gracethegame
Posts: 31 +0
Thanks for any assistance, much appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by VoRTeX (administrator) on DESKTOP-TPGC04Q (27-05-2017 13:58:45)
Running from C:\Users\VoRTeX\Desktop
Loaded Profiles: VoRTeX (Available Profiles: VoRTeX)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) D:\VMWARE\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClientUx.exe
(Hammer & Chisel, Inc.) C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Twitch.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.104.210.0\OverwolfBrowser.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hammer & Chisel, Inc.) C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClientUxRender.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper64.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClientUxRender.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Coherent Labs) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Overlay\v7.5.6345.42403\Coherent2\Win32\host\CoherentUI_Host.exe
(Coherent Labs) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Overlay\v7.5.6345.42403\Coherent2\Win32\host\CoherentUI_Host.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Games\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8495320 2015-06-23] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [110144 2013-03-06] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-02] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [GalaxyClient] => D:\Games\GOG Galaxy\GalaxyClient.exe [4954176 2017-05-24] (GOG.com)
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-05-14] ()
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [Discord] => C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-237858683-371699212-526533624-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2017-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\VoRTeX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-08]
ShortcutTarget: Twitch.lnk -> C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{689cb2df-f886-4c3a-b32a-f954bf376682}: [NameServer] 208.67.222.222
Tcpip\..\Interfaces\{689cb2df-f886-4c3a-b32a-f954bf376682}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{9b80582b-d0d4-4efa-9448-87c96f2ee39d}: [DhcpNameServer] 198.18.56.1
Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-07] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 4hfbiktp.default
FF ProfilePath: C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default [2017-05-27]
FF Extension: (Avast SafePrice) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\Extensions\sp@avast.com.xpi [2017-05-04]
FF Extension: (Avast Online Security) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\Extensions\wrc@avast.com.xpi [2017-05-04]
FF Extension: (NoScript) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-19]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\features\{bfdfe58d-d36c-4541-82d9-8b36e832b973}\disable-cert-transparency@mozilla.org.xpi [2017-04-19]
FF Extension: (Disable Prefetch) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\features\{bfdfe58d-d36c-4541-82d9-8b36e832b973}\disable-prefetch@mozilla.org.xpi [2017-04-19]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-07] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]
CHR Extension: (Google Slides) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-14]
CHR Extension: (Google Docs) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-14]
CHR Extension: (Google Drive) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-14]
CHR Extension: (YouTube) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-14]
CHR Extension: (Google Sheets) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-14]
CHR Extension: (Grammarly for Chrome) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Gmail) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
Opera:
=======
OPR Extension: (Sudoku) - C:\Users\VoRTeX\AppData\Roaming\Opera Software\Opera Stable\Extensions\mbjfhjpojofeekmpfeebpmhaapbefobf [2017-05-04]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-07-23] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [595704 2016-10-26] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2618104 2016-06-01] (Astrill)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-09] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
S3 GalaxyClientService; D:\Games\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-24] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-20] (GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-02] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-24] (Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-24] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-24] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154864 2017-05-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3124088 2017-05-22] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-08-06] (PowerUp Software, LLC) [File not signed]
R2 VMAuthdService; D:\VMWARE\vmware-authd.exe [99816 2017-03-21] (VMware, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by VoRTeX (administrator) on DESKTOP-TPGC04Q (27-05-2017 13:58:45)
Running from C:\Users\VoRTeX\Desktop
Loaded Profiles: VoRTeX (Available Profiles: VoRTeX)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) D:\VMWARE\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClientUx.exe
(Hammer & Chisel, Inc.) C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Twitch.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.104.210.0\OverwolfBrowser.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hammer & Chisel, Inc.) C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClientUxRender.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.210.0\OverwolfHelper64.exe
() D:\Games\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.77\deploy\LeagueClientUxRender.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Coherent Labs) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Overlay\v7.5.6345.42403\Coherent2\Win32\host\CoherentUI_Host.exe
(Coherent Labs) C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Overlay\v7.5.6345.42403\Coherent2\Win32\host\CoherentUI_Host.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Games\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Games\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8495320 2015-06-23] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [110144 2013-03-06] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-02] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [GalaxyClient] => D:\Games\GOG Galaxy\GalaxyClient.exe [4954176 2017-05-24] (GOG.com)
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-05-14] ()
HKU\S-1-5-21-237858683-371699212-526533624-1001\...\Run: [Discord] => C:\Users\VoRTeX\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-237858683-371699212-526533624-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2017-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\VoRTeX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-08]
ShortcutTarget: Twitch.lnk -> C:\Users\VoRTeX\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{689cb2df-f886-4c3a-b32a-f954bf376682}: [NameServer] 208.67.222.222
Tcpip\..\Interfaces\{689cb2df-f886-4c3a-b32a-f954bf376682}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{9b80582b-d0d4-4efa-9448-87c96f2ee39d}: [DhcpNameServer] 198.18.56.1
Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-07] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 4hfbiktp.default
FF ProfilePath: C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default [2017-05-27]
FF Extension: (Avast SafePrice) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\Extensions\sp@avast.com.xpi [2017-05-04]
FF Extension: (Avast Online Security) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\Extensions\wrc@avast.com.xpi [2017-05-04]
FF Extension: (NoScript) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-19]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\features\{bfdfe58d-d36c-4541-82d9-8b36e832b973}\disable-cert-transparency@mozilla.org.xpi [2017-04-19]
FF Extension: (Disable Prefetch) - C:\Users\VoRTeX\AppData\Roaming\Mozilla\Firefox\Profiles\4hfbiktp.default\features\{bfdfe58d-d36c-4541-82d9-8b36e832b973}\disable-prefetch@mozilla.org.xpi [2017-04-19]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-07] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]
CHR Extension: (Google Slides) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-14]
CHR Extension: (Google Docs) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-14]
CHR Extension: (Google Drive) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-14]
CHR Extension: (YouTube) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-14]
CHR Extension: (Google Sheets) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-14]
CHR Extension: (Grammarly for Chrome) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Gmail) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\VoRTeX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
Opera:
=======
OPR Extension: (Sudoku) - C:\Users\VoRTeX\AppData\Roaming\Opera Software\Opera Stable\Extensions\mbjfhjpojofeekmpfeebpmhaapbefobf [2017-05-04]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-07-23] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [595704 2016-10-26] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2618104 2016-06-01] (Astrill)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-09] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
S3 GalaxyClientService; D:\Games\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-24] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-20] (GOG.com)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-02] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-24] (Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-24] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-24] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154864 2017-05-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3124088 2017-05-22] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-08-06] (PowerUp Software, LLC) [File not signed]
R2 VMAuthdService; D:\VMWARE\vmware-authd.exe [99816 2017-03-21] (VMware, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)