Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Chrome is running slower and displaying ads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 8:39 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Primitive (administrator) on RANY (01-04-2017 20:38:50)
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) G:\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) G:\Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes) G:\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Rainmeter) G:\Rainmeter\Rainmeter.exe
(Spotify Ltd) C:\Users\Primitive\Downloads\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => G:\Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => G:\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Steam] => G:\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Discord] => C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [TQOS_REPORT] => g:\non-steam games\monster hunter online\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify Web Helper] => C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify] => C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-23]
ShortcutTarget: Rainmeter.lnk -> G:\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpotifyWebHelper.exe - Shortcut.lnk [2017-01-25]
ShortcutTarget: SpotifyWebHelper.exe - Shortcut.lnk -> C:\Users\Primitive\Downloads\SpotifyWebHelper.exe (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7eb64d0a-f41c-4682-a71c-66653c8069d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{83fe7494-0511-4654-8018-3bf915ca7f93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7427483-624e-4d4c-9009-612f371d9f4c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c88be9c3-cd57-11e5-a678-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)

FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2017-02-26] (Unity Technologies ApS)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin64 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)

Chrome:
=======
CHR Profile: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; G:\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-09-24] (Echobit, LLC)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-04-01] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 TesMon; C:\WINDOWS\system32\TesMon.sys [71976 2016-09-18] (Tencent)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1007928 2017-01-18] (TENCENT)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-01 20:37 - 2017-04-01 20:37 - 00000000 ____D C:\Users\Primitive\AppData\Local\ActiveSync
2017-04-01 20:33 - 2017-04-01 20:25 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-04-01 20:25 - 2017-04-01 20:33 - 00000000 ____D C:\zoek_backup
2017-04-01 20:25 - 2017-04-01 20:25 - 01309184 _____ C:\Users\Primitive\Desktop\zoek.exe
2017-04-01 18:36 - 2017-04-01 18:37 - 00031027 _____ C:\Users\Primitive\Desktop\Fixlog.txt
2017-03-31 16:48 - 2017-03-31 16:48 - 00006916 _____ C:\Users\Primitive\Documents\AdwCleaner[C0].txt
2017-03-31 16:47 - 2017-03-31 16:47 - 00000000 ____D C:\Storage
2017-03-31 16:46 - 2017-04-01 20:36 - 00000008 __RSH C:\Users\Primitive\ntuser.pol
2017-03-31 16:44 - 2017-03-31 16:45 - 00000000 ____D C:\AdwCleaner
2017-03-31 16:43 - 2017-03-31 16:39 - 04089296 _____ C:\Users\Primitive\Desktop\AdwCleaner.exe
2017-03-30 19:06 - 2017-03-30 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.scr
2017-03-30 19:06 - 2017-03-30 18:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.com
2017-03-30 18:38 - 2017-03-30 19:29 - 00000000 ____D C:\Users\Primitive\Desktop\mbar
2017-03-30 18:38 - 2017-03-30 18:29 - 19044562 _____ C:\Users\Primitive\Desktop\mbar-1.09.3.1001.zip
2017-03-30 18:38 - 2017-03-30 18:28 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.exe
2017-03-30 17:15 - 2017-03-30 17:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Primitive\Desktop\mbar-1.09.3.1001.exe
2017-03-29 19:33 - 2017-04-01 20:39 - 00018825 _____ C:\Users\Primitive\Desktop\FRST.txt
2017-03-29 19:33 - 2017-03-31 16:51 - 00081809 _____ C:\Users\Primitive\Desktop\Addition.txt
2017-03-29 18:03 - 2017-03-29 18:03 - 00000159 _____ C:\Users\Primitive\Desktop\ckfiles.txt
2017-03-29 18:02 - 2017-03-29 17:50 - 00468480 _____ () C:\Users\Primitive\Desktop\CKScanner.exe
2017-03-29 17:47 - 2017-03-29 17:47 - 00000000 ____D C:\RegBackup
2017-03-29 16:01 - 2017-03-29 16:01 - 00083371 _____ C:\Users\Primitive\Desktop\2 (1).txt
2017-03-29 16:01 - 2017-03-29 16:01 - 00000100 _____ C:\Users\Primitive\Desktop\2 (2).txt
2017-03-27 21:36 - 2017-03-27 21:37 - 00086726 _____ C:\Users\Primitive\Desktop\1 (2).txt
2017-03-27 21:35 - 2017-04-01 20:38 - 00000000 ____D C:\FRST
2017-03-27 21:35 - 2017-03-29 16:01 - 00045799 _____ C:\Users\Primitive\Desktop\1 (1).txt
2017-03-27 21:29 - 2017-03-27 21:34 - 02424832 _____ (Farbar) C:\Users\Primitive\Desktop\FRST64.exe
2017-03-25 00:36 - 2017-03-25 00:36 - 01962408 _____ C:\Users\Primitive\Downloads\wrar540.exe
2017-03-24 21:14 - 2017-03-24 21:14 - 00012872 ____N C:\bootsqm.dat
2017-03-24 19:16 - 2017-03-24 21:17 - 00000000 ____D C:\Users\Primitive\Desktop\Keep Talking and Nobody Explodes
2017-03-24 19:16 - 2017-03-24 19:16 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\Steel Crate Games
2017-03-20 17:17 - 2017-03-16 18:56 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-03-20 17:15 - 2017-03-16 21:01 - 40190400 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 34991672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 16851280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11019888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 09306312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 08990256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 03169848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 02716096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00687408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00515648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00207856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00183136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00177992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00152064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-03-14 12:44 - 2017-03-14 12:44 - 04220719 _____ C:\Users\Primitive\Downloads\HS-HSS-TAP-Part_5_--_Chapter_31-_American_Life_in_the_Roaring_Twenties.pdf
2017-03-12 21:46 - 2016-10-27 17:18 - 00000000 ____D C:\Users\Primitive\Desktop\4.3.0
2017-03-09 19:27 - 2017-02-23 18:55 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437878.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437878.dll
2017-03-06 21:26 - 2017-03-06 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-03-06 20:54 - 2017-03-06 20:57 - 1182291124 _____ C:\Users\Primitive\Downloads\397483-ZOTYCE.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-01 20:37 - 2016-10-09 16:08 - 00000000 ____D C:\Users\Primitive\AppData\Local\ClassicShell
2017-04-01 20:37 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Spotify
2017-04-01 20:37 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\Spotify
2017-04-01 20:37 - 2016-02-07 01:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-01 20:36 - 2016-02-07 01:04 - 00000000 ____D C:\Users\Primitive
2017-04-01 20:35 - 2017-01-10 02:10 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-01 20:35 - 2016-04-04 16:11 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 20:35 - 2016-02-07 01:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-01 20:35 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-01 20:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-04-01 18:43 - 2016-02-07 01:12 - 00770738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-31 16:48 - 2016-02-11 18:47 - 00000000 ____D C:\Users\Primitive\AppData\Local\CrashDumps
2017-03-30 19:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2017-03-30 19:11 - 2016-04-04 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 18:21 - 2017-01-12 18:10 - 00264598 ____N C:\WINDOWS\Minidump\032917-4390-01.dmp
2017-03-29 18:21 - 2016-04-07 16:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-29 15:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-26 22:18 - 2016-02-07 01:07 - 00000000 ____D C:\Users\Primitive\AppData\Local\Packages
2017-03-26 21:20 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-25 21:53 - 2016-02-09 15:31 - 00000000 ____D C:\Users\Primitive\AppData\Local\Battle.net
2017-03-25 21:52 - 2016-02-09 15:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-25 20:03 - 2016-02-07 04:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mumble
2017-03-24 23:47 - 2017-02-04 04:52 - 00000000 ____D C:\Users\Primitive\MusicBot
2017-03-24 20:05 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-24 20:04 - 2016-10-14 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-24 17:40 - 2016-03-11 18:19 - 00565800 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-03-20 17:18 - 2016-10-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 17:18 - 2016-02-07 01:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 17:18 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-20 17:18 - 2014-08-31 14:59 - 00000000 ____D C:\Temp
2017-03-20 17:17 - 2016-04-30 16:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-17 16:03 - 2016-04-05 18:23 - 14574640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-03-16 21:01 - 2017-01-01 20:05 - 28254264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-03-16 21:01 - 2017-01-01 20:05 - 00043636 _____ C:\WINDOWS\system32\nvinfo.pb
2017-03-16 21:01 - 2016-10-28 21:08 - 00640456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00573632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 24492880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 20769264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 13800944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 03597456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-03-16 19:31 - 2016-10-08 15:14 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-16 19:16 - 2016-04-05 18:24 - 00549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-16 19:16 - 2016-04-05 18:24 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-16 05:39 - 2016-02-07 01:10 - 07813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-09 00:07 - 2016-02-07 01:15 - 00000000 ____D C:\Users\Primitive\AppData\Local\Roblox
2017-03-08 22:00 - 2016-09-26 17:57 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-08 19:25 - 2017-01-10 02:01 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-06 21:44 - 2016-05-01 20:31 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft Games
2017-03-06 21:43 - 2016-05-01 20:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-06 21:43 - 2016-05-01 20:30 - 00000000 ____D C:\ProgramData\Microsoft Games
2017-03-06 21:24 - 2016-02-07 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-04 19:12 - 2017-01-22 01:30 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-06-01 21:22 - 2016-06-01 21:22 - 0007606 _____ () C:\Users\Primitive\AppData\Local\Resmon.ResmonCfg
2017-01-09 22:52 - 2017-01-09 22:52 - 0000000 _____ () C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 22:54 - 2017-01-09 22:54 - 0000001 _____ () C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 22:52 - 2017-01-09 22:54 - 0000000 _____ () C:\Users\Primitive\AppData\Local\stxtname.txt
2016-12-23 20:55 - 2016-12-23 20:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2017-01-01 20:00 - 2017-01-22 01:30 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 20:00 - 2017-01-22 00:32 - 0004188 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {9dc7cb4b-cd57-11e5-b7dd-a388bc2214f9}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
displaybootmenu No

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {bd7b75f8-cd57-11e5-b7dd-a388bc2214f9}
recoveryenabled No
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {9dc7cb4b-cd57-11e5-b7dd-a388bc2214f9}
nx OptIn
bootmenupolicy Standard
bootstatuspolicy IgnoreAllFailures

Windows Boot Loader
-------------------
identifier {bd7b75f8-cd57-11e5-b7dd-a388bc2214f9}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bd7b75f9-cd57-11e5-b7dd-a388bc2214f9}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bd7b75f9-cd57-11e5-b7dd-a388bc2214f9}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {eaa6785d-3138-11e4-9df6-810d00d19672}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\eaa6785d-3138-11e4-9df6-810d00d19672\Winre.wim,{eaa6785e-3138-11e4-9df6-810d00d19672}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\eaa6785d-3138-11e4-9df6-810d00d19672\Winre.wim,{eaa6785e-3138-11e4-9df6-810d00d19672}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {9dc7cb4b-cd57-11e5-b7dd-a388bc2214f9}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {bd7b75f8-cd57-11e5-b7dd-a388bc2214f9}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {eaa6785b-3138-11e4-9df6-810d00d19672}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {eaa6785d-3138-11e4-9df6-810d00d19672}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {bd7b75f9-cd57-11e5-b7dd-a388bc2214f9}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {eaa6785e-3138-11e4-9df6-810d00d19672}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\eaa6785d-3138-11e4-9df6-810d00d19672\boot.sdi

Device options
--------------
identifier {eaa6785f-3138-11e4-9df6-810d00d19672}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi


LastRegBack: 2017-01-09 20:00

==================== End of FRST.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Advertisement
Register to Remove

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 1st, 2017, 8:40 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (01-04-2017 20:39:18)
Running from C:\Users\Primitive\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 05:06:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233390903-2661952563-451428824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233390903-2661952563-451428824-503 - Limited - Disabled)
Guest (S-1-5-21-233390903-2661952563-451428824-501 - Limited - Disabled)
Primitive (S-1-5-21-233390903-2661952563-451428824-1001 - Administrator - Enabled) => C:\Users\Primitive

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Depth (HKLM\...\Steam App 274940) (Version: - Digital Confectioners)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Discord (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Git version 2.11.1 (HKLM\...\Git_is1) (Version: 2.11.1 - The Git Development Community)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7870.2024 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Natural Selection 2 (HKLM\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online.io Application (HKLM-x32\...\{F0847AE0-465A-4D7B-A555-AABB43B550F0}) (Version: 2.1.0 - Microleaves) <==== ATTENTION
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
ROBLOX Player for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Super Hexagon (HKLM\...\Steam App 221640) (Version: - Terry Cavanagh)
Traffic Exchange (HKLM-x32\...\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}) (Version: 2.1.0 - Microleaves) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {236D5E93-AC70-40C8-8507-71ED54E82425} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {3F2DCA07-5247-4396-A732-55CFACB24016} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {3F39F139-E558-49F2-94D9-5443E998C7DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45A64C74-3F8C-42EE-8DEB-DF1A83FCCD4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {5DBF077D-34EF-4AC4-ABE9-B051D1CC57E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {66E21683-3ABA-4D5F-B96A-97B64E81E6F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {718654D7-45FE-4114-8169-D671714DB898} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7813514E-C52D-4C08-BCE8-6CFD9B1B3685} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {7EA057AD-62FC-43FD-BE2E-2A8DC9D0A261} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {95BF1522-875E-4138-B6E6-A36B795D7D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {AE34D356-1919-4106-9136-CD5F218496D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {B481EED0-482D-4E11-B005-299A4747938A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B5015F98-BD11-457C-AF42-4257BD35FEFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-08] (Microsoft Corporation)
Task: {BF3CD351-0A42-4629-87ED-61FC9961439A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {C62F2AFE-67E3-4033-B157-B302AA4C9F01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {F8691C31-7151-4D63-ABB0-CA44666DB472} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-27 17:09 - 2017-03-08 19:25 - 02264352 _____ () G:\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-02-07 01:10 - 2017-03-16 19:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 20:11 - 2016-05-19 20:11 - 00959168 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 23:27 - 2017-02-25 04:59 - 08921648 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-16 21:30 - 2017-01-16 21:30 - 00230064 _____ () G:\rhinobot\Notepad++\NppShell_06.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-07 03:36 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:31 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 18:34 - 2016-10-25 00:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 18:33 - 2016-10-25 00:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 18:34 - 2016-10-25 00:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 18:33 - 2016-10-25 00:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-15 01:09 - 2015-10-27 07:30 - 00440832 _____ () G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
2017-01-23 09:31 - 2017-01-23 09:31 - 01037824 _____ () C:\Users\Primitive\AppData\Roaming\Rainmeter\Plugins\SpotifyPlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00173568 _____ () G:\Rainmeter\Plugins\AudioLevel.DLL
2017-01-01 09:59 - 2017-01-01 09:59 - 00120832 _____ () G:\Rainmeter\Plugins\QuotePlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00093696 _____ () G:\Rainmeter\Plugins\Process.DLL
2016-10-08 15:14 - 2017-02-23 14:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-10-08 15:14 - 2017-02-23 14:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-08 15:14 - 2017-02-23 10:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 15:14 - 2017-02-23 10:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-10 19:46 - 2017-02-01 05:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-10 19:46 - 2017-02-01 05:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00025088 _____ () C:\Windows\SYSTEM32\GamePanelExternalHook.dll
2016-10-09 15:09 - 2017-04-01 20:37 - 67725936 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libcef.dll
2016-10-09 15:09 - 2017-04-01 20:37 - 01929840 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libglesv2.dll
2016-10-09 15:09 - 2017-04-01 20:37 - 00087152 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\google.com -> hxxps://google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-04-01 18:36 - 2017-04-01 17:23 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233390903-2661952563-451428824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primitive\AppData\Roaming\Rainmeter\Layouts\Test\Wallpaper.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{623EAC45-1598-4EEE-BD2F-C554D19FAA58}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{882D562F-D8CF-47F0-91D5-5FF20B26E4D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F32F6EE-7D5A-4F87-890D-C43E6E5B1D6B}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{37B62C7A-6269-448C-B0F0-C5F4DD354D39}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{62D0C5AA-BAC2-46E9-875E-4A481824893A}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13C2835A-1846-4F6B-8DBB-D5013C3538E6}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E12D0410-C1CD-4A84-9D2B-A549A6FE2C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{66C4B93B-2AA9-4B9B-8CBD-B461DFB712E2}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3908B23D-06E8-409A-955B-5EB59B18597B}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{450E2008-E396-433A-A2C2-A8DD4DA0B3CE}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{44F09366-8258-4497-AE39-AAF7A7B95146}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A0E6F6F2-A76C-4190-A05C-EEC139D4A3A9}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{436E6A5A-63DA-466D-97E6-04584B352F1B}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{AF18843B-D775-4C5B-961C-E4BE8E0D4D85}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C2B76408-6377-4C86-8CA0-23DC44A17D81}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFDDC1C2-D40E-452E-BA03-AD93719A722A}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{0C7AE528-35AA-4CA9-BEEF-9273410642C4}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [TCP Query User{F94CD4E5-A551-4850-AC31-08A71433FA3E}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{4CCE744F-9643-4D7F-8D50-08A1F5F83204}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{F2230469-9934-4F74-B6BB-F29B3E279064}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1999BC2-8EC4-468A-BC7F-0D0176ADE6A1}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{212B39BF-7C90-4A18-A2A0-49AEE8CBB838}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{73721E6F-4821-40A6-92A7-4A410A50DD18}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{0CC94886-5F31-440B-8375-8650C49219BA}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1327FD25-DABA-4F25-8721-6FF3482ABA8E}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{23BC6235-E46E-443A-A509-DBB2C0214867}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7A57483F-0EDC-4AAA-8F16-7E6225D68E64}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [{8BC5D79D-ECCB-4824-9964-F2E73A249C60}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E2B86AF-644D-43C9-9426-2B434A9EC1DA}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{826E5577-F48E-48C4-B788-4237C7C64054}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{8EE5BE3A-F201-4B23-92EA-00303D2F81B9}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{71689633-D477-4FA3-93C7-39DBD8D16D0B}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [UDP Query User{27419A28-CEAF-4934-9067-F9E56798A149}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [TCP Query User{6BB72CFE-E6C9-488E-AFF8-4C42BB966AD3}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6347567-B904-4E85-8E5E-D12FE7AD6B69}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{0B7EA474-5A25-4B8A-B994-1513540C3243}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2A64718-D7CE-425D-8560-15ABFD84E229}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7736D49B-8E9F-4C87-855D-E2A19BCCB59C}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B00BB64-BBE7-49F4-B690-75EF262E2C5E}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [{F11A6418-583B-4BF4-BBB3-D99BBB3B311F}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F3B40AAB-4713-4A2E-A857-1DD7013ACAAC}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{1A7FB639-11ED-46E5-8932-FA17C6FC5D7E}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{A5C8EBCC-699E-4F6F-BFD8-BF07593D6353}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{2E6C0288-6D7C-4326-AEB4-EAD4FC13974A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38366E24-9DD0-49C6-B75F-B82810C36C0A}] => (Allow) LPort=2869
FirewallRules: [{933CF27E-CDC8-46C2-8C32-54C742A26086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{554E64E0-949D-48E5-A53D-1F12FD8B9D3E}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E374850A-708E-450A-8CC5-5F768F4CBE08}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [TCP Query User{A034A264-0945-466C-B892-5A5228B0651D}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{C5F98DCB-D2DA-4B11-9343-035AE2F2AB7F}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{1BDF9A2F-CD29-4E5E-A082-C38AF929DAE3}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [UDP Query User{7613A658-F25F-4404-8E58-F5EA70D316C2}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [{8A0F9ABD-4B7B-4B99-BBD7-A0C569DE9D3C}] => (Allow) LPort=3724
FirewallRules: [{2FDD3BE2-9AE2-4E50-87D5-C75A81102691}] => (Allow) LPort=80
FirewallRules: [{64B5E32C-9C1B-46CD-B0C0-AF4960C6BA50}] => (Allow) LPort=3724
FirewallRules: [{0F99289A-A5F7-422C-9402-3B7926840156}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D062639C-BE7D-4157-9324-71092FA90889}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E0E46D31-D846-433F-93BB-C40904D76206}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6D25C008-C437-4F1F-BDB4-836EB6CD91C7}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{63443DFF-2AB7-43C1-8214-30B975D2C89E}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5570ED2F-A868-4505-8D6F-AF68B4627C86}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{932D63EC-38F6-4AE0-9D77-51B8E11419A7}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{8B4BD4CE-9BC1-4122-84CD-E06FC899FDFD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{A97DEDDE-8734-44C5-8468-66F39BBE8CF0}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{F5F33787-D7C4-4739-948D-4CF5489C3196}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{699B12A2-F38A-45F5-90A0-C0D6FA07048C}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{0A946021-97EC-4123-8B35-3F540E4C0B87}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{2532257F-66FE-4A7F-B558-7DEB53E91923}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E847E4B7-F8CA-40EF-BE4E-7178535D8AFF}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{0689DDDF-B42B-4EE1-97E3-C93CB1769EC1}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A6FE3A00-4642-44DB-A8E7-6DC7EDC91103}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{2860814A-C858-435B-93FF-CAEAF06283E5}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B71182B9-2FF4-4350-A587-12661B101AE2}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{D7323373-425E-4712-9CAF-B9EAAA0BD3BD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{2FC5CCF0-1EBA-4F2E-AEF2-3564E3BE2089}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{8599F9E1-4132-4FCE-9E2A-134AF4221A9F}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{8491AA07-3E7C-4D2C-970F-6DDD8647E6E2}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{680C8538-AB76-4C9D-AA64-88528517232B}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{90022BBC-7821-4A38-8499-7D4720C7F399}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{70314229-B02C-47BC-803D-36EAD79CB19E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{809CF0FE-0CFC-43F4-8B08-DE1EA5404EC2}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{0A4BB1E4-2739-45A6-9B44-7574F239D6FE}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1EE99792-B9F5-4336-B6A4-67CDE297D939}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A731D180-3785-4690-B244-8E072AACA54B}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7890BBC5-C71C-45FC-90CA-F355C715C194}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [{85A541F6-343A-415C-B0CC-41F490595474}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{B3306EE5-DEE6-4CDA-B7FE-EF05D863260D}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6134967A-DD57-43EE-9C37-B49E9B734E02}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{D7997AEA-89B2-4C2D-8D18-197288A3B3D6}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{A3F2F9DB-7E59-4228-B86B-90275A4CECC1}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{72E3CBF9-EA97-42BF-AEBB-C409E5EAE144}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{53EF9765-8F3F-4CE0-891F-6ABD0BCCF0CA}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BA877EC9-C8B6-482F-8301-28A60C63338D}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{F4B04EE7-CE5B-43A7-B020-7300ED880910}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [{4CD296B7-581C-4259-BACC-6CD4A284EF77}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [TCP Query User{50C74FB9-13D1-4C0F-B363-2C3454C39C2F}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [UDP Query User{4E57BD46-5D4B-4445-BEAE-89D68AF55E29}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [{DE1E98E7-D7D7-4D9A-B4D2-13432A2B5137}] => (Allow) G:\MHO_Setup_1.0.10.281.exe
FirewallRules: [{AA64C9C3-345B-45A6-B70C-0160C707B77D}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{67205B16-3A61-4047-AD66-C2BCE10F7EBC}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{DB59E90A-56E4-420D-9F34-A77FFD35A498}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{FC74637D-B211-4EFB-AEE3-CACE48FDDBDC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9640D995-3E8B-4B47-B24E-D1DF382E7A36}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{CEDE9F51-5B8F-4CCD-B830-73E73E7F7A8E}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{40741CA0-A58F-4341-AD44-A15FEC3B0B70}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{3A379FC4-8321-492C-AB7E-F9C97A82FA62}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [TCP Query User{01336705-8EAD-4B36-BF65-D9C44FA9FEBC}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{3B9A6431-CFC2-4DC3-A89B-53215014C478}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{B1FE646A-C2FB-45D2-A8E9-CB422DB1CCAC}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{91C7C2FF-6B69-4EE3-84A5-D879D600722F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{CCCB8CA6-598C-4530-947B-AAB3BDF7AAE3}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{29501E58-6243-482A-991A-4846F989EE04}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{B72F9913-9157-41F6-86AA-209D85553F52}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{AD359F3F-BDBE-4180-A8BD-DD70B3A26389}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{1B669228-ECC6-4BD2-8A6F-5F16E4BB126A}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{F5F2B9C2-95EF-439B-9CF3-52C59EC8258F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [TCP Query User{4EE97130-FC57-4E76-AC59-99C458FA3C80}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{5B808CD5-68F6-496E-B030-D5313FC11F38}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9E7CC219-9CB1-4CD5-9335-EBE8533250B9}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{239FFC90-287E-495D-AB59-7FC23145B069}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [{58497E58-8543-4AF6-BF1A-C796522D7DA6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{47E63243-0844-48FE-9178-FAC61F31B063}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C30F45C8-7A7E-43BA-9AAA-5A0A299DA24C}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E2717E1C-8DA8-449D-A315-2559FA37A472}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01F09A5D-56CE-4C06-B469-C085C6012A5F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{80F297EA-BC13-4FB9-8DDF-2A331DAFCC40}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{61721D0C-C71A-426C-B802-0B547DC1B72F}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{43ACBCD6-DF48-4705-9F58-0FFE049BB002}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{F8CE015C-4705-49BB-9DAF-76AAF36EF185}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{395F18A2-BD53-4597-8E8F-3E6B097674BF}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{9CEF9ED1-1338-4485-8D6D-1179EC70FDA3}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B81A4465-DE02-478B-B2D9-E4AB64D227FA}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{C5FEAB5F-ED17-42C6-93BF-7AB26DB81BA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72E2569E-16E8-4425-88AC-00603841CFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{45330A66-5327-4487-8F80-32299908671A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C099841-F916-4F42-9021-A854C1357C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9220A0FA-B81F-4D45-AC6A-044F0B6CF166}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3C4E80F4-A092-4CB6-B540-A86C8952ABEF}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B710C0C4-08D9-4145-BE07-866286CB2C00}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{5F375B40-602F-416C-BAA3-3EF955EBE04A}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [{33153EA4-8120-4115-92CE-6BF18BA639F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2B9A0DD5-F582-4889-9535-849B35C83F43}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{17839E54-88C3-47D1-A7A0-01D3012CED39}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{72A80336-7300-4FDE-A344-9853CE2CCB18}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4D705E32-6B9B-47B0-9186-E328FEC23B20}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{98ED55A4-A4DA-4C4F-9BEF-37A596F6AFD4}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0AAF8FD3-D5E6-47BD-AE05-B74BAB84B9F1}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{4677494E-ED85-4AA0-A66D-902FBE60FB4A}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E4C68492-42B1-4604-915F-21EAAD919D23}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{CFA6BAC5-80B5-47DE-BF2D-209F657C615E}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{788EBD02-A83A-489C-9813-CF080BEFB30F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{0B5233E7-8472-4AC6-8565-AD80C46D3885}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{401DF6F8-8DC1-4ACB-8AD5-ABCD9EC01CAB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{DE649370-1ED2-4595-BCD2-B0A032E1640E}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4805A180-E9B2-49F8-AA75-0D4C081DFB89}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DAE0D35D-7DB3-41D4-9723-ED957BB53903}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9F098143-7E37-4D90-973B-602A203A55A0}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B5BB3F9-0A5A-4288-82B7-2353A6C24341}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4F1A7742-DF00-4870-B9B5-C7E64624FE46}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{51BC0EDE-9905-4195-84C8-BF8939908167}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C15FC5C7-99CF-4E5A-81C4-5A877BDBEE9D}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{601CBF0E-78FD-4E8C-8772-947FB93CC163}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{4F1CDB89-3C49-433D-86B1-2D5CC565EF99}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{36D44B57-18D0-4CCB-857D-EAD0612ED622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A61ED98D-9440-405A-ADB5-1EAEF2939046}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D69BDBC-C579-450C-959A-516BBF68A966}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EDF74F32-C9FB-41CB-8C78-D08F9A57FDC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1406EE3-FB4E-40B4-BB3C-791F4B8E61EA}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5A8C7D3-2EF3-40DF-B166-6F8856341311}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{039CC2A6-8753-4013-81A2-192A59E09349}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{76A2E5F8-8DE7-403B-943C-444F76A881A3}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8D0D9326-C7CC-49CA-B92A-2066BC8FB3B4}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{05B77BB7-1039-449D-8CF0-2FE18A7D3B2B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AAD8536A-C438-4191-8919-10DAB48B0B5B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35C23D4C-B2E7-4FEE-B85D-A3F57B11B1D2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{794435CE-BA25-4692-9EF8-FEE00FC5ABC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06BD6921-70BE-4F1F-9A4F-FC21D6F2519F}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{838F76D9-1920-427F-94F4-5628B0920463}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B533F19-34FF-4DCC-8EB9-45195214C599}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8FA91647-E1BB-4C0A-8020-07B890998ED0}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4D3DDB90-2F38-49FA-A655-293BAACD5A1F}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DBCE5122-0967-41F0-983B-1BB6E7E6E5B9}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F285FC3E-1572-4385-AB56-B7D21DE2B1BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB42E26-0AF2-4681-80E8-B3CFA38A5EB1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B6E957B7-7F7D-4B16-8C4F-95446738EDEF}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [UDP Query User{854267C1-E051-42CD-8387-E8599E49DFED}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [{A5656CAA-E9E5-4CC3-8A79-9724545EB2FE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe
FirewallRules: [{24C5640D-65EF-4A6C-B98C-25D98020B0BA}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [{CDB59CAC-6EA0-44E9-B9C5-79DEF750C615}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [TCP Query User{257134CB-FB7F-4A5F-B70E-615278E2F341}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [UDP Query User{B9B4FABC-C0C7-4271-873D-AAB2E8375D52}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [{94165F0E-E46B-4FAD-819B-F80DD84B6B2E}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\MHO_Setup_2.0.11.371.exe
FirewallRules: [TCP Query User{54C272DB-35D3-4B75-8531-03FA9660D41F}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{3E26C92C-C10E-4022-8C7B-2B853009E665}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{74A20A0A-A3A0-4E05-A6A1-3E19C20C810F}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{6BAC593A-0CCB-4133-87FE-87FF5647C786}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{1CDB3F0C-5413-44ED-A81C-275A4F02EB44}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{6A10EFAA-6B24-4BA9-91F8-D2C1EB57E198}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{9F0E65CA-13E0-41A0-A772-D6BAD6AC2008}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{8DFF6AEE-9F5E-4982-B96F-6855C931C2AB}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{50AC1C5E-C9B2-4D1D-8157-85CFE9721CB0}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{B5DAAF87-D3EC-484D-AF79-C975877DB8CE}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{BE36E881-D2F3-4BDA-873B-D5E344EC19C8}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{684762C8-09C7-4D20-9CB2-0AB204FCB721}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{75E28886-DB3E-42BD-AEF6-4AFC51A2893F}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{73C8C34B-996A-42BB-9E0A-83CBC1746732}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D8DA5CEC-1D66-42C7-8B78-73163972EB98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9C0CA1A0-16C0-465B-B993-B151C7891A50}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{40E2A678-1545-4C46-A612-8AAF7EC23DD1}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [TCP Query User{9739C598-80F5-4741-8A01-E3E405A3F46B}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0C3A87F1-55D8-4C31-8311-9F6E02BE9576}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{263AD6B1-E37B-455B-A44C-CD7DCE21974E}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{9240B2EF-2D8E-4E3E-A98B-97128E127B4D}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{8D538934-A429-4E32-A470-6ADBCED3F4AB}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{0587789B-43B1-4355-96D1-2C34AA798207}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{84627E43-4C3B-4134-989E-FFFF1949E403}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{E0BAB900-2391-4176-8E6D-DB728B375794}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{0038157B-6185-4D54-B6F8-1DEF5B874968}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{85ADC883-0E27-4BAA-B655-671EE5D7B47E}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{2D823A37-E0A3-4866-8820-2FCEC2F45594}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2FAEF020-50D4-41F4-8AF1-DCE6C6DB74D0}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

30-03-2017 19:29:06 Malwarebytes Anti-Rootkit Restore Point
01-04-2017 18:36:57 Restore Point Created by FRST
01-04-2017 20:26:34 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2017 08:26:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/01/2017 06:43:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/01/2017 06:40:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/01/2017 06:39:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/01/2017 06:36:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/01/2017 06:36:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {79c11c0f-d753-4c6d-bdfc-f6208a8043a2}

Error: (04/01/2017 05:07:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent

Error: (03/31/2017 04:52:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/31/2017 04:49:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/31/2017 04:48:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: EMODEL.dll, version: 11.0.10586.713, time stamp: 0x5833eb23
Exception code: 0xc0000409
Fault offset: 0x0000000000129bef
Faulting process id: 0x1cf8
Faulting application start time: 0x01d2aa6030acd197
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: 57ab99cc-4978-44de-a4c9-3d2b9a56ec8f
Faulting package full name: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge


System errors:
=============
Error: (04/01/2017 08:35:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (04/01/2017 08:35:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (04/01/2017 08:35:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

Error: (04/01/2017 08:35:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_7975b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/01/2017 08:35:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_7975b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/01/2017 08:35:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_7975b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/01/2017 08:35:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_7975b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/01/2017 08:32:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/01/2017 08:32:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/01/2017 08:32:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================
Date: 2017-03-24 20:04:45.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-02 23:02:35.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-19 19:02:26.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-11 23:42:31.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 20:20:45.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-09 21:55:28.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 21:07:40.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 14:23:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 18:59:40.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 18:20:33.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 34%
Total physical RAM: 8143.07 MB
Available physical RAM: 5343.15 MB
Total Virtual: 14799.07 MB
Available Virtual: 11767.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.01 GB) (Free:19.16 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.39 GB) (Free:361.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E8FD8D51)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 2nd, 2017, 11:58 am

Hello JustTheEngineer,


Your logs are looking much better and the main infection appears to be gone. We still have more work to do, so I will ask that you stick with this topic until I give you the "all clear".


Please do the following..


  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
    • Online.io Application
    • Traffic Exchange
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe

CMD: bcdedit.exe /set {bootmgr} displaybootmenu Yes
CMD: bcdedit.exe /set {current} recoveryenabled Yes
CreateRestorePoint:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


I need you to run a search using FRST..
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;Traffic Exchange;Online.io

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.


Let's do an online scan to make sure we didn't miss anything..

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Close all opened programs, open your browser and go to the following link: ESET Online Scanner.
  • Click on the SCAN NOW button under ESET Online Scanner.
    • Depending on which browser you are using, you might be prompted to download an executable file.
    • Please save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    • If you agree to the Terms of use, select Accept to continue.
  • Please check the following option:
    • Enable detection of potentially unwanted applications
  • Select Advanced settings and ensure that the following options are checked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Make sure that the following option is NOT checked: => Very important!
    • Clean threats automatically
  • Click Scan and the process will now begin. Please do not use your computer while the scan is running.
  • Once the scan is completed, click Copy to clipboard.
  • Open the Start menu and type notepad.exe in the search programs and files box.
  • Press Enter. A blank Notepad page should open, paste the contents inside the window.
  • Save the file as ESETScan.txt.
  • Please copy/paste the contents of ESETScan.txt in your next reply.
  • You can now safely close the program.
    Do not forget to re-activate your Antivirus at this point.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problems while following the instructions?
  • fixlog.txt
  • SearchReg.txt
  • ESETScan.txt
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2301
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 2nd, 2017, 1:15 pm

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (02-04-2017 13:13:10) Run:2
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe

CMD: bcdedit.exe /set {bootmgr} displaybootmenu Yes
CMD: bcdedit.exe /set {current} recoveryenabled Yes
CreateRestorePoint:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\rainey => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\uplifting => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\weyman => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\weymanweyman => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cardiac => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cardiaccardiac => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\maternal => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pacifying => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mcnab => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\deleon => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\accusation => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hits => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 => value removed successfully
C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk => moved successfully
C:\Program Files (x86)\acidosis\popularity.exe => not found.
C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk => moved successfully
C:\Program Files (x86)\Hits\omagh.exe => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep => key removed successfully
"C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk" => Could not move.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECEEF00D-A964-4D2E-B07C-F1416D28C662} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDA10417-98CE-4E1B-A851-8B3AEF1EE378} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C14106C9-8997-405B-B721-26E3FE0AEEE1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05EA7D8A-7FF5-4521-B9C9-6771B65766F3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8609F1BC-8209-48BF-BB46-BCE98E4C61C7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9} => value removed successfully

========= bcdedit.exe /set {bootmgr} displaybootmenu Yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {current} recoveryenabled Yes =========

The operation completed successfully.

========= End of CMD: =========

Restore point was successfully created.

==== End of Fixlog 13:13:26 ====
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 2nd, 2017, 1:16 pm

Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (02-04-2017 13:16:18)
Running from C:\Users\Primitive\Desktop
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;Traffic Exchange;Online.io" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
""="IUccUserSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{54562FBC-5A84-4461-8BC9-590737E5DE13}]
""="IUccUserSearchQueryEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
""="_IUccUserSearchQueryEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{61960836-db1f-366a-85ce-82e5f5f03e4d}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{9ccc001b-685e-3fa6-8d82-bd6bcce26b4f}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"


===================== Search result for "trolltech" ==========

[HKEY_USERS\.DEFAULT\Software\Trolltech]

[HKEY_USERS\.DEFAULT\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech]

[HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]

[HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]

[HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]


===================== Search result for "Traffic Exchange" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\LZMA\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\2.1.0]
"AI_ExePath"="C:\Users\Primitive\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\Traffic Exchange2.1.0.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2]
"ProductName"="Traffic Exchange"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2\SourceList]
"PackageName"="Traffic Exchange.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2\SourceList]
"LastUsedSource"="n;1;C:\AppData\Roaming\Microleaves\Traffic Exchange 2.1.0\install\EC1992D\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2\SourceList\Net]
"1"="C:\AppData\Roaming\Microleaves\Traffic Exchange 2.1.0\install\EC1992D\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Microleaves\Traffic Exchange\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v209 - 2.job"="0x4D875425CC60E0A3C3BD437EAF66094CFE706B3A678135A8799F9570CDB6F1F364765CDD6B5A7FA0A741558BCB4BBC5023405B79B9D0B116566AC285828FCF23"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v209 - 2.job.fp"="3084135861"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v2 - 3.job"="0xE842DEC81D5E900F38D1BB7981700A53AD9B7722A0FA2BB7C0A7CA78C461F88AE6766D731C5BA0A2BFE0C0BEDCB86F2F70EB4F30F3EBF965CDE20CD1C0EE3DAC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v2 - 3.job.fp"="3172248059"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v209 - 1.job"="0xBA915FD21BFF92FDC8453B9415D34099C54B6DC2F823C6C907179B45503410F0D47D231739DBDC45187C9FCCCFF8B79BC0350FE3625614FCF948E11132989A6C"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v209 - 1.job.fp"="920736634"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v2 - 2.job"="0x9DC29A1FC6DBB57C37B9DAFA776E61CD24FCEEE73B728D0E9F738605F4B301AC53B6C4F788AAAEA9464A5F73A61CFE0AD3B8CC313373D833E68C98A05B59203F"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v2 - 2.job.fp"="3350753967"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v209 - 3.job"="0x096780A6B11B696AB2C30F442D17C2F6AE136419B728761F2553492F56FE3516494E813FC6EFDB8D8F613B374EDAEF6978A542B41E1F2740FE851C2989049E00"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v209 - 3.job.fp"="2730665304"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v2 - 1.job"="0xF0903508E0F0550EB9E0A0DCC8659123E836762E33F9120B8A17F028349C802166BB437CB0BC03B7F4B05C0122540ACB8A45EFE8094D95F682C8D62173E63F7F"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"Traffic Exchange v2 - 1.job.fp"="1436190017"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"TrafficExchangev2092_ID"="Traffic Exchange v209 - 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"TrafficExchangev23_ID"="Traffic Exchange v2 - 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange Updater"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange Updater_ID"="Traffic Exchange Updater"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"TrafficExchangev2091_ID"="Traffic Exchange v209 - 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"TrafficExchangev22_ID"="Traffic Exchange v2 - 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"TrafficExchangev2093_ID"="Traffic Exchange v209 - 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"TrafficExchangev21_ID"="Traffic Exchange v2 - 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange_ID"="Traffic Exchange"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange Guardian"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange Guardian_ID"="Traffic Exchange Guardian"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange Guard"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{2A0F7B3A-FB2A-4341-971D-81339E206BF1}]
"Traffic Exchange Guard_ID"="Traffic Exchange Guard"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
"Comments"="This installer database contains the logic and data required to install Traffic Exchange."

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
"InstallLocation"="C:\Program Files (x86)\Microleaves\Traffic Exchange\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
"InstallSource"="C:\AppData\Roaming\Microleaves\Traffic Exchange 2.1.0\install\EC1992D\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
"DisplayName"="Traffic Exchange"


===================== Search result for "Online.io" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\LZMA\{F0847AE0-465A-4D7B-A555-AABB43B550F0}\2.1.0]
"AI_ExePath"="C:\Users\Primitive\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\Online.IO-installer2.1.0.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
"Contact"="contact@online.io"

====== End of Search ======
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 2nd, 2017, 4:45 pm

C:\AdwCleaner\quarantine\files\pzukfruprxdekffrlopxfevsecaqsefs\Online.io Application\Online-Guardian-v2.0.9.exe a variant of Win32/Adware.OnlineIO.A application
C:\AdwCleaner\quarantine\files\pzukfruprxdekffrlopxfevsecaqsefs\Online.io Application\Online-Guardian.exe a variant of Win32/Adware.OnlineIO.A application
C:\AdwCleaner\quarantine\files\pzukfruprxdekffrlopxfevsecaqsefs\Online.io Application\OnlineGuardian-v2.exe a variant of Win32/Adware.OnlineIO.A application
C:\AdwCleaner\quarantine\files\pzukfruprxdekffrlopxfevsecaqsefs\Traffic Exchange\Online-Guardian-v2.0.9.exe a variant of Win32/Adware.OnlineIO.A application
C:\AdwCleaner\quarantine\files\pzukfruprxdekffrlopxfevsecaqsefs\Traffic Exchange\Online-Guardian.exe a variant of Win32/Adware.OnlineIO.A application
C:\AdwCleaner\quarantine\files\pzukfruprxdekffrlopxfevsecaqsefs\Traffic Exchange\OnlineGuardian-v2.exe a variant of Win32/Adware.OnlineIO.A application
C:\FRST\Quarantine\C\Program Files\2a3f425bfffb88bb1aaf86a4ef800345\071e0e479938819a36c0a27faf9425b5.exe a variant of Win64/Riskware.NetFilter.P application
C:\FRST\Quarantine\C\Program Files\2a3f425bfffb88bb1aaf86a4ef800345\2ae489cfa331c4501eac8bbd390cc668.exe a variant of Win32/Wajam.AJ potentially unwanted application
C:\FRST\Quarantine\C\Program Files\2a3f425bfffb88bb1aaf86a4ef800345\75dffb6da80dd620d53b0fc631c7fcbc.exe a variant of Win32/Packed.NSISmod.AI suspicious application
C:\FRST\Quarantine\C\Program Files (x86)\ParentalControl\ParentalControl.exe a variant of Win32/Kryptik.FQHF trojan
C:\FRST\Quarantine\C\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE.xBAD a variant of Win32/Tencent.E potentially unwanted application
C:\FRST\Quarantine\C\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll.xBAD a variant of MSIL/Adware.Agent.AQ application
C:\FRST\Quarantine\C\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe.xBAD a variant of Win32/Packed.NSISmod.AI suspicious application
C:\ProgramData\KMSAutoS\bin\TunMirror.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\ProgramData\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\All Users\KMSAutoS\bin\TunMirror.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\All Users\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Windows\System32\BIT8DED.tmp a variant of Win32/SpeedBit.BG potentially unwanted application
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application
G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Youku\youkuclient_setup_gwlr_6.7.3.11247.exe a variant of Win32/YouKu.A potentially unwanted application
G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\dependency\youkuclient_setup_gwlr_6.7.6.12189.exe a variant of Win32/YouKu.A potentially unwanted application
G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\TCLS\plugins\TCLSUPDATE.EXE a variant of Win32/Tencent.E potentially unwanted application
G:\The Ark Project\DOCUMENTS\Alienware-Windows-Theme-Pack-2.zip Win32/OpenCandy potentially unsafe application
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 3rd, 2017, 6:24 am

Hello JustTheEngineer,

I still have one more fix to perform and if all is well, then I will help you re-install your Chrome extensions..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()
C:\ProgramData\KMSAutoS
C:\Users\All Users\KMSAutoS
C:\Windows\System32\BIT8DED.tmp
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
[-HKEY_USERS\.DEFAULT\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech]
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\Microleaves\Traffic Exchange\" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 2.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 2.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 3.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 3.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 1.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 1.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 2.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 2.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 3.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 3.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 1.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 1.job.fp" /f

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


How is your computer behaving?


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problems while following the instructions?
  • fixlog.txt
  • Update on computer's behaviour
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2301
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 3rd, 2017, 3:30 pm

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (03-04-2017 16:30:36) Run:3
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()
C:\ProgramData\KMSAutoS
C:\Users\All Users\KMSAutoS
C:\Windows\System32\BIT8DED.tmp
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}]
[-HKEY_USERS\.DEFAULT\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech]
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\Microleaves\Traffic Exchange\" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 2.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 2.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 3.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 3.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 1.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 1.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 2.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 2.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 3.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 3.job.fp" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 1.job" /f
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 1.job.fp" /f
*****************

Restore point was successfully created.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?pi? G?m?s L?un?h?r.lnk" => Could not move.
C:\ProgramData\KMSAutoS => moved successfully
"C:\Users\All Users\KMSAutoS" => not found.
C:\Windows\System32\BIT8DED.tmp => moved successfully
G:\Non-Steam Games\Deus Ex Human Revolution Complete Edition\steam_api.dll => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2 => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D} => key removed successfully
HKEY_USERS\.DEFAULT\Software\Trolltech => key removed successfully
HKEY_USERS\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Trolltech => key removed successfully

========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Program Files (x86)\Microleaves\Traffic Exchange\" /f =========

Delete the registry value C:\Program Files (x86)\Microleaves\Traffic Exchange" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 2.job" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 2.job.fp" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 3.job" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 3.job.fp" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 1.job" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 1.job.fp" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 2.job" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 2.job.fp" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 3.job" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v209 - 3.job.fp" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 1.job" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures" /v "Traffic Exchange v2 - 1.job.fp" /f =========

ERROR: Access is denied.



========= End of Reg: =========


==== End of Fixlog 16:30:45 ====
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 3rd, 2017, 3:33 pm

I had some issues saving the file fixlist.txt file. When I saved the fixlist file it gave me this message:
Image

I don't notice any difference in my computer's behavior. Everything seems normal but I don't think the fixlist did much since the log repeatedly says "Access is Denied".
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 3rd, 2017, 6:44 pm

Hello JustTheEngineer,

Here is a modified fix, please note that I need you to save the fixlist in UTF-8 format. How to do this is explained in the instructions below.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:

C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk
G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Traffic Exchange\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 2.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 2.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 3.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 3.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 1.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 1.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 2.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 2.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 3.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 3.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 1.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 1.job.fp

    • Click on File and select Save as.
    • Select UTF-8 from the drop-down menu next to Encoding:
    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2301
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 3rd, 2017, 6:50 pm

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (03-04-2017 19:49:08) Run:4
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk
G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Traffic Exchange\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 2.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 2.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 3.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 3.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 1.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 1.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 2.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 2.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 3.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v209 - 3.job.fp
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 1.job
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Traffic Exchange v2 - 1.job.fp
*****************

Restore point was successfully created.
C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk => moved successfully
"C:\Program Files (x86)\Internet Explorer\iexplore.bat" => not found.
C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk => moved successfully
"C:\Program Files (x86)\Google\Chrome\Application\chrome.bat" => not found.
C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk => moved successfully
"C:\Program Files (x86)\Google\Chrome\Application\chrome.bat" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
"C:\Program Files (x86)\Google\Chrome\Application\chrome.bat" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk => moved successfully
G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Microleaves\Traffic Exchange\ => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v209 - 2.job => value not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v209 - 2.job.fp => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v2 - 3.job => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v2 - 3.job.fp => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v209 - 1.job => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v209 - 1.job.fp => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v2 - 2.job => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v2 - 2.job.fp => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v209 - 3.job => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v209 - 3.job.fp => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v2 - 1.job => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\\Traffic Exchange v2 - 1.job.fp => value removed successfully

==== End of Fixlog 19:49:16 ====
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 3rd, 2017, 7:23 pm

Hello JustTheEngineer,

Good! It looks like the fix went well this time. :cheers: Now you can try re-installing your Chrome extensions and if you are unable to, please let me know the exact message that appears on screen.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2301
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 3rd, 2017, 10:19 pm

Image
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » April 4th, 2017, 5:03 am

Hello JustTheEngineer,

Please follow the instructions below to uninstall/re-install Chrome..

Before proceeding it is necessary that you save all your bookmarks. The instructions for doing so can be found here.

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
      Google Chrome
  • Select uninstall.
  • Ensure that Also delete your browsing data? is checked. => Very important!
  • Answer any question attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.


To re-install Google Chrome, please do the following..
  • Click on the following link: Google Chrome.
  • Read the Terms of Service and select Accept and Install.
  • Save ChromeSetup.exe to your desktop.
  • Go to your desktop and right-click on ChromeSetup.exe and select Run as administrator.
  • Google Chrome will then install itself.
  • When the process is over, Chrome will open.


Are you able to re-install your extensions now?
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2301
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » April 4th, 2017, 4:31 pm

No, I still get the same error message.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 87 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware