScreenshotPro
[-] Folder deleted: C:\Users\PRIMIT~1\AppData\Local\Temp\Tencent
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Screenshot Pro
[-] Folder deleted: C:\Users\Primitive\AppData\Roaming\AGData
[-] Folder deleted: C:\WINDOWS\SysWOW64\sstmp


***** [ Files ] *****

[-] File deleted: C:\TOSTACK
[-] File deleted: C:\WINDOWS\rsrcs.dll
[-] File deleted: C:\Users\Primitive\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\Primitive\AppData\Roaming\InstallationConfiguration.xml
[-] File deleted: C:\Program Files (x86)\Internet Explorer\iexplore.bat
[-] File deleted: C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
[-] File deleted: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndbgkcnnbhekjhpfdegbobklpeeocfjb_0.localstorage
[-] File deleted: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndbgkcnnbhekjhpfdegbobklpeeocfjb_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: PPI Update
[-] Task deleted: Traffic Exchange Guardian
[-] Task deleted: Traffic Exchange Updater
[-] Task deleted: Traffic Exchange
[-] Task deleted: Traffic Exchange Guard
[-] Task deleted: Online Application v2 Guardian
[-] Task deleted: Online Application v2 Guard
[-] Task deleted: Online Application v2
[-] Task deleted: Online Application Guardian
[-] Task deleted: Online Application Guard
[-] Task deleted: Online Application
[-] Task deleted: Online Application Updater
[-] Task deleted: online application
[-] Task deleted: traffic exchange


***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKLM\SOFTWARE\Classes\metnsd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\metnsd
[-] Key deleted: HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdVPN
[-] Value deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
[-] Value deleted: HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
[#] Value deleted on reboot: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
[-] Value deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [WinResSync]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WinResSync]
[#] Value deleted on reboot: [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [WinResSync]


***** [ Web browsers ] *****

[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: av-voice-changer-software-basic-edition.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: autoclick-robot.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: advanced-gif-optimizer.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: morphvox-voice-changer.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: itools-for-windows.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: far-cry-primal.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: openal.en.softonic.com
[-] [C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: zoo-tycoon-2-extinct-animals.en.softonic.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6663 Bytes] - [31/03/2017 16:45:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [6377 Bytes] - [31/03/2017 16:45:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6809 Bytes] ##########
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 31st, 2017, 4:57 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Primitive (administrator) on RANY (31-03-2017 16:51:01)
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) G:\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) G:\Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes) G:\Anti-Malware\mbamtray.exe
() G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => G:\Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => G:\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Steam] => G:\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Discord] => C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [TQOS_REPORT] => g:\non-steam games\monster hunter online\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Chromium] => c:\users\primitive\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify Web Helper] => C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-23] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify] => C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe [7089776 2017-03-23] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-23]
ShortcutTarget: Rainmeter.lnk -> G:\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpotifyWebHelper.exe - Shortcut.lnk [2017-01-25]
ShortcutTarget: SpotifyWebHelper.exe - Shortcut.lnk -> C:\Users\Primitive\Downloads\SpotifyWebHelper.exe (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-233390903-2661952563-451428824-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-233390903-2661952563-451428824-1001] => 127.0.0.1:8003
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7eb64d0a-f41c-4682-a71c-66653c8069d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{83fe7494-0511-4654-8018-3bf915ca7f93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7427483-624e-4d4c-9009-612f371d9f4c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c88be9c3-cd57-11e5-a678-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {BDDDE980-C83F-4A8C-84E1-4F78EEF45929} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)

FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2017-02-26] (Unity Technologies ApS)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin64 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultSearchURL: Default -> file://C:\\Users\\Primitive\\AppData\\Local\\Temp\\C82F.html?bn=gch&ch_id=NOCHPC&g=3b4f51ef-73de-4277-a2f6-3e687129283e&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Profile: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; G:\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 realtek_amd64; C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-24] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-09-24] (Echobit, LLC)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-31] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 TesMon; C:\WINDOWS\system32\TesMon.sys [71976 2016-09-18] (Tencent)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1007928 2017-01-18] (TENCENT)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 16:48 - 2017-03-31 16:48 - 00006916 _____ C:\Users\Primitive\Documents\AdwCleaner[C0].txt
2017-03-31 16:47 - 2017-03-31 16:47 - 00000000 ____D C:\Storage
2017-03-31 16:46 - 2017-03-31 16:46 - 00000258 __RSH C:\Users\Primitive\ntuser.pol
2017-03-31 16:44 - 2017-03-31 16:45 - 00000000 ____D C:\AdwCleaner
2017-03-31 16:43 - 2017-03-31 16:39 - 04089296 _____ C:\Users\Primitive\Desktop\AdwCleaner.exe
2017-03-30 19:11 - 2017-03-31 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-30 19:06 - 2017-03-30 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.scr
2017-03-30 19:06 - 2017-03-30 18:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.com
2017-03-30 18:38 - 2017-03-30 19:29 - 00000000 ____D C:\Users\Primitive\Desktop\mbar
2017-03-30 18:38 - 2017-03-30 18:29 - 19044562 _____ C:\Users\Primitive\Desktop\mbar-1.09.3.1001.zip
2017-03-30 18:38 - 2017-03-30 18:28 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.exe
2017-03-30 17:15 - 2017-03-30 17:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Primitive\Desktop\mbar-1.09.3.1001.exe
2017-03-29 19:33 - 2017-03-31 16:51 - 00020234 _____ C:\Users\Primitive\Desktop\FRST.txt
2017-03-29 19:33 - 2017-03-29 19:34 - 00086137 _____ C:\Users\Primitive\Desktop\Addition.txt
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Se Browser Enhancer
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files\2a3f425bfffb88bb1aaf86a4ef800345
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files (x86)\ParentalControl
2017-03-29 18:03 - 2017-03-29 18:03 - 00000159 _____ C:\Users\Primitive\Desktop\ckfiles.txt
2017-03-29 18:02 - 2017-03-29 17:50 - 00468480 _____ () C:\Users\Primitive\Desktop\CKScanner.exe
2017-03-29 17:47 - 2017-03-29 17:47 - 00000000 ____D C:\RegBackup
2017-03-29 16:01 - 2017-03-29 16:01 - 00083371 _____ C:\Users\Primitive\Desktop\2 (1).txt
2017-03-29 16:01 - 2017-03-29 16:01 - 00000100 _____ C:\Users\Primitive\Desktop\2 (2).txt
2017-03-27 21:36 - 2017-03-27 21:37 - 00086726 _____ C:\Users\Primitive\Desktop\1 (2).txt
2017-03-27 21:35 - 2017-03-31 16:51 - 00000000 ____D C:\FRST
2017-03-27 21:35 - 2017-03-29 16:01 - 00045799 _____ C:\Users\Primitive\Desktop\1 (1).txt
2017-03-27 21:29 - 2017-03-27 21:34 - 02424832 _____ (Farbar) C:\Users\Primitive\Desktop\FRST64.exe
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 21:16 - 2017-03-26 21:16 - 00003258 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003252 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\c
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\ProgramData\1490577405
2017-03-25 00:36 - 2017-03-25 00:36 - 01962408 _____ C:\Users\Primitive\Downloads\wrar540.exe
2017-03-24 22:52 - 2017-03-24 22:52 - 00014474 _____ C:\Users\Primitive\Downloads\57c8c80bfc2b70a697687c0b88e41b1c.torrent
2017-03-24 21:20 - 2017-03-25 12:27 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\BitTorrent
2017-03-24 21:14 - 2017-03-24 21:14 - 00012872 ____N C:\bootsqm.dat
2017-03-24 21:08 - 2017-03-24 21:08 - 00009371 _____ C:\Users\Primitive\Downloads\8e409b424596c2ce2e468e3b3a366a4f.torrent
2017-03-24 19:16 - 2017-03-24 21:17 - 00000000 ____D C:\Users\Primitive\Desktop\Keep Talking and Nobody Explodes
2017-03-24 19:16 - 2017-03-24 19:16 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\Steel Crate Games
2017-03-24 11:54 - 2017-03-24 11:54 - 03083458 _____ C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe
2017-03-20 17:17 - 2017-03-16 18:56 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-03-20 17:15 - 2017-03-16 21:01 - 40190400 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 34991672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 16851280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11019888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 09306312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 08990256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 03169848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 02716096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00687408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00515648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00207856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00183136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00177992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00152064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-03-16 16:37 - 2017-03-25 21:20 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Natural Selection 2
2017-03-14 12:44 - 2017-03-14 12:44 - 04220719 _____ C:\Users\Primitive\Downloads\HS-HSS-TAP-Part_5_--_Chapter_31-_American_Life_in_the_Roaring_Twenties.pdf
2017-03-12 21:46 - 2016-10-27 17:18 - 00000000 ____D C:\Users\Primitive\Desktop\4.3.0
2017-03-09 19:27 - 2017-02-23 18:55 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437878.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437878.dll
2017-03-06 21:26 - 2017-03-06 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-03-06 21:07 - 2017-03-06 21:10 - 00000000 ____D C:\Users\Primitive\AppData\Local\{F7ECC1B0-D344-AD08-BEDC-88E09AB47478}
2017-03-06 20:54 - 2017-03-06 20:57 - 1182291124 _____ C:\Users\Primitive\Downloads\397483-ZOTYCE.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 16:49 - 2016-02-07 01:12 - 00770738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-31 16:48 - 2016-02-11 18:47 - 00000000 ____D C:\Users\Primitive\AppData\Local\CrashDumps
2017-03-31 16:47 - 2016-02-07 01:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-31 16:46 - 2016-04-04 16:11 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-31 16:46 - 2016-02-07 01:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-31 16:46 - 2016-02-07 01:04 - 00000000 ____D C:\Users\Primitive
2017-03-31 16:45 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-03-31 16:44 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Spotify
2017-03-31 16:44 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\Spotify
2017-03-31 16:41 - 2016-10-09 16:08 - 00000000 ____D C:\Users\Primitive\AppData\Local\ClassicShell
2017-03-30 19:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2017-03-30 19:11 - 2016-04-04 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 18:21 - 2017-01-12 18:10 - 00264598 ____N C:\WINDOWS\Minidump\032917-4390-01.dmp
2017-03-29 18:21 - 2016-04-07 16:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-29 15:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-28 20:09 - 2016-04-30 12:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\discord
2017-03-26 22:18 - 2016-02-07 01:07 - 00000000 ____D C:\Users\Primitive\AppData\Local\Packages
2017-03-26 21:20 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-26 17:26 - 2017-01-10 00:49 - 00000073 _____ C:\WINDOWS\wininit.ini
2017-03-25 21:53 - 2016-02-09 15:31 - 00000000 ____D C:\Users\Primitive\AppData\Local\Battle.net
2017-03-25 21:52 - 2016-02-09 15:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-25 20:03 - 2016-02-07 04:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mumble
2017-03-24 23:47 - 2017-02-04 04:52 - 00000000 ____D C:\Users\Primitive\MusicBot
2017-03-24 20:05 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-24 20:04 - 2016-10-14 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-24 17:40 - 2016-03-11 18:19 - 00565800 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-03-20 17:18 - 2016-10-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 17:18 - 2016-02-07 01:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 17:18 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-20 17:18 - 2014-08-31 14:59 - 00000000 ____D C:\Temp
2017-03-20 17:17 - 2016-04-30 16:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-17 16:03 - 2016-04-05 18:23 - 14574640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-03-16 21:01 - 2017-01-01 20:05 - 28254264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-03-16 21:01 - 2017-01-01 20:05 - 00043636 _____ C:\WINDOWS\system32\nvinfo.pb
2017-03-16 21:01 - 2016-10-28 21:08 - 00640456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00573632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 24492880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 20769264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 13800944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 03597456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-03-16 19:31 - 2016-10-08 15:14 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-16 19:16 - 2016-04-05 18:24 - 00549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-16 19:16 - 2016-04-05 18:24 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-16 05:39 - 2016-02-07 01:10 - 07813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-09 00:07 - 2016-02-07 01:15 - 00000000 ____D C:\Users\Primitive\AppData\Local\Roblox
2017-03-08 22:00 - 2016-09-26 17:57 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-08 19:25 - 2017-01-10 02:01 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-06 21:44 - 2016-05-01 20:31 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft Games
2017-03-06 21:43 - 2016-05-01 20:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-06 21:43 - 2016-05-01 20:30 - 00000000 ____D C:\ProgramData\Microsoft Games
2017-03-06 21:24 - 2016-02-07 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-04 19:12 - 2017-01-22 01:30 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-01 17:53 - 2017-01-10 02:14 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAA7E8BD-894E-42B0-A4E4-C7C98A5F38BF}

==================== Files in the root of some directories =======

2016-06-01 21:22 - 2016-06-01 21:22 - 0007606 _____ () C:\Users\Primitive\AppData\Local\Resmon.ResmonCfg
2017-01-09 22:52 - 2017-01-09 22:52 - 0000000 _____ () C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 22:54 - 2017-01-09 22:54 - 0000001 _____ () C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 22:52 - 2017-01-09 22:54 - 0000000 _____ () C:\Users\Primitive\AppData\Local\stxtname.txt
2017-01-15 01:50 - 2017-01-18 19:43 - 0000292 _____ () C:\ProgramData\DP0004.dat
2016-12-23 20:55 - 2016-12-23 20:55 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-23 20:55 - 2016-12-23 20:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2017-01-01 20:00 - 2017-01-22 01:30 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 20:00 - 2017-01-22 00:32 - 0004188 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\ProgramData\DP0004.dat


Some files in TEMP:
====================
2017-03-31 16:42 - 2016-01-17 18:37 - 0296960 _____ () C:\Users\Primitive\AppData\Local\Temp\CuPUninstall.exe
2017-03-29 18:20 - 2017-03-29 18:20 - 1150603 _____ (Hekedugani ) C:\Users\Primitive\AppData\Local\Temp\DB39.tmp.exe
2017-01-11 04:53 - 2017-01-11 04:53 - 0762992 _____ () C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe
2017-01-23 20:37 - 2017-01-23 20:37 - 0739904 _____ (Oracle Corporation) C:\Users\Primitive\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-01 20:08 - 2017-02-23 04:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll
2017-01-01 20:08 - 2017-02-23 04:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-24 19:38 - 2017-02-23 04:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe
2016-10-08 15:14 - 2017-01-05 21:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-08 15:14 - 2017-01-05 21:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-01-15 00:53 - 2017-01-15 00:53 - 1472872 _____ () C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-09 20:00

==================== End of FRST.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 31st, 2017, 4:57 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (31-03-2017 16:51:30)
Running from C:\Users\Primitive\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 05:06:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233390903-2661952563-451428824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233390903-2661952563-451428824-503 - Limited - Disabled)
Guest (S-1-5-21-233390903-2661952563-451428824-501 - Limited - Disabled)
Primitive (S-1-5-21-233390903-2661952563-451428824-1001 - Administrator - Enabled) => C:\Users\Primitive

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Depth (HKLM\...\Steam App 274940) (Version: - Digital Confectioners)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Discord (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Git version 2.11.1 (HKLM\...\Git_is1) (Version: 2.11.1 - The Git Development Community)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7870.2024 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Natural Selection 2 (HKLM\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
ROBLOX Player for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
Super Hexagon (HKLM\...\Steam App 221640) (Version: - Terry Cavanagh)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {236D5E93-AC70-40C8-8507-71ED54E82425} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {36FC4F2D-2FC1-4C0F-9F44-41B280A32779} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {3F2DCA07-5247-4396-A732-55CFACB24016} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {3F39F139-E558-49F2-94D9-5443E998C7DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45A64C74-3F8C-42EE-8DEB-DF1A83FCCD4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {4B25888B-8985-4F3F-B91E-496D45D90F69} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {54E033B2-E527-4D00-B522-6E3845CDF2E1} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {5DBF077D-34EF-4AC4-ABE9-B051D1CC57E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {66E21683-3ABA-4D5F-B96A-97B64E81E6F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {718654D7-45FE-4114-8169-D671714DB898} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7813514E-C52D-4C08-BCE8-6CFD9B1B3685} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {7EA057AD-62FC-43FD-BE2E-2A8DC9D0A261} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {85148911-6B3A-4DA0-BE2A-EC73B3E91C67} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {95BF1522-875E-4138-B6E6-A36B795D7D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {AE34D356-1919-4106-9136-CD5F218496D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {B481EED0-482D-4E11-B005-299A4747938A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {B5015F98-BD11-457C-AF42-4257BD35FEFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-08] (Microsoft Corporation)
Task: {BF3CD351-0A42-4629-87ED-61FC9961439A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {C62F2AFE-67E3-4033-B157-B302AA4C9F01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {F8691C31-7151-4D63-ABB0-CA44666DB472} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {FC17B985-39D1-41BC-88AA-E56D1701A505} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-24 16:52 - 2017-03-24 16:52 - 00008704 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
2017-01-27 17:09 - 2017-03-08 19:25 - 02264352 _____ () G:\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-02-07 01:10 - 2017-03-16 19:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 20:11 - 2016-05-19 20:11 - 00959168 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 23:27 - 2017-02-25 04:59 - 08921648 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-16 21:30 - 2017-01-16 21:30 - 00230064 _____ () G:\rhinobot\Notepad++\NppShell_06.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-11-08 18:34 - 2016-10-25 00:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 18:33 - 2016-10-25 00:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 18:34 - 2016-10-25 00:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 18:33 - 2016-10-25 00:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-15 01:09 - 2015-10-27 07:30 - 00440832 _____ () G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
2016-12-22 19:02 - 2016-12-22 19:09 - 36960256 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-11-10 18:29 - 2016-11-10 18:29 - 00879104 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\sqlite3.dll
2016-02-07 02:30 - 2016-02-07 02:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-02-07 03:36 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:31 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-24 16:53 - 2017-03-24 16:53 - 00404992 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 67725936 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libcef.dll
2016-10-08 15:14 - 2017-02-23 14:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 01929840 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libglesv2.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 00087152 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libegl.dll
2016-10-08 15:14 - 2017-02-23 10:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 15:14 - 2017-02-23 10:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\google.com -> hxxps://google.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233390903-2661952563-451428824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primitive\AppData\Roaming\Rainmeter\Layouts\Test\Wallpaper.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{623EAC45-1598-4EEE-BD2F-C554D19FAA58}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{882D562F-D8CF-47F0-91D5-5FF20B26E4D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F32F6EE-7D5A-4F87-890D-C43E6E5B1D6B}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{37B62C7A-6269-448C-B0F0-C5F4DD354D39}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{62D0C5AA-BAC2-46E9-875E-4A481824893A}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13C2835A-1846-4F6B-8DBB-D5013C3538E6}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E12D0410-C1CD-4A84-9D2B-A549A6FE2C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{66C4B93B-2AA9-4B9B-8CBD-B461DFB712E2}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3908B23D-06E8-409A-955B-5EB59B18597B}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{450E2008-E396-433A-A2C2-A8DD4DA0B3CE}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{44F09366-8258-4497-AE39-AAF7A7B95146}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A0E6F6F2-A76C-4190-A05C-EEC139D4A3A9}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{436E6A5A-63DA-466D-97E6-04584B352F1B}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{AF18843B-D775-4C5B-961C-E4BE8E0D4D85}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C2B76408-6377-4C86-8CA0-23DC44A17D81}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFDDC1C2-D40E-452E-BA03-AD93719A722A}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{0C7AE528-35AA-4CA9-BEEF-9273410642C4}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [TCP Query User{F94CD4E5-A551-4850-AC31-08A71433FA3E}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{4CCE744F-9643-4D7F-8D50-08A1F5F83204}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{F2230469-9934-4F74-B6BB-F29B3E279064}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1999BC2-8EC4-468A-BC7F-0D0176ADE6A1}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{212B39BF-7C90-4A18-A2A0-49AEE8CBB838}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{73721E6F-4821-40A6-92A7-4A410A50DD18}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{0CC94886-5F31-440B-8375-8650C49219BA}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1327FD25-DABA-4F25-8721-6FF3482ABA8E}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{23BC6235-E46E-443A-A509-DBB2C0214867}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7A57483F-0EDC-4AAA-8F16-7E6225D68E64}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [{8BC5D79D-ECCB-4824-9964-F2E73A249C60}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E2B86AF-644D-43C9-9426-2B434A9EC1DA}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [TCP Query User{826E5577-F48E-48C4-B788-4237C7C64054}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{8EE5BE3A-F201-4B23-92EA-00303D2F81B9}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{71689633-D477-4FA3-93C7-39DBD8D16D0B}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [UDP Query User{27419A28-CEAF-4934-9067-F9E56798A149}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [TCP Query User{6BB72CFE-E6C9-488E-AFF8-4C42BB966AD3}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6347567-B904-4E85-8E5E-D12FE7AD6B69}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{0B7EA474-5A25-4B8A-B994-1513540C3243}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2A64718-D7CE-425D-8560-15ABFD84E229}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7736D49B-8E9F-4C87-855D-E2A19BCCB59C}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B00BB64-BBE7-49F4-B690-75EF262E2C5E}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [{F11A6418-583B-4BF4-BBB3-D99BBB3B311F}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F3B40AAB-4713-4A2E-A857-1DD7013ACAAC}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{1A7FB639-11ED-46E5-8932-FA17C6FC5D7E}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{A5C8EBCC-699E-4F6F-BFD8-BF07593D6353}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{2E6C0288-6D7C-4326-AEB4-EAD4FC13974A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38366E24-9DD0-49C6-B75F-B82810C36C0A}] => (Allow) LPort=2869
FirewallRules: [{933CF27E-CDC8-46C2-8C32-54C742A26086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{554E64E0-949D-48E5-A53D-1F12FD8B9D3E}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E374850A-708E-450A-8CC5-5F768F4CBE08}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [TCP Query User{A034A264-0945-466C-B892-5A5228B0651D}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{C5F98DCB-D2DA-4B11-9343-035AE2F2AB7F}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{1BDF9A2F-CD29-4E5E-A082-C38AF929DAE3}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [UDP Query User{7613A658-F25F-4404-8E58-F5EA70D316C2}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [{8A0F9ABD-4B7B-4B99-BBD7-A0C569DE9D3C}] => (Allow) LPort=3724
FirewallRules: [{2FDD3BE2-9AE2-4E50-87D5-C75A81102691}] => (Allow) LPort=80
FirewallRules: [{64B5E32C-9C1B-46CD-B0C0-AF4960C6BA50}] => (Allow) LPort=3724
FirewallRules: [{0F99289A-A5F7-422C-9402-3B7926840156}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D062639C-BE7D-4157-9324-71092FA90889}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E0E46D31-D846-433F-93BB-C40904D76206}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6D25C008-C437-4F1F-BDB4-836EB6CD91C7}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{63443DFF-2AB7-43C1-8214-30B975D2C89E}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5570ED2F-A868-4505-8D6F-AF68B4627C86}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{932D63EC-38F6-4AE0-9D77-51B8E11419A7}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{8B4BD4CE-9BC1-4122-84CD-E06FC899FDFD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{A97DEDDE-8734-44C5-8468-66F39BBE8CF0}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{F5F33787-D7C4-4739-948D-4CF5489C3196}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{699B12A2-F38A-45F5-90A0-C0D6FA07048C}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{0A946021-97EC-4123-8B35-3F540E4C0B87}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{2532257F-66FE-4A7F-B558-7DEB53E91923}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E847E4B7-F8CA-40EF-BE4E-7178535D8AFF}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{0689DDDF-B42B-4EE1-97E3-C93CB1769EC1}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A6FE3A00-4642-44DB-A8E7-6DC7EDC91103}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{2860814A-C858-435B-93FF-CAEAF06283E5}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B71182B9-2FF4-4350-A587-12661B101AE2}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{D7323373-425E-4712-9CAF-B9EAAA0BD3BD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{2FC5CCF0-1EBA-4F2E-AEF2-3564E3BE2089}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{8599F9E1-4132-4FCE-9E2A-134AF4221A9F}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{8491AA07-3E7C-4D2C-970F-6DDD8647E6E2}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{680C8538-AB76-4C9D-AA64-88528517232B}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{90022BBC-7821-4A38-8499-7D4720C7F399}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{70314229-B02C-47BC-803D-36EAD79CB19E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{809CF0FE-0CFC-43F4-8B08-DE1EA5404EC2}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{0A4BB1E4-2739-45A6-9B44-7574F239D6FE}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1EE99792-B9F5-4336-B6A4-67CDE297D939}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A731D180-3785-4690-B244-8E072AACA54B}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7890BBC5-C71C-45FC-90CA-F355C715C194}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [{85A541F6-343A-415C-B0CC-41F490595474}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{B3306EE5-DEE6-4CDA-B7FE-EF05D863260D}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6134967A-DD57-43EE-9C37-B49E9B734E02}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{D7997AEA-89B2-4C2D-8D18-197288A3B3D6}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{A3F2F9DB-7E59-4228-B86B-90275A4CECC1}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{72E3CBF9-EA97-42BF-AEBB-C409E5EAE144}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{53EF9765-8F3F-4CE0-891F-6ABD0BCCF0CA}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BA877EC9-C8B6-482F-8301-28A60C63338D}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{F4B04EE7-CE5B-43A7-B020-7300ED880910}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [{4CD296B7-581C-4259-BACC-6CD4A284EF77}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [TCP Query User{50C74FB9-13D1-4C0F-B363-2C3454C39C2F}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [UDP Query User{4E57BD46-5D4B-4445-BEAE-89D68AF55E29}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [{DE1E98E7-D7D7-4D9A-B4D2-13432A2B5137}] => (Allow) G:\MHO_Setup_1.0.10.281.exe
FirewallRules: [{AA64C9C3-345B-45A6-B70C-0160C707B77D}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{67205B16-3A61-4047-AD66-C2BCE10F7EBC}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{DB59E90A-56E4-420D-9F34-A77FFD35A498}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{FC74637D-B211-4EFB-AEE3-CACE48FDDBDC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9640D995-3E8B-4B47-B24E-D1DF382E7A36}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{CEDE9F51-5B8F-4CCD-B830-73E73E7F7A8E}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{40741CA0-A58F-4341-AD44-A15FEC3B0B70}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{3A379FC4-8321-492C-AB7E-F9C97A82FA62}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [TCP Query User{01336705-8EAD-4B36-BF65-D9C44FA9FEBC}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{3B9A6431-CFC2-4DC3-A89B-53215014C478}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{B1FE646A-C2FB-45D2-A8E9-CB422DB1CCAC}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{91C7C2FF-6B69-4EE3-84A5-D879D600722F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{CCCB8CA6-598C-4530-947B-AAB3BDF7AAE3}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{29501E58-6243-482A-991A-4846F989EE04}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{B72F9913-9157-41F6-86AA-209D85553F52}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{AD359F3F-BDBE-4180-A8BD-DD70B3A26389}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{1B669228-ECC6-4BD2-8A6F-5F16E4BB126A}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{F5F2B9C2-95EF-439B-9CF3-52C59EC8258F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [TCP Query User{4EE97130-FC57-4E76-AC59-99C458FA3C80}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{5B808CD5-68F6-496E-B030-D5313FC11F38}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9E7CC219-9CB1-4CD5-9335-EBE8533250B9}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{239FFC90-287E-495D-AB59-7FC23145B069}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [{58497E58-8543-4AF6-BF1A-C796522D7DA6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{47E63243-0844-48FE-9178-FAC61F31B063}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C30F45C8-7A7E-43BA-9AAA-5A0A299DA24C}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E2717E1C-8DA8-449D-A315-2559FA37A472}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01F09A5D-56CE-4C06-B469-C085C6012A5F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{80F297EA-BC13-4FB9-8DDF-2A331DAFCC40}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{61721D0C-C71A-426C-B802-0B547DC1B72F}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{43ACBCD6-DF48-4705-9F58-0FFE049BB002}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{F8CE015C-4705-49BB-9DAF-76AAF36EF185}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{395F18A2-BD53-4597-8E8F-3E6B097674BF}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{9CEF9ED1-1338-4485-8D6D-1179EC70FDA3}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B81A4465-DE02-478B-B2D9-E4AB64D227FA}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{C5FEAB5F-ED17-42C6-93BF-7AB26DB81BA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72E2569E-16E8-4425-88AC-00603841CFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{45330A66-5327-4487-8F80-32299908671A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C099841-F916-4F42-9021-A854C1357C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9220A0FA-B81F-4D45-AC6A-044F0B6CF166}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3C4E80F4-A092-4CB6-B540-A86C8952ABEF}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B710C0C4-08D9-4145-BE07-866286CB2C00}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{5F375B40-602F-416C-BAA3-3EF955EBE04A}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [{33153EA4-8120-4115-92CE-6BF18BA639F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2B9A0DD5-F582-4889-9535-849B35C83F43}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{17839E54-88C3-47D1-A7A0-01D3012CED39}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{72A80336-7300-4FDE-A344-9853CE2CCB18}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4D705E32-6B9B-47B0-9186-E328FEC23B20}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{98ED55A4-A4DA-4C4F-9BEF-37A596F6AFD4}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0AAF8FD3-D5E6-47BD-AE05-B74BAB84B9F1}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{4677494E-ED85-4AA0-A66D-902FBE60FB4A}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E4C68492-42B1-4604-915F-21EAAD919D23}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{CFA6BAC5-80B5-47DE-BF2D-209F657C615E}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{788EBD02-A83A-489C-9813-CF080BEFB30F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{0B5233E7-8472-4AC6-8565-AD80C46D3885}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{401DF6F8-8DC1-4ACB-8AD5-ABCD9EC01CAB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{DE649370-1ED2-4595-BCD2-B0A032E1640E}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4805A180-E9B2-49F8-AA75-0D4C081DFB89}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DAE0D35D-7DB3-41D4-9723-ED957BB53903}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9F098143-7E37-4D90-973B-602A203A55A0}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B5BB3F9-0A5A-4288-82B7-2353A6C24341}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4F1A7742-DF00-4870-B9B5-C7E64624FE46}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{51BC0EDE-9905-4195-84C8-BF8939908167}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C15FC5C7-99CF-4E5A-81C4-5A877BDBEE9D}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{601CBF0E-78FD-4E8C-8772-947FB93CC163}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{4F1CDB89-3C49-433D-86B1-2D5CC565EF99}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{36D44B57-18D0-4CCB-857D-EAD0612ED622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A61ED98D-9440-405A-ADB5-1EAEF2939046}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D69BDBC-C579-450C-959A-516BBF68A966}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EDF74F32-C9FB-41CB-8C78-D08F9A57FDC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1406EE3-FB4E-40B4-BB3C-791F4B8E61EA}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5A8C7D3-2EF3-40DF-B166-6F8856341311}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{039CC2A6-8753-4013-81A2-192A59E09349}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{76A2E5F8-8DE7-403B-943C-444F76A881A3}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8D0D9326-C7CC-49CA-B92A-2066BC8FB3B4}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{05B77BB7-1039-449D-8CF0-2FE18A7D3B2B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AAD8536A-C438-4191-8919-10DAB48B0B5B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35C23D4C-B2E7-4FEE-B85D-A3F57B11B1D2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{794435CE-BA25-4692-9EF8-FEE00FC5ABC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06BD6921-70BE-4F1F-9A4F-FC21D6F2519F}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{838F76D9-1920-427F-94F4-5628B0920463}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B533F19-34FF-4DCC-8EB9-45195214C599}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8FA91647-E1BB-4C0A-8020-07B890998ED0}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4D3DDB90-2F38-49FA-A655-293BAACD5A1F}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DBCE5122-0967-41F0-983B-1BB6E7E6E5B9}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F285FC3E-1572-4385-AB56-B7D21DE2B1BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB42E26-0AF2-4681-80E8-B3CFA38A5EB1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B6E957B7-7F7D-4B16-8C4F-95446738EDEF}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [UDP Query User{854267C1-E051-42CD-8387-E8599E49DFED}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [{A5656CAA-E9E5-4CC3-8A79-9724545EB2FE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => (Allow) C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => (Allow) C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => (Allow) C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => (Allow) C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => (Allow) C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => (Allow) C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{24C5640D-65EF-4A6C-B98C-25D98020B0BA}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [{CDB59CAC-6EA0-44E9-B9C5-79DEF750C615}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [TCP Query User{257134CB-FB7F-4A5F-B70E-615278E2F341}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [UDP Query User{B9B4FABC-C0C7-4271-873D-AAB2E8375D52}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [{94165F0E-E46B-4FAD-819B-F80DD84B6B2E}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\MHO_Setup_2.0.11.371.exe
FirewallRules: [TCP Query User{54C272DB-35D3-4B75-8531-03FA9660D41F}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{3E26C92C-C10E-4022-8C7B-2B853009E665}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{74A20A0A-A3A0-4E05-A6A1-3E19C20C810F}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{6BAC593A-0CCB-4133-87FE-87FF5647C786}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{1CDB3F0C-5413-44ED-A81C-275A4F02EB44}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{6A10EFAA-6B24-4BA9-91F8-D2C1EB57E198}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{9F0E65CA-13E0-41A0-A772-D6BAD6AC2008}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{8DFF6AEE-9F5E-4982-B96F-6855C931C2AB}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{50AC1C5E-C9B2-4D1D-8157-85CFE9721CB0}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{B5DAAF87-D3EC-484D-AF79-C975877DB8CE}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{BE36E881-D2F3-4BDA-873B-D5E344EC19C8}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{684762C8-09C7-4D20-9CB2-0AB204FCB721}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{75E28886-DB3E-42BD-AEF6-4AFC51A2893F}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{73C8C34B-996A-42BB-9E0A-83CBC1746732}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D8DA5CEC-1D66-42C7-8B78-73163972EB98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9C0CA1A0-16C0-465B-B993-B151C7891A50}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{40E2A678-1545-4C46-A612-8AAF7EC23DD1}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [TCP Query User{9739C598-80F5-4741-8A01-E3E405A3F46B}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0C3A87F1-55D8-4C31-8311-9F6E02BE9576}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D6A13C37-397B-43B1-B4C3-1811650C09DD}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{AF66AF0B-6362-47C7-830E-FE6962B43302}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{263AD6B1-E37B-455B-A44C-CD7DCE21974E}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{9240B2EF-2D8E-4E3E-A98B-97128E127B4D}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{8D538934-A429-4E32-A470-6ADBCED3F4AB}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{0587789B-43B1-4355-96D1-2C34AA798207}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{84627E43-4C3B-4134-989E-FFFF1949E403}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{E0BAB900-2391-4176-8E6D-DB728B375794}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{8B626F06-40B1-4CA8-A7C7-02D7E6864E0F}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A639E62A-CD46-415C-87FC-E23CA40FDFDD}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

06-03-2017 21:24:49 Installed Zoo Tycoon 2 - Ultimate Collection
30-03-2017 19:29:06 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2017 04:49:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/31/2017 04:48:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: EMODEL.dll, version: 11.0.10586.713, time stamp: 0x5833eb23
Exception code: 0xc0000409
Fault offset: 0x0000000000129bef
Faulting process id: 0x1cf8
Faulting application start time: 0x01d2aa6030acd197
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: 57ab99cc-4978-44de-a4c9-3d2b9a56ec8f
Faulting package full name: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/31/2017 04:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: EMODEL.dll, version: 11.0.10586.713, time stamp: 0x5833eb23
Exception code: 0xc0000409
Fault offset: 0x0000000000129bef
Faulting process id: 0x1644
Faulting application start time: 0x01d2aa602e3de7d2
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: 9ca0cbe9-0ab7-4b37-82e1-4b7fd22de2f4
Faulting package full name: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/31/2017 04:46:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.494, time stamp: 0x5775e94c
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.672, time stamp: 0x580eeb60
Exception code: 0xc000027b
Fault offset: 0x00000000006fd1db
Faulting process id: 0x155c
Faulting application start time: 0x01d2aa5feedeeabb
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 3fd02608-1567-4541-b283-26e21aa038d1
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (03/31/2017 04:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.494, time stamp: 0x5775e94c
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.672, time stamp: 0x580ef283
Exception code: 0xc000027b
Fault offset: 0x000000000004b1c9
Faulting process id: 0x123c
Faulting application start time: 0x01d2aa5fdcfd9b93
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: dcbf94aa-af28-4179-a092-0d8013fb7c6a
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (03/31/2017 04:46:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The process cannot access the file because it is being used by another process.

Error: (03/31/2017 04:46:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\Primitive\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (03/31/2017 04:43:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/30/2017 07:36:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/30/2017 07:29:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (03/31/2017 04:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:49:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:49:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:48:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:48:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:48:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:48:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2017 04:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2017-03-24 20:04:45.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-02 23:02:35.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-19 19:02:26.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-11 23:42:31.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 20:20:45.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-09 21:55:28.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 21:07:40.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 14:23:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 18:59:40.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 18:20:33.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 28%
Total physical RAM: 8143.07 MB
Available physical RAM: 5823.04 MB
Total Virtual: 14799.07 MB
Available Virtual: 12538.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.01 GB) (Free:12.1 GB) NTFS
Drive f: (USB) (Removable) (Total:31.99 GB) (Free:31.94 GB) FAT32
Drive g: (New Volume) (Fixed) (Total:931.39 GB) (Free:363.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E8FD8D51)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 1st, 2017, 12:22 pm

Hello JustTheEngineer,

JustTheEngineer wrote:I had no issues completing these steps. The only thing worth noting is that by background has gone black and the shortcuts to pictures, documents, etc. in the start menu have been replaced with "<No Text>". Got some error message saying the desktop was deleted but the files I saved in the desktop are still accessible.

When did this happen? Can you to upload a screenshot in your next reply?

SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {BDDDE980-C83F-4A8C-84E1-4F78EEF45929} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx

Did you intentionally add Yahoo! to your Browser?


Uploading files to Virustotal
  • Please click on the following link: Virustotal
  • Select Choose File, under the File tab.
  • Navigate to the following locations on your computer:
    • C:\WINDOWS\cutler.exe
    • C:\Program Files (x86)\Hits\omagh.exe
    • C:\Program Files (x86)\acidosis\hijacking.exe
    • C:\Program Files (x86)\operant\hoosiers.exe
    • C:\Program Files (x86)\Ralph\demurrage.exe
  • Click on Open and then Scan it!.
  • When the scan is finished copy/paste the web address in your following post.
    Note: you can only upload one file at a time.


Hosts: Hosts file not detected in the default directory

Your Host file was found to be infected and subsequently removed. Please follow the instructions in the following link to re-create it: How to reset the Hosts file back to the default


Next..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Chromium] => c:\users\primitive\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-233390903-2661952563-451428824-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-233390903-2661952563-451428824-1001] => 127.0.0.1:8003
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
CHR DefaultSearchURL: Default -> file://C:\\Users\\Primitive\\AppData\\Local\\Temp\\C82F.html?bn=gch&ch_id=NOCHPC&g=3b4f51ef-73de-4277-a2f6-3e687129283e&p={searchTerms}
R2 realtek_amd64; C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-24] () [File not signed] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
U0 aswVmm; no ImagePath
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Se Browser Enhancer
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files\2a3f425bfffb88bb1aaf86a4ef800345
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files (x86)\ParentalControl
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 21:16 - 2017-03-26 21:16 - 00003258 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003252 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\c
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\ProgramData\1490577405
2017-03-24 22:52 - 2017-03-24 22:52 - 00014474 _____ C:\Users\Primitive\Downloads\57c8c80bfc2b70a697687c0b88e41b1c.torrent
2017-03-24 21:20 - 2017-03-25 12:27 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\BitTorrent
2017-03-24 21:08 - 2017-03-24 21:08 - 00009371 _____ C:\Users\Primitive\Downloads\8e409b424596c2ce2e468e3b3a366a4f.torrent
2017-03-24 11:54 - 2017-03-24 11:54 - 03083458 _____ C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe
2017-03-26 17:26 - 2017-01-10 00:49 - 00000073 _____ C:\WINDOWS\wininit.ini
2017-01-15 01:50 - 2017-01-18 19:43 - 0000292 _____ () C:\ProgramData\DP0004.dat
2017-03-31 16:42 - 2016-01-17 18:37 - 0296960 _____ () C:\Users\Primitive\AppData\Local\Temp\CuPUninstall.exe
2017-03-29 18:20 - 2017-03-29 18:20 - 1150603 _____ (Hekedugani ) C:\Users\Primitive\AppData\Local\Temp\DB39.tmp.exe
2017-01-11 04:53 - 2017-01-11 04:53 - 0762992 _____ () C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe
2017-01-23 20:37 - 2017-01-23 20:37 - 0739904 _____ (Oracle Corporation) C:\Users\Primitive\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-01 20:08 - 2017-02-23 04:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll
2017-01-01 20:08 - 2017-02-23 04:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-24 19:38 - 2017-02-23 04:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe
2016-10-08 15:14 - 2017-01-05 21:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-08 15:14 - 2017-01-05 21:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-01-15 00:53 - 2017-01-15 00:53 - 1472872 _____ () C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Task: {041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {36FC4F2D-2FC1-4C0F-9F44-41B280A32779} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {4B25888B-8985-4F3F-B91E-496D45D90F69} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {54E033B2-E527-4D00-B522-6E3845CDF2E1} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {85148911-6B3A-4DA0-BE2A-EC73B3E91C67} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {FC17B985-39D1-41BC-88AA-E56D1701A505} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()
2017-03-24 16:52 - 2017-03-24 16:52 - 00008704 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
2017-03-24 16:53 - 2017-03-24 16:53 - 00404992 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => (Allow) C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => (Allow) C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => (Allow) C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => (Allow) C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => (Allow) C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => (Allow) C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs

EmptyTemp:
RemoveProxy:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


How is your computer behaving?

-----------------------------------------
In your next reply, I would like to see..
  • Did you have encounter any problems while following the instructions?
  • Answer to my question concerning Yahoo!
  • VirusTotal links
  • fixlog.txt
  • Update on your computer's behaviour.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 5:30 pm

It happened after I restarted my computer after the AdwCleaner scan. Fortunately the changes I described have disappeared and my desktop and shortcut labels have returned to normal. As a result I can't really take a screenshot though.

I did not intentionally add Yahoo! to my browser.

I can't access the Virustotal link. I've been completing all of your steps by downloading programs on to a different computer and transferring them using a flashdrive because my browser keeps giving me the proxy error. Tried locating those files you listed on my computer by navigating the file explorer so I can put them on the USB and scan them off of there but they don't appear to be there. Not sure if the website can see special .exe files that I can't see normally navigating through the folders but I'm not sure how to scan those when I don't have access to searching stuff on my computer.

Should I continue with restoring my host file and using the fixlist code despite this?
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 1st, 2017, 5:42 pm

Hello JustTheEngineer,

JustTheEngineer wrote:I can't access the Virustotal link. I've been completing all of your steps by downloading programs on to a different computer and transferring them using a flashdrive because my browser keeps giving me the proxy error. Tried locating those files you listed on my computer by navigating the file explorer so I can put them on the USB and scan them off of there but they don't appear to be there. Not sure if the website can see special .exe files that I can't see normally navigating through the folders but I'm not sure how to scan those when I don't have access to searching stuff on my computer.
Should I continue with restoring my host file and using the fixlist code despite this?

Yes, please proceed to the next step. :)
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 6:41 pm

My computer is behaving normally as if there was no virus. I'm not having proxy errors and there are no ads slowing down my Google Chrome.

Here's my fixlog.txt.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 6:42 pm

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (01-04-2017 18:36:54) Run:1
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Chromium] => c:\users\primitive\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-233390903-2661952563-451428824-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-233390903-2661952563-451428824-1001] => 127.0.0.1:8003
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
CHR DefaultSearchURL: Default -> file://C:\\Users\\Primitive\\AppData\\Local\\Temp\\C82F.html?bn=gch&ch_id=NOCHPC&g=3b4f51ef-73de-4277-a2f6-3e687129283e&p={searchTerms}
R2 realtek_amd64; C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-24] () [File not signed] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
U0 aswVmm; no ImagePath
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Se Browser Enhancer
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files\2a3f425bfffb88bb1aaf86a4ef800345
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files (x86)\ParentalControl
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 21:16 - 2017-03-26 21:16 - 00003258 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003252 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\c
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\ProgramData\1490577405
2017-03-24 22:52 - 2017-03-24 22:52 - 00014474 _____ C:\Users\Primitive\Downloads\57c8c80bfc2b70a697687c0b88e41b1c.torrent
2017-03-24 21:20 - 2017-03-25 12:27 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\BitTorrent
2017-03-24 21:08 - 2017-03-24 21:08 - 00009371 _____ C:\Users\Primitive\Downloads\8e409b424596c2ce2e468e3b3a366a4f.torrent
2017-03-24 11:54 - 2017-03-24 11:54 - 03083458 _____ C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe
2017-03-26 17:26 - 2017-01-10 00:49 - 00000073 _____ C:\WINDOWS\wininit.ini
2017-01-15 01:50 - 2017-01-18 19:43 - 0000292 _____ () C:\ProgramData\DP0004.dat
2017-03-31 16:42 - 2016-01-17 18:37 - 0296960 _____ () C:\Users\Primitive\AppData\Local\Temp\CuPUninstall.exe
2017-03-29 18:20 - 2017-03-29 18:20 - 1150603 _____ (Hekedugani ) C:\Users\Primitive\AppData\Local\Temp\DB39.tmp.exe
2017-01-11 04:53 - 2017-01-11 04:53 - 0762992 _____ () C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe
2017-01-23 20:37 - 2017-01-23 20:37 - 0739904 _____ (Oracle Corporation) C:\Users\Primitive\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-01 20:08 - 2017-02-23 04:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll
2017-01-01 20:08 - 2017-02-23 04:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-24 19:38 - 2017-02-23 04:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe
2016-10-08 15:14 - 2017-01-05 21:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-08 15:14 - 2017-01-05 21:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-01-15 00:53 - 2017-01-15 00:53 - 1472872 _____ () C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Task: {041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {36FC4F2D-2FC1-4C0F-9F44-41B280A32779} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {4B25888B-8985-4F3F-B91E-496D45D90F69} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {54E033B2-E527-4D00-B522-6E3845CDF2E1} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {85148911-6B3A-4DA0-BE2A-EC73B3E91C67} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: {9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: {FC17B985-39D1-41BC-88AA-E56D1701A505} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()
2017-03-24 16:52 - 2017-03-24 16:52 - 00008704 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
2017-03-24 16:53 - 2017-03-24 16:53 - 00404992 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => (Allow) C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => (Allow) C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => (Allow) C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => (Allow) C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => (Allow) C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => (Allow) C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs

EmptyTemp:
RemoveProxy:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
Chrome DefaultSearchURL => removed successfully
HKLM\System\CurrentControlSet\Services\realtek_amd64 => key removed successfully
realtek_amd64 => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
HKLM\System\CurrentControlSet\Services\SkypeUpdate => key removed successfully
SkypeUpdate => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\lmimirr => key removed successfully
lmimirr => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Se Browser Enhancer => moved successfully
C:\Program Files\2a3f425bfffb88bb1aaf86a4ef800345 => moved successfully
C:\Program Files (x86)\ParentalControl => moved successfully
C:\WINDOWS\Tasks\Online Application v209.job => moved successfully
C:\WINDOWS\Tasks\Online Application v209 Guardian.job => moved successfully
C:\WINDOWS\Tasks\Online Application v209 Guard.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => moved successfully
C:\WINDOWS\System32\Tasks\Online Application v209 Guardian => moved successfully
C:\WINDOWS\System32\Tasks\Online Application v209 Guard => moved successfully
C:\WINDOWS\System32\Tasks\Online Application v209 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 => moved successfully
C:\Users\Primitive\AppData\Roaming\c => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\ProgramData\1490577405 => moved successfully
C:\Users\Primitive\Downloads\57c8c80bfc2b70a697687c0b88e41b1c.torrent => moved successfully
C:\Users\Primitive\AppData\LocalLow\BitTorrent => moved successfully
C:\Users\Primitive\Downloads\8e409b424596c2ce2e468e3b3a366a4f.torrent => moved successfully
C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe => moved successfully
C:\WINDOWS\wininit.ini => moved successfully
C:\ProgramData\DP0004.dat => moved successfully
C:\Users\Primitive\AppData\Local\Temp\CuPUninstall.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\DB39.tmp.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI32.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI64.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0847AE0-465A-4D7B-A555-AABB43B550F0}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FC4F2D-2FC1-4C0F-9F44-41B280A32779} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FC4F2D-2FC1-4C0F-9F44-41B280A32779} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4752A296-189E-4FD5-A55B-16D29353EEF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4752A296-189E-4FD5-A55B-16D29353EEF8} => key removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B25888B-8985-4F3F-B91E-496D45D90F69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B25888B-8985-4F3F-B91E-496D45D90F69} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54E033B2-E527-4D00-B522-6E3845CDF2E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54E033B2-E527-4D00-B522-6E3845CDF2E1} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v209 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85148911-6B3A-4DA0-BE2A-EC73B3E91C67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85148911-6B3A-4DA0-BE2A-EC73B3E91C67} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v209 Guardian => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 Guardian => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application v209 Guard => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC17B985-39D1-41BC-88AA-E56D1701A505} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC17B985-39D1-41BC-88AA-E56D1701A505} => key removed successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key removed successfully
C:\WINDOWS\Tasks\Online Application v209 Guard.job => not found.
C:\WINDOWS\Tasks\Online Application v209 Guardian.job => not found.
C:\WINDOWS\Tasks\Online Application v209.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => not found.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk" => Could not move.
C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E2617A2-D5F6-4502-AEE9-D480E007CA65} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9588507-2313-4762-A50D-4A9BC832F19B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1164D2F8-5ADE-4E91-AE40-363A1857F0D2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A395A1F-936B-4FF0-8710-ACE9917AC481} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18A66A25-E1E5-4171-B75F-2549447C195D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83} => value removed successfully
C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 39276 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39318655 B
Java, Flash, Steam htmlcache => 219663497 B
Windows/system/drivers => 51305318 B
Edge => 121856 B
Chrome => 539100447 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 560 B
LocalService => 0 B
NetworkService => 17642 B
Primitive => 1570139838 B

RecycleBin => 597463751 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:37:21 ====
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 6:48 pm

Upon further inspection Chrome is telling me some of my extensions were corrupted. They've all been removed but when I try and reinstall them it's telling me that it "Could not move extension directory into profile".
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 1st, 2017, 8:02 pm

Hello JustTheEngineer,

Upon further inspection Chrome is telling me some of my extensions were corrupted. They've all been removed but when I try and reinstall them it's telling me that it "Could not move extension directory into profile".

Let's wait until we've removed the infection and then I'll help you reinstall the extensions. :)

We still have more work to do so let't get started.. :)

Please disable Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Zoek

  • Please download Zoek from Here and save it to your Desktop.
  • Right-Click on Zoek.exe and select Run as Administrator.
  • It may take a while before the program opens, this is normal.
  • Once Zoek is opened, copy/paste the following code inside the Input Field:
    Code: Select all
    createsrpoint;
    autoclean;
    chromelook;
    emptyalltemp;
    C:\WINDOWS\cutler.exe;virustotal
    C:\Program Files (x86)\Hits\omagh.exe;virustotal
    C:\Program Files (x86)\acidosis\hijacking.exe;virustotal
    C:\Program Files (x86)\operant\hoosiers.exe;virustotal
    C:\Program Files (x86)\Ralph\demurrage.exe;virustotal
    
  • Close any open browser and click on Run script.
  • Zoek will now start to run the script.
  • Once the tool finishes, a window will open named zoek-results.log.
  • Please post the contents of zoek-results.log in your next post.
    Do not forget to re-enable Windows Defender at this point.


I need to see a fresh FRST log..

  • Right-click on FRST64.exe and select Run as administrator.
  • The program might update, please allow it to do so.
  • Please check the following entry:
    • List BCD
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problems while following the instructions?
  • zoek-results.log
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 8:38 pm

No problems at all, here are my logs.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 8:38 pm

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Primitive on Sat 04/01/2017 at 20:25:57.48.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Primitive\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4/1/2017 8:26:40 PM Zoek.exe System Restore Point Created Successfully.

==== VirusTotal Scan ======================

C:\WINDOWS\cutler.exe not found
C:\Program Files (x86)\Hits\omagh.exe not found
C:\Program Files (x86)\acidosis\hijacking.exe not found
C:\Program Files (x86)\operant\hoosiers.exe not found
C:\Program Files (x86)\Ralph\demurrage.exe not found

==== Empty Folders Check ======================

C:\PROGRA~2\Hits deleted successfully
C:\PROGRA~2\lafite deleted successfully
C:\PROGRA~2\neuharth deleted successfully
C:\PROGRA~2\Ralph deleted successfully
C:\PROGRA~2\COMMON~1\COMODO deleted successfully
C:\Program Files\COMODO deleted successfully
C:\Program Files\Reason deleted successfully
C:\Program Files\Sound+ deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Primitive\AppData\Local\ActiveSync deleted successfully
C:\Users\Primitive\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDDDE980-C83F-4A8C-84E1-4F78EEF45929} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00CA9AC2-3F91-46A8-A745-82CA22C26E37} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01493796-DC4B-40EC-8017-F90072972E0A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02D58E3F-D8AB-4DDC-8BD4-04C93C2ACC08} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02F52754-5681-4ED9-B6DE-205CA4FF96CC} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{058FF4AA-C3D1-4A13-95CB-CB3A35D17F0B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0834BCA5-243A-4A19-B0FA-21C28D8B0C64} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C90F41C-44AD-42A2-AFA0-43D7BC12F222} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DBC6CFE-5D62-4137-B429-EC971FAB311A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EE8999F-1672-4447-A2D4-75B245A9F9B4} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F6D2A78-8DFD-453A-9C6B-003A636A0A9C} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{101F5118-E919-4264-BD57-1DFDA86FC659} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11988053-C500-4533-82D1-5763011F1245} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19682AD9-9896-4D59-8BCF-754AB2BD7D83} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A04A0F5-683A-4AFB-BCF0-589BF3F72625} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EB7C58F-49AD-48D5-9838-B352D609C3FA} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{205D81A4-64BC-4F2C-8063-17B72295FABD} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20735E1F-47FF-4C14-BB25-8ED1C43AFB57} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2222B0EF-F6D9-4E7C-B89A-21C38AC0331F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25803AD1-6B0F-4A74-8224-36CED41B7EC9} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25828EAA-BB8B-413A-82F1-5BABC1D90A82} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{259EEE45-A516-4558-BC46-D18FBAC63122} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27450C9B-F590-47B0-BA75-FC9990B1DD0D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2815CEEB-4E8C-46AF-A11B-A80EC5202A09} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29A2224C-B800-4C3C-B9DB-025FF9DF1379} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D54F61A-C624-45A7-A025-7C72F74F2550} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DB0D40B-2399-44C8-905C-C21AFD5D6002} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DCD7FD9-847B-44DA-A581-031FF87702B0} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E20D286-4F07-4C70-AFB8-9EF83E23192D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3477F083-05E7-4EAF-A691-6BB47DF2F8EF} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3685CF72-AE55-4E5A-8166-0DA528ABA49D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40654B91-8602-4952-AE13-51BD112A567B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40C2D38F-7110-4A33-A0AC-636BCFF48ACB} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43707B05-0ED4-4868-BA0C-76654A6111F1} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47F0D6C6-4EC4-4B2D-A2E7-75FE13536A0F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4989E262-3177-4FAA-B2F4-F0358C2ED93F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A9D9CA9-9781-4BC6-8B43-0B524A795E24} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C3B199E-3118-4A08-BB09-940CBCDCE0A2} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3EDD8B-C243-4B1E-8C3D-0CC348F345E2} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57B9A92E-6E29-432E-8D56-420D2B0D456A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A326A6F-C361-4094-9D57-B427E784B537} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C4C17CD-EB4C-4C72-A902-19976274AAC6} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D6FBD79-61D0-4522-A03B-72E530D0D92D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F2E4C54-88B8-4F9F-B1DA-3C2262F3AFAC} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FA2FFD9-14E6-49C0-BBA7-5D66BEFC130D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B3555D-4DFD-4DB6-BBD8-1F4222BD11DB} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63D8D907-11D4-4537-9CE5-0DF4FE1B4230} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6565612A-3C66-4494-878F-EF19C8D82308} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66AC4615-32F2-4B61-9EE0-237233343A0A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B9A1D1E-D839-4AD3-8C93-852EB3E4C95F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F07F7A5-84B8-42B8-B050-225122BDF529} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A5ABD0-2850-40D8-9138-7CF02C87A8DC} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74174624-2D01-4EE0-B9F9-F71F9FB45D27} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{756A8563-820F-475E-B5C6-ADA7202B9C45} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{764578A5-2DCA-4869-A47E-BCD6316E5CE5} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{780C48BF-98D7-40C4-AFC9-B56132A2CF69} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{787E0C2F-3BB5-4192-A383-7D99D9D0023F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79758CF7-BA05-4F75-86A9-C4ECE82493E3} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A2FC4C6-EABA-4F4B-88A3-C5E65D123A24} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CED4B8C-FEEB-4AD7-A7F6-3EB5B14C120E} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D505040-C579-477F-8496-081E9CBBA3E8} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{834C82C9-4E30-4304-81FE-9169A1FFAD6B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8434E6E8-8BA8-45FF-9DC1-DF76EAD3FA47} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87129F5B-7BDC-4CA3-8163-1C570595C6E3} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B300C02-A5E6-4A4C-B410-F1BC0BFB069B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BC6A1BB-73E4-4DE4-98CB-33D5885E78BE} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CB50FA4-4DE6-42B6-A409-DBF6DFCF62B1} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D1C4D60-EA20-4380-99C7-1154C08AD77B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FFBE901-CCD3-4575-9C0F-D7DA152361FF} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{908F72BA-ECF2-4FA4-B944-F4913F1BD4FF} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{920143D4-7506-49A6-9128-628705E29042} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{935FEA75-88E1-427E-8FCB-A31279E028AC} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9624B3A6-03F4-4744-906A-10555F83356D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{973D89F1-9E48-4B2A-9306-620966552CAA} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97ED7D2D-57EF-4170-BC88-2070585CD389} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99A9E6D7-5F8B-4C70-B327-9E79A31482C4} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CE7EB4C-428D-4D23-B423-2CD66F053A5D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DE74688-FA20-4C07-A129-908E509E0434} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0EE7E44-FC57-49DE-BA51-F82BFFFB5E79} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A217CA8E-A25F-47F2-B4CB-D74CC3C39B72} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A51D14F1-679D-4512-993A-987EC58969C5} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A69B2520-22FD-4FDB-970A-ADC2D7391B95} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E113AA-EDC6-436A-89B8-05F78824E708} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A88762EE-7BFE-4215-925B-7A6287756F7F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD6599B2-C55C-458F-9CCE-3E741EB00A66} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE2F77EA-1D3C-4BAF-BBC5-CD4B3D7BA3BC} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEEA3BB5-F369-48BA-88C5-F1C27B900471} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B056A1A3-9EA7-49D0-91E5-79E38E4E260E} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B336E420-549A-4FD6-A232-6851C5D865FE} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B454C118-972C-42F0-848F-5361906A0C7A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B50273A9-0DD0-43FD-BF58-754225F7A68D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B568E60C-068E-43B2-BB35-F826C584E582} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCFA7BFB-25E2-480E-A212-550253E88787} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE465C9E-0A9D-45A2-A3F9-B95186D0F2ED} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1F8325F-619D-44EF-B6BB-7379DC73FB5D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C312C0F2-E038-4FCB-AB5A-690B1A4C1A98} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C84D7C7F-E7D0-49A3-AA6B-1A07298F0096} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C861467C-DC43-43B6-9ED3-BA393C3D723A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD93A8CD-5173-4F4D-84F9-BD65B380EE50} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFC96361-D2BE-4B67-B188-C6FC273B6D55} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5D3360A-C635-4EFD-B180-9C5392D56619} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6A2BB41-2C4D-4ED2-B43F-A612990C74AB} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9B3D2E7-3048-4ECB-BE31-4B265BFF880B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DABE32C2-1E36-4654-B580-C8E142CFB85C} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBBF818C-1BFF-4526-B2B4-2893EEB9F420} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCFA5268-CAA3-4C2A-9ECC-0FAC04C37E6E} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF8D8ECB-C75C-4491-97CC-CD3696099D1F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E395C8DF-2515-4F35-BCF0-45DDA31DEC97} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B7BA5F-7A0D-44F5-94E4-C28723B3AEBA} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E728CF83-D48F-48AA-8A2F-410B827E89D9} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E77CE6F9-FDF6-4B04-9CAD-E80ADCFBF9D5} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB02DB67-1B54-4F4B-B56D-AD680CFE3313} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB69BD06-7673-4993-9373-0DB1643D592F} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F032F793-DCAB-4E4F-A21D-BD992DCC04FB} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F18C4428-05E6-43C5-A3D2-3B4FABA065EA} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1CB6E9E-A588-4268-9C86-F5C12E4C2F7D} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1EFBD1D-2630-4F1D-8722-EF809C5FBB93} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37C56AD-AED7-463B-BC1F-9629CDD1C578} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F445BCAE-4CDE-4113-8B51-90A933726674} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F44ABC97-98D4-4FF9-90CC-207D20F655DE} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6ED69A2-4988-40C0-B271-0FA3BEFF80E6} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7B521F3-2D05-4A03-9EF1-C262CF475AB8} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F92D95AA-B1A8-4EAD-AEC2-EACAADC34E95} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F99B9E6F-08E4-43EE-964E-046E38CC30D7} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB623CA1-6779-4F19-8FA2-5801701AFA3B} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7BE08E-7C3F-4477-8DB6-907EE6509955} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCC49455-AC09-4A61-97E7-20CC4FC68E66} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCFA38BD-363E-42F0-9E55-FC729D3A131A} deleted successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD56A5DF-B131-48AA-B87D-319EB85C836F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Hits not found
C:\PROGRA~2\lafite not found
C:\PROGRA~2\neuharth not found
C:\PROGRA~2\Ralph not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Defects deleted
C:\Users\Primitive\AppData\Roaming\Natural Selection 2 deleted
C:\Users\Primitive\.android deleted
C:\Temporary deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Primitive\AppData\Local\node-webkit deleted
C:\Users\Primitive\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\ProgramData\mntemp" deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cookies" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cookies-journal" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\modules.log" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cache\data_0" deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cache\data_1" deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cache\data_2" deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cache\data_3" deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cache\index" deleted
"C:\Users\Primitive\AppData\Roaming\discord\GPUCache\data_0" deleted
"C:\Users\Primitive\AppData\Roaming\discord\GPUCache\data_1" deleted
"C:\Users\Primitive\AppData\Roaming\discord\GPUCache\data_2" deleted
"C:\Users\Primitive\AppData\Roaming\discord\GPUCache\data_3" deleted
"C:\Users\Primitive\AppData\Roaming\discord\GPUCache\index" deleted
"C:\Users\Primitive\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage-journal" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node" deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node" deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node" deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node" deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node" deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll" deleted
"C:\Users\Primitive\AppData\Roaming\discord" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\Cache" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\GPUCache" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\Local Storage" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_contact_import" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_rpc" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_toaster" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_utils" not deleted
"C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_voice" not deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bhfhojbhbnajajgihpicejdalbjlpcep - No path found[]

==== Chromium Fix ======================

C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"=""
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"=""

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Primitive\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Primitive\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2621 folders=311 489562692 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\PRIMIT~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Primitive\AppData\Roaming\discord\Cookies" not found
"C:\Users\Primitive\AppData\Roaming\discord\Cookies-journal" not found
"C:\Users\Primitive\AppData\Roaming\discord\modules.log" not found
"C:\Users\Primitive\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage" not found
"C:\Users\Primitive\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage-journal" not found
"C:\Users\Primitive\AppData\Roaming\discord" not found

==== EOF on Sat 04/01/2017 at 20:36:44.27 ======================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 311 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware