Solved Windows has encountered a critical problem and will restart. (different type)

Devwa · Apr 21, 2018

Hello!

First I want to say that I'm not English, so sorry if I have some mistakes

Lately I was getting the error: "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now".

I know, it's an old error, but I made some research and for me the error is unique. It only appears sometimes, after like an hour from when I boot the Computer(computer details below).

VV More details about PC behaviour VV
It can be some kind of rootkit and I really hate that. Sometimes when I shutdown the PC it restarts for some reason and one time it took me to the Switch User screen. I only have the Admin user and it's without a password. When I got to that User Screen I needed a password. Luckly HE rebooted alone and I didn't need any password. I don't download any malicious files from the Internet, unles they are on Google Drive or MegaNZ. I hope I'm not spied by someone lol.

I had MSE, but uninstalled it for Kaspersky and run a scan on the C:\ Disk. It detected some Trojans and adwares and I got rid of them.

PC Details:
Windows 7 Ultimate
Service Pack 1
32-bit
I'm not a noob at computers, don't worry about that.

Regards,
Devwa

Broni · Apr 21, 2018

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Devwa · Apr 22, 2018

The logs are huge, I will post them in multiple replies.

Here you go:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19.04.2018
Ran by Admin (administrator) on ADMIN-PC (22-04-2018 08:41:40)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
(Hi-Rez Studios) E:\Program Files\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Valve Corporation) E:\heroes\Steam.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Valve Corporation) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
(Valve Corporation) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe
(Valve Corporation) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Steam] => E:\heroes\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2121976 2018-04-02] (Wargaming.net)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3519168 2016-11-24] (Disc Soft Ltd)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\MountPoints2: {15aa3677-c09a-11e7-b079-001966914398} - H:\Autorun.exe
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\MountPoints2: {4779d246-b42f-11e3-bba9-001966914398} - I:\AUTORUN.EXE
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\MountPoints2: {ebc86d91-a8fd-11e7-a5cb-001966914398} - H:\Lenovo_Suite.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F34F7871-6B4F-4CC1-BBA9-906100AE495B}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{F34F7871-6B4F-4CC1-BBA9-906100AE495B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439142943&z=c3f3e455b6cc6276b4fdf9cg1z3cft0g2zco7b0zew&from=cmi&uid=WDCXWD800BB-00JHC0_WD-WMAM9M99445894458&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439142943&z=c3f3e455b6cc6276b4fdf9cg1z3cft0g2zco7b0zew&from=cmi&uid=WDCXWD800BB-00JHC0_WD-WMAM9M99445894458&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-51145358-2442092094-1609093457-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ro.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180325__yaie&p={searchTerms}
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll [2018-04-21] (AO Kaspersky Lab)
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll => No File
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-19] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll [2018-04-21] (AO Kaspersky Lab)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF DefaultProfile: i7p503c2.default-1439149941763
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763 [2018-03-29]
FF Homepage: Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763 -> hxxps://ro.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180325__yaff
FF NewTab: Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763 -> hxxps://ro.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180325__yaff
FF Extension: (Firebug) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\Extensions\firebug@software.joehewitt.com.xpi [2017-10-16] [Legacy]
FF Extension: (Dust-Me Selectors) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\Extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37} [2017-11-11] [Legacy]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\searchplugins\yahoo-lavasoft-ff59.xml [2018-03-25]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gelmk903.dev-edition-default [2018-03-25]
FF Homepage: Mozilla\Firefox\Profiles\gelmk903.dev-edition-default -> hxxps://google.ro/
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-04-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hppp&ts=1439137801&z=ec21b445376a514eb0f879dgbz9c0t5g3c0m8b0ebo&from=amt&uid=WDCXWD800BB-00JHC0_WD-WMAM9M99445894458
CHR StartupUrls: Default -> "hxxps://www.google.ro/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-04-22]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Black blue shards) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgoflmajhinnohnhkfeggflmmppiilck [2017-06-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP18.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [392192 2015-03-06] (BlueStack Systems, Inc.) [File not signed]
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-03-03] (BlueStack Systems, Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1730240 2016-11-24] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-12-19] (EasyAntiCheat Ltd)
U2 HiPatchService; E:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KSDE2.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15904544 2014-02-05] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S2 butyjuqy; C:\Program Files\03000200-1439137894-0500-0006-000700080009\knsd860A.tmp [X] <==== ATTENTION
S2 comyninu; C:\Program Files\03000200-1439137894-0500-0006-000700080009\hnsf4A4.tmp [X] <==== ATTENTION
S2 hyverumu; C:\Program Files\03000200-1439137894-0500-0006-000700080009\jnsqECB5.tmp [X] <==== ATTENTION
S2 Mobizen plugin; C:\Program Files\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-03-03] (BlueStack Systems)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [176864 2016-12-26] (AO Kaspersky Lab)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2017-10-31] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2017-10-31] (Disc Soft Ltd)
R3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [26168 2017-11-01] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [62184 2017-12-24] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [98496 2018-04-21] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [164056 2018-04-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [229592 2018-04-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [835784 2018-04-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50888 2018-04-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [50400 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [51424 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45552 2017-12-24] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75760 2017-12-24] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [120544 2017-12-24] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165088 2017-12-24] (AO Kaspersky Lab)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation)
S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
S3 XDva415; \??\C:\Windows\system32\XDva415.sys [X]
S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
S3 XDva424; \??\C:\Windows\system32\XDva424.sys [X]
S3 XDva425; \??\C:\Windows\system32\XDva425.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 XDva536; \??\C:\Windows\system32\XDva536.sys [X]
S3 XDva537; \??\C:\Windows\system32\XDva537.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-22 08:41 - 2018-04-22 08:44 - 000021261 _____ C:\Users\Admin\Desktop\FRST.txt
2018-04-22 08:40 - 2018-04-22 08:41 - 000000000 ____D C:\FRST
2018-04-22 08:40 - 2018-04-22 08:40 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2018-04-22 08:39 - 2018-04-22 08:40 - 001764864 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2018-04-22 08:39 - 2018-04-22 08:39 - 001753600 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2018-04-21 17:08 - 2018-04-21 17:08 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.10.3.1001.exe
2018-04-21 16:42 - 2018-04-21 16:47 - 000090479 _____ C:\Users\Admin\Downloads\avira_registry_cleaner_en.zip
2018-04-21 15:08 - 2018-04-21 15:08 - 042808440 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Windows-KB890830-V5.59 (1).exe
2018-04-21 15:07 - 2018-04-21 15:08 - 042808440 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Windows-KB890830-V5.59.exe
2018-04-21 10:30 - 2018-04-21 10:30 - 000001206 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-04-21 10:30 - 2018-04-21 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-04-21 10:28 - 2018-04-21 10:28 - 000000000 ____D C:\Program Files\Common Files\AV
2018-04-21 10:27 - 2018-04-21 10:27 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-04-21 10:27 - 2018-04-21 10:27 - 000002053 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2018-04-21 10:27 - 2018-04-21 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2018-04-21 10:26 - 2018-04-22 08:35 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-21 10:26 - 2018-04-21 10:47 - 000835784 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-04-21 10:26 - 2018-04-21 10:30 - 000000000 ____D C:\Program Files\Kaspersky Lab
2018-04-21 10:26 - 2018-04-21 10:26 - 000229592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-04-21 10:26 - 2018-04-21 10:26 - 000164056 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-04-21 09:54 - 2018-04-21 10:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-04-21 09:49 - 2018-04-21 09:50 - 000012148 _____ C:\Users\Admin\Downloads\Kaspersky.Anti-Virus+Internet.Security+Total.Security.2017.17.0.0.611.0.1709.0-FiLELiST.torrent
2018-04-15 14:58 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-15 14:58 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-15 14:58 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-04-15 14:58 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-15 14:58 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-04-15 14:58 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-15 14:58 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-15 14:58 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-15 14:58 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-15 14:58 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-15 14:58 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-15 14:58 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-15 14:58 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-15 14:58 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-15 14:58 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-15 14:58 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-15 14:58 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-15 14:58 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-15 14:58 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-15 14:58 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-15 14:58 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-15 14:58 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-15 14:58 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-15 14:58 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-15 14:58 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-15 14:58 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-15 14:58 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-15 14:58 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-15 14:58 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-15 14:58 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-15 14:58 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-15 14:58 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-15 14:58 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-15 14:58 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-15 14:58 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-15 14:58 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-15 14:58 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-15 14:58 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-15 14:58 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-15 14:58 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-15 14:58 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-15 14:58 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-15 14:58 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-15 14:58 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-15 14:58 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-15 14:58 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-15 14:58 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-15 14:58 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-15 14:58 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-15 14:58 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-15 14:58 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-15 14:58 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-15 14:58 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-15 14:58 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-15 14:58 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-15 14:58 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-04-15 14:58 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-15 14:58 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-15 14:58 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-15 14:58 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-15 14:58 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-15 14:58 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-15 14:58 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-15 14:58 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-15 14:58 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-15 14:58 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-15 14:58 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-15 14:58 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-15 14:58 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-15 14:58 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-15 14:58 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-04-15 14:58 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-15 14:58 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-15 14:58 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-15 14:58 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-15 14:58 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-15 14:58 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-15 14:58 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-15 14:58 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-15 14:58 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-15 14:58 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-15 14:58 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-15 14:58 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-15 14:58 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-15 14:58 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-15 14:58 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-15 14:58 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-15 14:58 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-15 14:58 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-15 14:58 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-15 14:58 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-15 14:54 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-15 14:54 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-15 14:54 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-15 14:21 - 2018-04-15 14:21 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-10 12:49 - 2018-04-10 12:50 - 014479242 _____ C:\Users\Admin\Downloads\BPMOD_More_Cakes.zip
2018-04-08 14:42 - 2018-04-08 14:42 - 007892518 _____ C:\Users\Admin\Downloads\» L.O.L Sounds «.rar
2018-04-07 17:50 - 2018-04-21 10:17 - 000000000 ____D C:\Temp
2018-04-07 17:50 - 2012-05-07 04:30 - 033810432 _____ C:\Users\Admin\Desktop\Fancy Pants Adventure World 3.exe
2018-04-07 17:49 - 2018-04-07 17:49 - 045742105 _____ C:\Users\Admin\Downloads\Fancy Pants Adventure.rar
2018-04-07 17:44 - 2018-04-07 17:44 - 009427312 _____ C:\Users\Admin\Downloads\fancy_pants_adventure_world_2 (1).swf
2018-04-07 17:42 - 2018-04-07 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWF File Player
2018-04-07 17:42 - 2018-04-07 17:42 - 000000000 ____D C:\Program Files\SWF File Player
2018-04-07 17:41 - 2018-04-07 17:41 - 000415159 _____ (swffileplayer.com ) C:\Users\Admin\Downloads\swffileplayer_setup.exe
2018-04-07 17:40 - 2018-04-07 17:41 - 001718640 _____ C:\Users\Admin\Downloads\fancy_pants_adventure_world_1.swf
2018-04-07 17:39 - 2018-04-07 17:39 - 009427312 _____ C:\Users\Admin\Downloads\fancy_pants_adventure_world_2.swf
2018-04-07 15:07 - 2018-04-19 19:02 - 000001339 _____ C:\Users\Admin\Desktop\BadPiggies.lnk
2018-04-07 13:31 - 2018-04-07 13:31 - 000166903 _____ C:\Users\Admin\Downloads\BP-Requests3.contraptions.zip
2018-04-07 13:23 - 2018-04-07 13:23 - 014487397 _____ C:\Users\Admin\Downloads\BadPiggiesMOD.18.08.2014.zip
2018-04-07 13:09 - 2018-04-07 13:09 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Rovio
2018-04-07 13:07 - 2018-04-07 13:07 - 042551756 _____ C:\Users\Admin\Downloads\Bad Piggies Hack Islender.zip
2018-04-05 17:53 - 2018-04-05 18:02 - 000002824 _____ C:\Users\Admin\Downloads\Opening Undefeatable Chests! Drakensang Online.mp4.sfk
2018-04-05 17:53 - 2018-04-05 17:53 - 000411982 _____ C:\Users\Admin\Downloads\Opening Undefeatable Chests! Drakensang Online.mp4
2018-04-05 17:49 - 2018-04-05 17:50 - 000086888 _____ C:\Users\Admin\Downloads\Devwa - LEVEL 55!! [Finally] Drakensang Online.mp4.sfk
2018-04-05 17:49 - 2018-04-05 17:49 - 009164819 _____ C:\Users\Admin\Downloads\Devwa - LEVEL 55!! [Finally] Drakensang Online.mp4
2018-04-05 17:47 - 2018-04-05 17:48 - 000004200 _____ C:\Users\Admin\Downloads\How To Trick People You Have Lots of Money Drakensang Online.mp4.sfk
2018-04-05 17:47 - 2018-04-05 17:47 - 000195843 _____ C:\Users\Admin\Downloads\How To Trick People You Have Lots of Money Drakensang Online.mp4
2018-04-05 17:46 - 2018-04-05 17:46 - 000509847 _____ C:\Users\Admin\Downloads\Armor Comparision Drakensang Online (1).mp4
2018-04-05 17:46 - 2018-04-05 17:46 - 000004200 _____ C:\Users\Admin\Downloads\Armor Comparision Drakensang Online (1).mp4.sfk
2018-04-05 17:44 - 2018-04-05 17:44 - 000509847 _____ C:\Users\Admin\Downloads\Armor Comparision Drakensang Online.mp4
2018-04-05 17:42 - 2018-04-05 17:42 - 000004200 _____ C:\Users\Admin\Downloads\I GOT PROXIMA! Marvel Future Fight.mp4.sfk
2018-04-05 17:41 - 2018-04-05 17:41 - 001504875 _____ C:\Users\Admin\Downloads\I GOT PROXIMA! Marvel Future Fight.mp4
2018-04-05 17:37 - 2018-04-05 17:38 - 000004200 _____ C:\Users\Admin\Downloads\HAPPY NEW YEAR.mp4.sfk
2018-04-05 17:37 - 2018-04-05 17:37 - 000291376 _____ C:\Users\Admin\Downloads\HAPPY NEW YEAR.mp4
2018-04-05 17:34 - 2018-04-05 17:34 - 000683198 _____ C:\Users\Admin\Downloads\Shadow Fight 2 Beat Titan With Flame Clubs.mp4
2018-04-05 17:30 - 2018-04-05 17:30 - 000635222 _____ C:\Users\Admin\Downloads\Minecraft 1.101.111.12 How to get crazy enchantments.mp4
2018-04-05 17:27 - 2018-04-05 17:27 - 000674071 _____ C:\Users\Admin\Downloads\Drakensang Online Stellar Gold Event.mp4
2018-04-05 17:23 - 2018-04-05 17:23 - 000375925 _____ C:\Users\Admin\Downloads\Drakensang all bosses (Heredur-Medusa) (1).mp4
2018-04-05 17:22 - 2018-04-05 17:22 - 000001490 _____ C:\Users\Admin\Downloads\Drakensang all bosses (Heredur-Medusa).mp4
2018-04-04 19:54 - 2018-04-04 19:54 - 000008443 _____ C:\Users\Admin\Documents\Speedrun.lsl
2018-04-04 19:46 - 2018-04-04 19:46 - 000008442 _____ C:\Users\Admin\Documents\Layout.lsl
2018-04-04 19:42 - 2018-04-07 15:05 - 000006903 _____ C:\Users\Admin\Documents\Drakensang Online - World run.lss
2018-04-04 19:34 - 2018-04-04 19:34 - 000000911 _____ C:\Users\Admin\Desktop\LiveSplit.lnk
2018-04-04 19:30 - 2018-04-04 19:31 - 008791782 _____ C:\Users\Admin\Downloads\LiveSplit_1.7.5.zip
2018-04-03 16:57 - 2018-04-03 16:57 - 000121320 _____ C:\Users\Admin\Downloads\Crash.Time.III-SKIDROW (1).torrent
2018-04-01 16:05 - 2018-04-01 16:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Temporary Projects
2018-03-31 19:07 - 2018-03-31 19:07 - 001834563 _____ C:\Users\Admin\Downloads\MTS_weerbesu_1729947_UI_Cheats_Extension_v1.10.zip
2018-03-30 15:04 - 2018-04-03 15:33 - 000001981 _____ C:\Users\Public\Desktop\Action!.lnk
2018-03-29 17:50 - 2018-03-29 17:50 - 000357269 _____ C:\Users\Admin\Downloads\Generator v2.0.117.zip
2018-03-29 17:50 - 2018-01-01 21:08 - 000393216 _____ () C:\Users\Admin\Desktop\Generator v2.0.117.exe
2018-03-29 17:48 - 2018-03-29 17:48 - 000731370 _____ C:\Users\Admin\Downloads\Woop woop (1).zip
2018-03-29 17:35 - 2018-04-19 19:05 - 000000000 ____D C:\Users\Admin\Desktop\Even More Stuff
2018-03-27 20:08 - 2018-03-27 20:08 - 000050734 _____ C:\Users\Admin\Downloads\Jazzy Note Blocks By Aaron Grooves (Animation vs. Minecraft Music).mp3.mid
2018-03-26 20:19 - 2018-03-26 20:19 - 000008719 _____ C:\Users\Admin\Downloads\5026403-AVM_Shorts_Episode_5_-_Song_4_Jazzy_Note_Blocks.mid
2018-03-26 20:18 - 2018-03-26 20:18 - 000005344 _____ C:\Users\Admin\Downloads\5024159-Jazzy_Note_Blocks.mid
2018-03-25 18:05 - 2018-03-25 18:04 - 000000954 _____ C:\Users\Admin\Desktop\SimCitySocieties.lnk
2018-03-25 12:45 - 2018-03-25 18:27 - 000000000 ____D C:\Users\Admin\Documents\SimCity Societies
2018-03-25 12:45 - 2018-03-25 12:51 - 000000000 ____D C:\ProgramData\SimCity Societies
2018-03-25 12:42 - 2018-03-25 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2018-03-25 12:18 - 2018-04-21 09:50 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent
2018-03-25 12:18 - 2018-03-25 12:18 - 000000831 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-03-25 12:03 - 2018-03-25 12:03 - 000016511 _____ C:\Users\Admin\Downloads\Simcity.Societies.Deluxe-RELOADED.torrent

Devwa · Apr 22, 2018

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-22 08:41 - 2009-07-14 07:34 - 000026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-22 08:41 - 2009-07-14 07:34 - 000026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-22 08:32 - 2015-08-09 20:15 - 000000362 _____ C:\Windows\Tasks\AmiUpdXp.job
2018-04-22 08:32 - 2015-08-09 20:14 - 000001020 _____ C:\Windows\Tasks\Zw3tkg9axTRPEAwUDKPUFQ25.job
2018-04-22 08:32 - 2015-08-09 20:14 - 000000996 _____ C:\Windows\Tasks\jj5CVMyU2Wb3.job
2018-04-22 08:32 - 2015-08-09 19:32 - 000001012 _____ C:\Windows\Tasks\98b34e9ryCSMFdERhJCz.job
2018-04-22 08:32 - 2015-08-09 19:32 - 000000990 _____ C:\Windows\Tasks\gQzcL9rHh.job
2018-04-22 08:32 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-22 08:31 - 2014-03-25 20:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-21 17:02 - 2015-06-17 13:33 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000UA.job
2018-04-21 17:02 - 2015-06-17 13:33 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000Core.job
2018-04-21 16:49 - 2015-08-16 19:50 - 000000000 ____D C:\Program Files\Avira
2018-04-21 16:49 - 2015-01-08 18:23 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-21 16:49 - 2015-01-08 18:23 - 000000000 ____D C:\ProgramData\Avira
2018-04-21 15:15 - 2017-10-11 19:37 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-21 15:13 - 2014-04-24 15:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-21 10:47 - 2017-12-24 04:58 - 000098496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-04-21 10:47 - 2016-10-11 14:14 - 000050888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-04-21 10:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2018-04-21 10:22 - 2017-06-19 10:46 - 000001945 _____ C:\Windows\epplauncher.mif
2018-04-21 10:22 - 2017-05-31 18:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2018-04-21 09:48 - 2017-02-19 13:41 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2018-04-19 19:07 - 2017-05-27 14:23 - 000000000 ____D C:\Users\Admin\Desktop\Other stuff
2018-04-19 19:07 - 2016-12-25 17:05 - 000000000 ____D C:\Users\Admin\Desktop\Commands
2018-04-18 19:55 - 2015-08-09 21:13 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-04-16 19:35 - 2010-11-21 00:01 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 19:28 - 2009-07-14 07:33 - 000420496 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-16 19:25 - 2015-04-16 16:31 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-16 19:25 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-15 15:09 - 2014-04-24 15:18 - 000000000 ____D C:\Windows\system32\MRT
2018-04-15 14:23 - 2014-03-25 15:03 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-04-15 14:23 - 2014-03-25 15:03 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-04-15 14:23 - 2014-03-25 15:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-15 14:22 - 2015-01-27 12:35 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2018-04-07 15:19 - 2014-03-28 19:17 - 000000000 ____D C:\Users\Admin\Documents\Cross Fire
2018-04-07 12:56 - 2014-03-25 18:17 - 000000000 ____D C:\Program Files\Common Files\Steam
2018-04-03 15:33 - 2017-05-20 15:36 - 000000000 ____D C:\Program Files\Mirillis
2018-04-03 15:33 - 2017-02-19 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2018-04-01 16:05 - 2017-12-31 13:49 - 000000000 ____D C:\Users\Admin\Documents\Visual Studio 2017
2018-03-30 13:54 - 2015-06-17 13:33 - 000000000 ____D C:\Users\Admin\AppData\Local\Dropbox
2018-03-29 17:46 - 2017-09-02 11:07 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-03-25 18:15 - 2014-06-26 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2018-03-25 12:20 - 2017-10-16 18:38 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2018-03-25 12:18 - 2017-05-31 18:30 - 000000851 _____ C:\Users\Admin\Desktop\µTorrent.lnk
2018-03-23 17:44 - 2015-08-09 19:47 - 000002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 17:44 - 2015-08-09 19:47 - 000002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\AAAMMYYY.exe
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\IIIUU666.exe
2015-07-01 15:23 - 2015-07-01 15:23 - 001169408 _____ (wj32) C:\Program Files\OOO00CCO.exe
2015-08-16 19:59 - 2015-08-16 19:59 - 001169408 _____ (wj32) C:\Program Files\SSS44GGS.exe
2015-07-20 16:48 - 2015-07-20 16:48 - 001169408 _____ (wj32) C:\Program Files\UUU66IIU.exe
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\YYAAMMYM.exe
2017-01-25 18:50 - 2017-02-26 17:35 - 000008192 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-10 12:19 - 2015-05-10 12:19 - 000000833 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2017-03-26 17:12 - 2017-03-26 17:21 - 000000552 _____ () C:\Users\Admin\AppData\Local\TroubleshooterConfig.json
2014-07-08 18:52 - 2014-07-08 18:52 - 000000000 _____ () C:\Users\Admin\AppData\Local\{82412A15-975A-419C-BAD0-F07D5FEE1225}

Some files in TEMP:
====================
2017-06-29 15:26 - 2017-06-29 15:26 - 000000000 _____ () C:\Users\Admin\AppData\Local\Temp\GUR3C87.exe
2017-06-18 13:23 - 2017-03-03 20:38 - 000897560 _____ (BlueStack Systems, Inc.) C:\Users\Admin\AppData\Local\Temp\HD-Common.dll
2017-06-18 13:23 - 2017-03-03 20:39 - 000516120 _____ (BlueStack Systems, Inc.) C:\Users\Admin\AppData\Local\Temp\HD-InstallerUtils.dll
2017-06-18 13:23 - 2017-03-03 20:29 - 000187416 _____ (BlueStack Systems) C:\Users\Admin\AppData\Local\Temp\HD-LibraryHandler.dll
2017-06-18 13:23 - 2017-03-03 20:27 - 000246808 _____ (BlueStack Systems) C:\Users\Admin\AppData\Local\Temp\HD-Logger-Native.dll
2017-06-18 13:23 - 2017-03-03 20:38 - 000426008 _____ (BlueStack Systems, Inc.) C:\Users\Admin\AppData\Local\Temp\HD-Uninstaller.exe
2017-09-07 10:17 - 2017-09-07 10:17 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1045473563001128848.dll
2018-02-12 18:18 - 2018-02-12 18:18 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1185638623969602340.dll
2018-02-20 19:41 - 2018-02-20 19:41 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1282689592546875237.dll
2018-02-24 20:30 - 2018-02-24 20:30 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1393537606988997968.dll
2017-09-20 17:13 - 2017-09-20 17:13 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-150780097334026769.dll
2018-03-14 20:14 - 2018-03-14 20:14 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1693344925118535599.dll
2017-09-07 17:43 - 2017-09-07 17:43 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1871545059598905043.dll
2017-07-05 12:16 - 2017-07-05 12:16 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-193203200170378852.dll
2017-09-02 12:27 - 2017-09-02 12:27 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-1941125649913556486.dll
2017-07-05 12:20 - 2017-07-05 12:20 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-2358356845772121125.dll
2018-02-12 18:15 - 2018-02-12 18:15 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-2384452255825652022.dll
2018-02-12 18:14 - 2018-02-12 18:14 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-2432147788456248582.dll
2018-03-03 18:42 - 2018-03-03 18:42 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-2713426394484393604.dll
2017-08-31 13:55 - 2017-08-31 13:55 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-275831111632576027.dll
2018-03-10 16:56 - 2018-03-10 16:56 - 000017408 _____ (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-278637194251014713.dll
2018-02-23 19:20 - 2018-02-23 19:20 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-2999031453964264820.dll
2018-02-08 16:44 - 2018-02-08 16:44 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3007211053530556419.dll
2018-02-23 17:46 - 2018-02-23 17:46 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3263332594261234730.dll
2017-08-30 12:38 - 2017-08-30 12:38 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3373771794174450831.dll
2017-09-07 17:41 - 2017-09-07 17:41 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3413812730747064509.dll
2017-09-01 09:18 - 2017-09-01 09:18 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3523465345455159542.dll
2018-03-06 17:17 - 2018-03-06 17:17 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3900531285258615253.dll
2017-09-08 08:15 - 2017-09-08 08:15 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3923133738457229412.dll
2017-10-01 19:07 - 2017-10-01 19:07 - 000017408 _____ (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3940779846406472690.dll
2017-06-10 18:29 - 2017-06-10 18:29 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-3950066647886851793.dll
2017-09-02 12:26 - 2017-09-02 12:26 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4049810820134497766.dll
2017-09-20 17:03 - 2017-09-20 17:03 - 000017408 _____ (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4303839408196833590.dll
2018-02-25 17:39 - 2018-02-25 17:39 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4447914173875981098.dll
2017-09-30 15:07 - 2017-09-30 15:07 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-445279276776789258.dll
2017-09-07 17:44 - 2017-09-07 17:44 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4459235871355459302.dll
2018-03-06 17:32 - 2018-03-06 17:32 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4471251780969207593.dll
2017-07-06 16:35 - 2017-07-06 16:35 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4517436065230610790.dll
2017-10-25 17:55 - 2017-10-25 17:55 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4702897499693323845.dll
2017-06-10 12:34 - 2017-06-10 12:34 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4807847924644551171.dll
2018-03-09 20:00 - 2018-03-09 20:00 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-4927383175764804686.dll
2017-09-05 17:35 - 2017-09-05 17:35 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5079121286776034647.dll
2018-02-18 19:54 - 2018-02-18 19:54 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5123729816312319413.dll
2017-09-30 16:04 - 2017-09-30 16:04 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5529519554343170888.dll
2017-09-02 12:24 - 2017-09-02 12:24 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5568377470297897835.dll
2018-03-02 19:57 - 2018-03-02 19:57 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5598756163344105137.dll
2018-02-12 18:15 - 2018-02-12 18:15 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5636841155801813930.dll
2018-02-12 18:17 - 2018-02-12 18:17 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5657918190972894033.dll
2018-02-09 17:15 - 2018-02-09 17:15 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5667346331382473613.dll
2017-06-10 12:25 - 2017-06-10 12:25 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5727715884405500600.dll
2017-09-07 17:46 - 2017-09-07 17:46 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5739376403356646364.dll
2018-02-09 18:10 - 2018-02-09 18:10 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5776181435731682957.dll
2017-08-31 14:13 - 2017-08-31 14:13 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-5894469199912555519.dll
2018-03-04 19:13 - 2018-03-04 19:13 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6136233362901036825.dll
2017-09-05 11:28 - 2017-09-05 11:28 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6227536242659911586.dll
2017-07-06 16:37 - 2017-07-06 16:37 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6262931630601874572.dll
2017-09-01 09:16 - 2017-09-01 09:16 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6528156797187151926.dll
2018-03-11 17:12 - 2018-03-11 17:12 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6649712994456270845.dll
2018-02-17 18:31 - 2018-02-17 18:31 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6666424366120629282.dll
2018-03-02 20:30 - 2018-03-02 20:30 - 000017408 _____ (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6826607469796411709.dll
2018-03-12 19:35 - 2018-03-12 19:35 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6946276514435753600.dll
2017-06-21 09:08 - 2017-06-21 09:08 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-6969887976828311694.dll
2018-02-09 18:15 - 2018-02-09 18:15 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7082305531595799517.dll
2018-02-12 17:58 - 2018-02-12 17:58 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7090611759888510353.dll
2018-03-02 20:12 - 2018-03-02 20:12 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7198073472991681565.dll
2018-02-26 19:13 - 2018-02-26 19:13 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7376142619448416047.dll
2017-06-19 10:06 - 2017-06-19 10:06 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7430812211359078039.dll
2017-07-09 18:31 - 2017-07-09 18:31 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7442031877425309347.dll
2017-06-23 12:42 - 2017-06-23 12:42 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7695977394658312696.dll
2018-02-18 19:47 - 2018-02-18 19:47 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-7697959158778389115.dll
2018-02-24 19:12 - 2018-02-24 19:12 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-811959394668608177.dll
2017-07-06 16:16 - 2017-07-06 16:16 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8284996256019703899.dll
2017-08-30 16:17 - 2017-08-30 16:17 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8364548515291051410.dll
2018-03-02 21:01 - 2018-03-02 21:01 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8388870226309150515.dll
2018-02-19 19:36 - 2018-02-19 19:36 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8428723590236851637.dll
2017-09-01 09:11 - 2017-09-01 09:11 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8447913962588780686.dll
2018-02-08 17:04 - 2018-02-08 17:04 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8501345636569252381.dll
2018-03-16 19:55 - 2018-03-16 19:55 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8655452999243542020.dll
2017-09-01 09:13 - 2017-09-01 09:13 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8697422236363782501.dll
2017-09-06 08:42 - 2017-09-06 08:42 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-8703910288811429370.dll
2017-07-05 11:59 - 2017-07-05 11:59 - 000017408 _____ (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-891672818252472653.dll
2017-10-01 18:23 - 2017-10-01 18:23 - 000017408 _____ (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-9014629596749288074.dll
2018-02-08 16:48 - 2018-02-08 16:48 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-909706422051066214.dll
2018-02-08 16:42 - 2018-02-08 16:42 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Admin\AppData\Local\Temp\jansi-32-9106196240713353098.dll
2017-09-17 12:49 - 2017-09-17 12:49 - 002885168 _____ () C:\Users\Admin\AppData\Local\Temp\npp.7.5.1.Installer.exe
2014-09-03 02:23 - 2010-01-05 16:20 - 000088576 _____ (SkinSharp Inc.) C:\Users\Admin\AppData\Local\Temp\Skin.dll
2017-10-10 19:07 - 2017-09-29 18:07 - 004612432 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\Admin\AppData\Local\Temp\wgctmp_setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-21 14:51

==================== End of FRST.txt ============================

Devwa · Apr 22, 2018

Sorry, but I'm not able to reply the Addition.txt because the site thinks the log is spam

I cut the log into sections, but it's still the same. Is there other way to get the addition file here? I can make a pastebin with the log if you want. Also thank you for the attention! I thought I will be ignored...

Devwa · Apr 22, 2018

To save time, here is the Pastebin link: https://pastebin.com/ZkG5c3en

Broni · Apr 22, 2018

There is some infection present.

Uninstall following unwanted program:

CPUID CPU-Z

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Devwa · Apr 23, 2018

Hello again!
After some long scans, I finally finished. I can already see a difference, the error didn't occur since the RogueKiller scan

Here are the logs:
Rogue Killer(site thinks is spam): https://pastebin.com/bsuCY4GQ

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/23/18
Scan Time: 7:23 AM
Log File: 174e9d6e-46ae-11e8-b37d-00ff8b60df69.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4842
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Admin-PC\Admin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 345303
Threats Detected: 84
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 44 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 28
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Inst_Rep, No Action By User, [1670], [238813],1.0.4842
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2683EF7-4D6A-445D-A7A5-EEB75193244A}, No Action By User, [1670], [238813],1.0.4842
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E2683EF7-4D6A-445D-A7A5-EEB75193244A}, No Action By User, [1670], [238813],1.0.4842
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AmiUpdXp, No Action By User, [6213], [251671],1.0.4842
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDD6A4F5-2D24-4A6B-8357-EA522A97BECC}, No Action By User, [6213], [251671],1.0.4842
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BDD6A4F5-2D24-4A6B-8357-EA522A97BECC}, No Action By User, [6213], [251671],1.0.4842
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATESERVICE, No Action By User, [381], [404154],1.0.4842
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46840AD8-C31D-4D34-9182-15F026D7D294}, No Action By User, [381], [404154],1.0.4842
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{46840AD8-C31D-4D34-9182-15F026D7D294}, No Action By User, [381], [404154],1.0.4842
PUP.Optional.ObjectBrowser, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Object Browser-nv-ie, No Action By User, [3171], [241274],1.0.4842
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, No Action By User, [387], [237370],1.0.4842
PUP.Optional.CrossRider, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, No Action By User, [387], [246383],1.0.4842
PUP.Optional.Somoto, HKLM\SOFTWARE\SEARCHULT, No Action By User, [434], [243334],1.0.4842
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, No Action By User, [6217], [235414],1.0.4842
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, No Action By User, [6217], [235414],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\butyjuqy, No Action By User, [3815], [257691],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu, No Action By User, [3815], [257690],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu, No Action By User, [3815], [257691],1.0.4842
PUP.Optional.DeskCut, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MOZILLA\EXTENDS, No Action By User, [1725], [237724],1.0.4842
PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, No Action By User, [1476], [168875],1.0.4842
PUP.Optional.SupTab, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, No Action By User, [1476], [168875],1.0.4842
PUP.Optional.SupTab, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, No Action By User, [1476], [168875],1.0.4842
PUP.Optional.SupTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, No Action By User, [1476], [168875],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, No Action By User, [416], [167636],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, No Action By User, [416], [167636],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, No Action By User, [416], [169563],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\DREAM.CAPTURE, No Action By User, [416], [169563],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, No Action By User, [416], [169563],1.0.4842

Registry Value: 8
Trojan.Agent.BCM, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46840AD8-C31D-4D34-9182-15F026D7D294}|PATH, No Action By User, [3637], [404152],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDD6A4F5-2D24-4A6B-8357-EA522A97BECC}|PATH, No Action By User, [416], [262355],1.0.4842
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2683EF7-4D6A-445D-A7A5-EEB75193244A}|PATH, No Action By User, [1670], [258425],1.0.4842
PUP.Optional.Somoto, HKLM\SOFTWARE\SEARCHULT|SOMO, No Action By User, [434], [243334],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\butyjuqy|IMAGEPATH, No Action By User, [3815], [257691],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu|IMAGEPATH, No Action By User, [3815], [257690],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu|IMAGEPATH, No Action By User, [3815], [257691],1.0.4842
PUP.Optional.DeskCut, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MOZILLA\EXTENDS|APPID, No Action By User, [1725], [237724],1.0.4842

Registry Data: 3
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, No Action By User, [1179], [291142],1.0.4842
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, No Action By User, [1179], [291142],1.0.4842
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F34F7871-6B4F-4CC1-BBA9-906100AE495B}|NameServer, No Action By User, [2766], [293687],1.0.4842

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.SupTab, C:\USERS\ADMIN\SUPTAB, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.Amonetize, C:\USERS\ADMIN\APPDATA\LOCAL\8053, No Action By User, [416], [186636],1.0.4842

File: 43
PUP.Optional.Goobzo, C:\WINDOWS\SYSTEM32\TASKS\INST_REP, No Action By User, [1670], [238813],1.0.4842
PUP.Optional.SoftwareUpdater.A, C:\WINDOWS\SYSTEM32\TASKS\AMIUPDXP, No Action By User, [6213], [251671],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\domain, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\expirationDate, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\hotsearch, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\hotsearch_uptime, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\name, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\path, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\set_country, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\set_z, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\TABts, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\uid, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\url, No Action By User, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\_ver, No Action By User, [1476], [179904],1.0.4842
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\UPDATESERVICE, No Action By User, [381], [404154],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fulltab.com_0.localstorage, No Action By User, [2299], [443392],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fulltab.com_0.localstorage-journal, No Action By User, [2299], [443392],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, No Action By User, [2299], [443391],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, No Action By User, [2299], [443391],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.tb.ask.com_0.localstorage, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.tb.ask.com_0.localstorage, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1705], [443123],1.0.4842
PUP.Optional.Amonetize, C:\USERS\ADMIN\APPDATA\LOCAL\8053\status.cfg, No Action By User, [416], [186636],1.0.4842
PUP.Optional.Amonetize, C:\Users\Admin\AppData\Local\8053\Updater.xml, No Action By User, [416], [186636],1.0.4842
PUP.Optional.SoftwareUpdater, C:\WINDOWS\TASKS\AMIUPDXP.JOB, No Action By User, [4391], [251669],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.myway.com_0.localstorage, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.myway.com_0.localstorage-journal, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.myway.com_0.localstorage, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.myway.com_0.localstorage-journal, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.myway.com_0.localstorage, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.myway.com_0.localstorage-journal, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, No Action By User, [1705], [443124],1.0.4842
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, No Action By User, [8242], [393793],1.0.4842
Adware.Elex.ShrtCln, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [245], [454721],1.0.4842
Adware.Elex.ShrtCln, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [245], [454721],1.0.4842
PUP.Optional.ASK, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [2], [454825],1.0.4842
PUP.Optional.ASK, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [2], [454825],1.0.4842

Physical Sector: 0
(No malicious items detected)

(end)

Devwa · Apr 23, 2018

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-22.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-23-2018
# Duration: 00:00:09
# OS: Windows 7 Ultimate
# Cleaned: 25
# Failed: 2

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Admin\AppData\Local\Installer\INSTALL_24236
Deleted C:\Windows\System32\config\systemprofile\AppData\LocalLow\avg web tuneup
Deleted C:\Users\Admin\AppData\LocalLow\avg web tuneup
Deleted C:\Users\Admin\AppData\Local\VirtualStore\ProgramData\AVG Secure Search

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\INSTALLPATH\STATUS
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Tinstalls
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SU
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\Kromtech
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Not Deleted HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Not Deleted HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Deleted HKLM\Software\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted HKLM\Software\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted HKLM\Software\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted HKCU\Software\win

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Broni · Apr 23, 2018

RogueKiller V12.12.13.0 [Apr 16 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Admin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/22/2018 18:50:31 (Duration : 02:16:25)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 182 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9} (C:\PROGRA~1\DRIVER~1\DRIVER~1\CLMULT~1.OCX) -> Not selected
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910} ("C:\Users\Admin\AppData\Local\8053\Updater.exe") -> Not selected
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde} (C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll) -> Not selected
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} (C:\Program Files\MiuiTab\SupTab.dll) -> Not selected
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} (C:\Program Files\Win7codecs\filters\MP4Splitter.dll) -> Not selected
[VT.Detected] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\Admin\AppData\Local\Temp\HYD59ED.tmp.1496244563\HTA\3rdparty\FS.ocx) -> Deleted
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} (C:\Program Files\Win7codecs\filters\MP4Splitter.dll) -> Not selected
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} (C:\Program Files\Win7codecs\filters\MP4Splitter.dll) -> Not selected
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\searchult -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\1ClickDownload -> Not selected
[PUP.Auslogics] HKEY_USERS\RK_Admin_ON_D_729A\Software\Auslogics -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\AVG Security Toolbar -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\Headlight -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\OCS -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\Softonic -> Not selected
[PUP.SweetIM|PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\SweetIM -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\YahooPartnerToolbar -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-51145358-2442092094-1609093457-1000\Software\APN PIP -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-51145358-2442092094-1609093457-1000\Software\IM -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-51145358-2442092094-1609093457-1000\Software\Kromtech -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-51145358-2442092094-1609093457-1000\Software\Win -> Not selected
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Not selected
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey -> Not selected
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SU -> Not selected
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Not selected
[PUP.Gen1] HKEY_USERS\S-1-5-21-51145358-2442092094-1609093457-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Not selected
[PUP.Gen1] HKEY_USERS\RK_Admin_ON_D_729A\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} -> Not selected
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} (C:\Program Files\MiuiTab\SupTab.dll) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9A3A\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x] -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9A3A\Microsoft\Windows\CurrentVersion\Run | Waiting1690 : C:\Windows\stid1690.exe [x] -> Not selected
[PUP.Gen0] HKEY_LOCAL_MACHINE\RK_System_ON_D_48B7\ControlSet001\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Not selected
[PUP.Gen0] HKEY_LOCAL_MACHINE\RK_System_ON_D_48B7\ControlSet002\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Not selected
[PUP.Gen1|PUM.HomePage] HKEY_USERS\RK_Admin_ON_D_729A\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=a4b5026c000000000000001966914398 -> Not selected
[PUP.Gen1|PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...id=WDCXWD800BB-00JHC0_WD-WMAM9M99445894458&q={searchTerms} -> Not selected
[PUM.SearchPage] HKEY_USERS\RK_Admin_ON_D_729A\Software\Microsoft\Internet Explorer\Main | Search Page : http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> Not selected
[PUM.SearchPage] HKEY_USERS\RK_Default User_ON_D_6180\Software\Microsoft\Internet Explorer\Main | Search Page : http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> Not selected
[PUM.SearchPage] HKEY_USERS\RK_Admin_ON_D_729A\Software\Microsoft\Internet Explorer\Main | Search Bar : http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> Not selected
[PUM.SearchPage] HKEY_USERS\RK_Default User_ON_D_6180\Software\Microsoft\Internet Explorer\Main | Search Bar : http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-51145358-2442092094-1609093457-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUP.Gen1|PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.mystartsearch.com/web/?t...id=WDCXWD800BB-00JHC0_WD-WMAM9M99445894458&q={searchTerms} -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38A5A242-365D-4734-92E2-6FFFDE1BAA35} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E014B89E-A115-454B-999A-2BD7F6A1C179} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {106BA889-EBB0-4E3C-86EF-409C0C8A9C19} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5F51ABC0-12EF-48C5-94A8-67B445774902} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DAA3674F-A531-4EE0-9705-E427107E0059} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92DDEDF9-175B-455A-B40B-6931EE185CEF} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5801DAAB-ECDF-4CFE-B7F0-DCA0369EED16} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E1FA0C1E-3A2B-4F1F-A490-084A8EDD37A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {080591D4-7574-477B-A9C9-1646A9723720} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8D016B2B-58D8-403F-B463-47EC5288F287} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8F2E1B62-5D5A-4A6B-AE57-3281334894C4} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B9F0CA37-CBA9-4CD2-829A-CE7DA56C382A} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {27EA2BF8-134D-4DA7-A311-3B3C3848D5E0} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FC1D3E9F-C844-41AB-B625-DD877CD4058C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E13A77CA-3500-4F4D-9B70-74AB1663CD08} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {01A75506-9897-4335-A619-435FE34B9A3F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E6591303-A620-47E9-A241-D1BEE63ABDD5} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FA268864-34C6-42F3-A010-98E5C0EB8887} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D23D698D-E529-4697-8F0E-995C45EB5BDE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C954F5D4-097B-4EEF-981A-50AA1B7AC517} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FEA43AC1-9F7A-450F-91C7-240C6C99BD57} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ADD527C1-085D-4858-B5B5-1F55840742BA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {44F168FF-3463-4023-B6EA-2596E34396A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {01ED1996-BE85-49E4-A504-DB8AD5796504} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {98E0633C-0595-4EFF-A73A-BA4602C16C82} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9401298-A296-4E3F-99D8-DC1D8DF188C2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5761EBC0-915D-4CE8-A658-331347E54D97} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EE0817A-8383-43B2-92E1-B06C065DD361} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F788BEA-977E-4628-8A79-C1F24B035414} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F529ABD-D451-4B66-B01A-1845A84FBA42} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8961D1A2-1B9F-4BF7-B211-8207248CA468} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AEA7510B-2851-4D19-AC8C-F5C1B7D1296A} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6D7E5CCE-6169-46AB-8BEF-CB0E10A73B17} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {788A2B8F-881D-4513-922C-9187AADCC037} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0EDE4FF8-F51B-482B-B438-34EFE3E8CAB6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {10F443F0-F9FB-48CD-8B56-BC7A6F9A10BC} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3E1C5B1-09E2-4C18-B0CA-8CF0979DD3AA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0470C1E-FBF7-47F7-8C70-9CB43C78A496} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193C4EF2-13E6-4625-97C9-FDA2A6761071} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90FC0C6E-5FF0-4AE2-AC37-419FCCAC491F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {40314AC0-5FCF-475C-8F79-45262D8314DA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5476AAFB-1349-4D24-9349-EE6CB41A18E3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {77BAD2CD-D8CA-44CA-806C-A1F518C51765} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {72988FDB-5361-4253-A462-CC8B585FD50B} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A08CEB03-6D4E-4938-A5A0-029823DC21A2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EA4A9372-2AE5-46D7-A01C-0952DC82D82D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {164237F0-639A-43D8-9848-CA3F22AFB5A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {163B62DB-444B-4478-B5DA-593E4C57267C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D95BE9-220D-4697-B1BF-70F3A0B28890} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5B1827EE-6995-4489-8076-2256115F3AE2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F35FADD4-DE64-4A64-BFE8-85A05B02DA7B} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {04CC3710-F636-4FA9-80DD-357EA4A6A260} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2E74D83D-EA52-4731-98FA-B5788E76299D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7E990947-79AF-4E0D-9341-BFDA9C91C59F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F20F52A8-FA11-4E21-98D8-A4929B6DD45D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3CF30E04-24A4-4790-8C88-77529FB81720} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {41F03F8E-74A9-41F8-88D0-4D265B62DE8E} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6764B4DA-97E2-4B68-86B1-2C7B24B314D2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9190C5E4-8ABA-44DE-ADBD-2972022977D1} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F2061428-7005-4D36-B713-A505A365053F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FCD57AE-DF00-4642-9251-D2204C75202B} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B1B30A9-C5F5-49AB-BFB4-7549FAC9E5BA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B634885B-1C3E-4A6E-9D5E-849C0D1FE38D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {63A3A34A-F29F-4F86-8B9A-B01BDBBE3561} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DAB8E0E7-0A7A-48C0-9640-3ED3437E7F8C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4C2F2AFF-E181-4FA3-9941-8E31B0549029} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B6A3FF5D-DA13-4414-A803-8260574DEDFB} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F6166568-378B-43A5-A155-85BA79BC8032} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected

Broni · Apr 23, 2018

[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {03AB01FA-666A-4F88-8122-1197E865E8BD} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38A5A242-365D-4734-92E2-6FFFDE1BAA35} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E014B89E-A115-454B-999A-2BD7F6A1C179} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {106BA889-EBB0-4E3C-86EF-409C0C8A9C19} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5F51ABC0-12EF-48C5-94A8-67B445774902} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DAA3674F-A531-4EE0-9705-E427107E0059} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92DDEDF9-175B-455A-B40B-6931EE185CEF} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5801DAAB-ECDF-4CFE-B7F0-DCA0369EED16} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E1FA0C1E-3A2B-4F1F-A490-084A8EDD37A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {080591D4-7574-477B-A9C9-1646A9723720} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8D016B2B-58D8-403F-B463-47EC5288F287} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8F2E1B62-5D5A-4A6B-AE57-3281334894C4} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B9F0CA37-CBA9-4CD2-829A-CE7DA56C382A} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {27EA2BF8-134D-4DA7-A311-3B3C3848D5E0} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FC1D3E9F-C844-41AB-B625-DD877CD4058C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E13A77CA-3500-4F4D-9B70-74AB1663CD08} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {01A75506-9897-4335-A619-435FE34B9A3F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E6591303-A620-47E9-A241-D1BEE63ABDD5} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FA268864-34C6-42F3-A010-98E5C0EB8887} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D23D698D-E529-4697-8F0E-995C45EB5BDE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C954F5D4-097B-4EEF-981A-50AA1B7AC517} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FEA43AC1-9F7A-450F-91C7-240C6C99BD57} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ADD527C1-085D-4858-B5B5-1F55840742BA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {44F168FF-3463-4023-B6EA-2596E34396A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {01ED1996-BE85-49E4-A504-DB8AD5796504} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {98E0633C-0595-4EFF-A73A-BA4602C16C82} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9401298-A296-4E3F-99D8-DC1D8DF188C2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5761EBC0-915D-4CE8-A658-331347E54D97} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EE0817A-8383-43B2-92E1-B06C065DD361} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F788BEA-977E-4628-8A79-C1F24B035414} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F529ABD-D451-4B66-B01A-1845A84FBA42} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8961D1A2-1B9F-4BF7-B211-8207248CA468} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AEA7510B-2851-4D19-AC8C-F5C1B7D1296A} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6D7E5CCE-6169-46AB-8BEF-CB0E10A73B17} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {788A2B8F-881D-4513-922C-9187AADCC037} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0EDE4FF8-F51B-482B-B438-34EFE3E8CAB6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {10F443F0-F9FB-48CD-8B56-BC7A6F9A10BC} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3E1C5B1-09E2-4C18-B0CA-8CF0979DD3AA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0470C1E-FBF7-47F7-8C70-9CB43C78A496} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193C4EF2-13E6-4625-97C9-FDA2A6761071} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90FC0C6E-5FF0-4AE2-AC37-419FCCAC491F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {40314AC0-5FCF-475C-8F79-45262D8314DA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5476AAFB-1349-4D24-9349-EE6CB41A18E3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {77BAD2CD-D8CA-44CA-806C-A1F518C51765} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {72988FDB-5361-4253-A462-CC8B585FD50B} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A08CEB03-6D4E-4938-A5A0-029823DC21A2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EA4A9372-2AE5-46D7-A01C-0952DC82D82D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {164237F0-639A-43D8-9848-CA3F22AFB5A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {163B62DB-444B-4478-B5DA-593E4C57267C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D95BE9-220D-4697-B1BF-70F3A0B28890} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5B1827EE-6995-4489-8076-2256115F3AE2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F35FADD4-DE64-4A64-BFE8-85A05B02DA7B} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {04CC3710-F636-4FA9-80DD-357EA4A6A260} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2E74D83D-EA52-4731-98FA-B5788E76299D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7E990947-79AF-4E0D-9341-BFDA9C91C59F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F20F52A8-FA11-4E21-98D8-A4929B6DD45D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3CF30E04-24A4-4790-8C88-77529FB81720} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {41F03F8E-74A9-41F8-88D0-4D265B62DE8E} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6764B4DA-97E2-4B68-86B1-2C7B24B314D2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9190C5E4-8ABA-44DE-ADBD-2972022977D1} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F2061428-7005-4D36-B713-A505A365053F} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FCD57AE-DF00-4642-9251-D2204C75202B} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B1B30A9-C5F5-49AB-BFB4-7549FAC9E5BA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B634885B-1C3E-4A6E-9D5E-849C0D1FE38D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {63A3A34A-F29F-4F86-8B9A-B01BDBBE3561} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DAB8E0E7-0A7A-48C0-9640-3ED3437E7F8C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4C2F2AFF-E181-4FA3-9941-8E31B0549029} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B6A3FF5D-DA13-4414-A803-8260574DEDFB} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F6166568-378B-43A5-A155-85BA79BC8032} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUP.DllFiles] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {03AB01FA-666A-4F88-8122-1197E865E8BD} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9A3A\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9A3A\Microsoft\Security Center | FirewallDisableNotify : 1 -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9A3A\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Not selected

¤¤¤ Tasks : 11 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\98b34e9ryCSMFdERhJCz.job -- C:\Users\Admin\AppData\Roaming\98b34e9ryCSMFdERhJCz.exe (--c=SikebpHOw2tx6elZhubqfDBHsdX4sQfY1TYJ9RBnkIRpRYFenBzd6H4zAeoNThCYfo3bZtnEgAjK/8I2ON+sI9IB+An5Vkxkj30fxkvEYEt6gqioV7h18IDYBvOyiSjqxQcCzZjTFClvbKKwErhTvkhP4zxB/urLCurW2H3bb90Y3kTXD0gjJ2YXoWNjuKFvOVLuihhHujbylA0l8iQYdrXCbNr4rUklVcratHQ7+Dnrr9GTTyuJL6SUOAUHUepIzERdCPRuXiSyRsp7lUp2wmiR2Zw4vmAVGuK6WrCtJBggosAQngMbnu9fHhN6MYqAf6x7c+yvAAfrBGMfygAQ0Q==) -> Not selected
[PUP.Gen0] %WINDIR%\Tasks\AmiUpdXp.job -- C:\Users\Admin\AppData\Local\8053\Updater.exe -> Not selected
[Suspicious.Path] %WINDIR%\Tasks\gQzcL9rHh.job -- C:\Users\Admin\AppData\Roaming\gQzcL9rHh.exe (--c=EqkMEK7eb+PMKvtLurqwfejXYaEjyK+TJ5XoBA7W0kOCphHSoiYY7U/O94gIBVjeCArR3z/stiq6Gm+tqSclvi00pqUCo+VnIDq1raT/DLyv4Bg3mZvaB+lWcLydePDoWm/RCVX/dxg4qkxgfxXeFS/5psSuvezWvzORWue1ig2mQUhHlE8S4zgOPt/qVsut2R3daT+I809xs7ufgDr6dVcLuTN9v3ytcfiF9sKyldeCKGeMfULvIB5UQb8lmA2dqd0h7GVecrziyHlQ181GGpl05++NBQm9eSvJHLkRQzQ4x+okM3zaQ/vJ8+kYg8TQ6z18DzgXNhGpRmRq2q220w==) -> Not selected
[Suspicious.Path] %WINDIR%\Tasks\jj5CVMyU2Wb3.job -- C:\Users\Admin\AppData\Roaming\jj5CVMyU2Wb3.exe (--c=Hvubm0djaGWB+JYyEqA9ciitF7KSK2sc/8NY0iJ0jxaXEVeZtLEkiKFvT8q4WrfhYFFVs8Fc543sPl7Nt4ib/lB26g/U9htbs6R4uwYsHjbMYQ94LO/Bzi+f7BVFkTJ9mthoAE4lePREEUFSyFfcxLVGKVCTSRFqPVJvSIbe7p4CyHVaKfT98MJsqykFavOCPIez0gFULJ3m0tRYUsmmzGffkwSO+hltwmq9ciAr3Ejhf/rrR7ucFdoDaeY6wkZArJMtSHkWGjl2cOJpb82eJz5/+GAWOaHl2HDiVEQ1lfKHXPDKE0o+IgOwwlsEs3F7MeZv47wU8YI0I/D/fLVDGQ==) -> Not selected
[Suspicious.Path] %WINDIR%\Tasks\Zw3tkg9axTRPEAwUDKPUFQ25.job -- C:\Users\Admin\AppData\Roaming\Zw3tkg9axTRPEAwUDKPUFQ25.exe (--c=MYdOW17vVVxukivKQsEc/IthU25auu2kGxHUroOby5/uTkvKK+Kr/1VwTtRIvN0wDiWUOoVmGbu+ngjpnyArReUKBCEnnjfkml6J6i2j+6cl9IXxXOPP5LRwsg3MYZOTlqx9LVOD035lRjXdknqx6UYkQ0NQLHkNubD/JdnQewJtLM22qfJybEqIgHCnIZGM/6+HdDCYwGjHFmfuasb6V4VACRSWMpEOpADx/+FRTEJXctlHn/FDhtcLvcv+zvOyFRO8t8ojQqCnzg7D3HxItV+zC0LFU+fTGhHDfTnnhMjsB5W1kJzdLxs04kDUjt7AG6F2GyV7E94ukRRdjuJItg==) -> Not selected
[Suspicious.Path] \98b34e9ryCSMFdERhJCz -- C:\Users\Admin\AppData\Roaming\98b34e9ryCSMFdERhJCz.exe (--c=SikebpHOw2tx6elZhubqfDBHsdX4sQfY1TYJ9RBnkIRpRYFenBzd6H4zAeoNThCYfo3bZtnEgAjK/8I2ON+sI9IB+An5Vkxkj30fxkvEYEt6gqioV7h18IDYBvOyiSjqxQcCzZjTFClvbKKwErhTvkhP4zxB/urLCurW2H3bb90Y3kTXD0gjJ2YXoWNjuKFvOVLuihhHujbylA0l8iQYdrXCbNr4rUklVcratHQ7+Dnrr9GTTyuJL6SUOAUHUepIzERdCPRuXiSyRsp7lUp2wmiR2Zw4vmAVGuK6WrCtJBggosAQngMbnu9fHhN6MYqAf6x7c+yvAAfrBGMfygAQ0Q==) -> Not selected
[Suspicious.Path] \AmiUpdXp -- C:\Users\Admin\AppData\Local\8053\Updater.exe -> Not selected
[Suspicious.Path] \gQzcL9rHh -- C:\Users\Admin\AppData\Roaming\gQzcL9rHh.exe (--c=EqkMEK7eb+PMKvtLurqwfejXYaEjyK+TJ5XoBA7W0kOCphHSoiYY7U/O94gIBVjeCArR3z/stiq6Gm+tqSclvi00pqUCo+VnIDq1raT/DLyv4Bg3mZvaB+lWcLydePDoWm/RCVX/dxg4qkxgfxXeFS/5psSuvezWvzORWue1ig2mQUhHlE8S4zgOPt/qVsut2R3daT+I809xs7ufgDr6dVcLuTN9v3ytcfiF9sKyldeCKGeMfULvIB5UQb8lmA2dqd0h7GVecrziyHlQ181GGpl05++NBQm9eSvJHLkRQzQ4x+okM3zaQ/vJ8+kYg8TQ6z18DzgXNhGpRmRq2q220w==) -> Not selected
[Suspicious.Path] \Inst_Rep -- C:\Users\Admin\AppData\Local\Installer\Install_24236\DCytdieamodc_amodc_setup.exe (/S /REPORT /NUM=10 /AFF=amodcI02919_0_0_0_0,c1f8b5fc-cfc2-4c45-8cf6-c013e91e40b2,/S /MAG=AMODC /SUB=2919) -> Not selected
[Suspicious.Path] \jj5CVMyU2Wb3 -- C:\Users\Admin\AppData\Roaming\jj5CVMyU2Wb3.exe (--c=Hvubm0djaGWB+JYyEqA9ciitF7KSK2sc/8NY0iJ0jxaXEVeZtLEkiKFvT8q4WrfhYFFVs8Fc543sPl7Nt4ib/lB26g/U9htbs6R4uwYsHjbMYQ94LO/Bzi+f7BVFkTJ9mthoAE4lePREEUFSyFfcxLVGKVCTSRFqPVJvSIbe7p4CyHVaKfT98MJsqykFavOCPIez0gFULJ3m0tRYUsmmzGffkwSO+hltwmq9ciAr3Ejhf/rrR7ucFdoDaeY6wkZArJMtSHkWGjl2cOJpb82eJz5/+GAWOaHl2HDiVEQ1lfKHXPDKE0o+IgOwwlsEs3F7MeZv47wU8YI0I/D/fLVDGQ==) -> Not selected
[Suspicious.Path] \Zw3tkg9axTRPEAwUDKPUFQ25 -- C:\Users\Admin\AppData\Roaming\Zw3tkg9axTRPEAwUDKPUFQ25.exe (--c=MYdOW17vVVxukivKQsEc/IthU25auu2kGxHUroOby5/uTkvKK+Kr/1VwTtRIvN0wDiWUOoVmGbu+ngjpnyArReUKBCEnnjfkml6J6i2j+6cl9IXxXOPP5LRwsg3MYZOTlqx9LVOD035lRjXdknqx6UYkQ0NQLHkNubD/JdnQewJtLM22qfJybEqIgHCnIZGM/6+HdDCYwGjHFmfuasb6V4VACRSWMpEOpADx/+FRTEJXctlHn/FDhtcLvcv+zvOyFRO8t8ojQqCnzg7D3HxItV+zC0LFU+fTGhHDfTnnhMjsB5W1kJzdLxs04kDUjt7AG6F2GyV7E94ukRRdjuJItg==) -> Not selected

¤¤¤ Files : 14 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Security Toolbar\TBCampaignINSP.txt -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\Admin\Desktop\The Sims 4 Deluxe Edition.lnk [LNK@] F:\THESIM~1\THESIM~1.EXE -> Not selected
[PUP.uTorrentAds][File] C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deleted
[PUP.uTorrentAds][File] C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Deleted
[PUP.ModGoog|PUP.Gen1][Folder] C:\Users\Admin\AppData\Local\globalUpdate -> Deleted
[PUP.ModGoog|PUP.Gen1][Folder] C:\Users\Admin\AppData\Local\globalUpdate\CrashReports -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> ERROR [3]
[PUP.AutoIt.Gen][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs\Settings Application.lnk [LNK@] C:\PROGRA~1\WIN7CO~1\Tools\SETTIN~1.EXE -> Deleted
[PUP.AutoIt.Gen][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs\Uninstall Win7codecs.lnk [LNK@] C:\PROGRA~1\WIN7CO~1\Tools\SETTIN~1.EXE uninstall -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files\Win7codecs\Tools\conflict.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files\Win7codecs\Tools\Settings32.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\Admin\Desktop\The Sims 4 Deluxe Edition.lnk [LNK@] F:\THESIM~1\THESIM~1.EXE -> Not selected

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUM.SearchEngine][Firefox:Config] i7p503c2.default-1439149941763 : user_pref("browser.search.selectedEngine", "Yahoo! Search Engine"); -> Not selected
[PUM.SearchEngine][Firefox:Config] i7p503c2.default-1439149941763 : user_pref("browser.search.defaultenginename", "Yahoo! Search Engine"); -> Not selected
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.oursurfing.com/?type=hpp...t&uid=WDCXWD800BB-00JHC0_WD-WMAM9M99445894458] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BB-00JHC0 ATA Device +++++
--- User ---
[MBR] d3e7ec256dfc8ee2d7c05fb680212d49
[BSP] 763451703bb08f8659fb7db191e75d34 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 20002 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 40965750 | Size: 56305 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: STM3500418AS ATA Device +++++
--- User ---
[MBR] cc178f27ed38963056e72660592de606
[BSP] 302e7cbdef4a6b54eb24b1e677f4df5a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Broni · Apr 23, 2018

Good news but your MBAM log says "No Action By User".
Re-run MBAM, fix all issues and post fresh log.

Devwa · Apr 24, 2018

Oh sorry, I posted the wrong log (I made one before dealing with the threats)
Here is the actual one:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/23/18
Scan Time: 7:23 AM
Log File: 174e9d6e-46ae-11e8-b37d-00ff8b60df69.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4842
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Admin-PC\Admin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 345303
Threats Detected: 84
Threats Quarantined: 84
Time Elapsed: 44 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 28
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Inst_Rep, Quarantined, [1670], [238813],1.0.4842
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2683EF7-4D6A-445D-A7A5-EEB75193244A}, Quarantined, [1670], [238813],1.0.4842
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E2683EF7-4D6A-445D-A7A5-EEB75193244A}, Quarantined, [1670], [238813],1.0.4842
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AmiUpdXp, Quarantined, [6213], [251671],1.0.4842
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDD6A4F5-2D24-4A6B-8357-EA522A97BECC}, Quarantined, [6213], [251671],1.0.4842
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BDD6A4F5-2D24-4A6B-8357-EA522A97BECC}, Quarantined, [6213], [251671],1.0.4842
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATESERVICE, Quarantined, [381], [404154],1.0.4842
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46840AD8-C31D-4D34-9182-15F026D7D294}, Quarantined, [381], [404154],1.0.4842
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{46840AD8-C31D-4D34-9182-15F026D7D294}, Quarantined, [381], [404154],1.0.4842
PUP.Optional.ObjectBrowser, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Object Browser-nv-ie, Quarantined, [3171], [241274],1.0.4842
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [387], [237370],1.0.4842
PUP.Optional.CrossRider, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [387], [246383],1.0.4842
PUP.Optional.Somoto, HKLM\SOFTWARE\SEARCHULT, Quarantined, [434], [243334],1.0.4842
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Quarantined, [6217], [235414],1.0.4842
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Quarantined, [6217], [235414],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\butyjuqy, Quarantined, [3815], [257691],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu, Quarantined, [3815], [257690],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu, Quarantined, [3815], [257691],1.0.4842
PUP.Optional.DeskCut, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [1725], [237724],1.0.4842
PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, Quarantined, [1476], [168875],1.0.4842
PUP.Optional.SupTab, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, Quarantined, [1476], [168875],1.0.4842
PUP.Optional.SupTab, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, Quarantined, [1476], [168875],1.0.4842
PUP.Optional.SupTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, Quarantined, [1476], [168875],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [416], [167636],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [416], [167636],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, Quarantined, [416], [169563],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\DREAM.CAPTURE, Quarantined, [416], [169563],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, Quarantined, [416], [169563],1.0.4842

Registry Value: 8
Trojan.Agent.BCM, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46840AD8-C31D-4D34-9182-15F026D7D294}|PATH, Quarantined, [3637], [404152],1.0.4842
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDD6A4F5-2D24-4A6B-8357-EA522A97BECC}|PATH, Quarantined, [416], [262355],1.0.4842
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2683EF7-4D6A-445D-A7A5-EEB75193244A}|PATH, Quarantined, [1670], [258425],1.0.4842
PUP.Optional.Somoto, HKLM\SOFTWARE\SEARCHULT|SOMO, Quarantined, [434], [243334],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\butyjuqy|IMAGEPATH, Quarantined, [3815], [257691],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu|IMAGEPATH, Quarantined, [3815], [257690],1.0.4842
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu|IMAGEPATH, Quarantined, [3815], [257691],1.0.4842
PUP.Optional.DeskCut, HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\MOZILLA\EXTENDS|APPID, Quarantined, [1725], [237724],1.0.4842

Registry Data: 3
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, Replaced, [1179], [291142],1.0.4842
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replaced, [1179], [291142],1.0.4842
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F34F7871-6B4F-4CC1-BBA9-906100AE495B}|NameServer, Replaced, [2766], [293687],1.0.4842

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.SupTab, C:\USERS\ADMIN\SUPTAB, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.Amonetize, C:\USERS\ADMIN\APPDATA\LOCAL\8053, Quarantined, [416], [186636],1.0.4842

File: 43
PUP.Optional.Goobzo, C:\WINDOWS\SYSTEM32\TASKS\INST_REP, Quarantined, [1670], [238813],1.0.4842
PUP.Optional.SoftwareUpdater.A, C:\WINDOWS\SYSTEM32\TASKS\AMIUPDXP, Quarantined, [6213], [251671],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\domain, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\expirationDate, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\hotsearch, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\hotsearch_uptime, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\name, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\path, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\set_country, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\set_z, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\TABts, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\uid, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\url, Quarantined, [1476], [179904],1.0.4842
PUP.Optional.SupTab, C:\Users\Admin\SupTab\_ver, Quarantined, [1476], [179904],1.0.4842
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\UPDATESERVICE, Quarantined, [381], [404154],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fulltab.com_0.localstorage, Quarantined, [2299], [443392],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fulltab.com_0.localstorage-journal, Quarantined, [2299], [443392],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Quarantined, [2299], [443391],1.0.4842
PUP.Optional.FullTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [2299], [443391],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Quarantined, [1705], [443123],1.0.4842
PUP.Optional.Amonetize, C:\USERS\ADMIN\APPDATA\LOCAL\8053\status.cfg, Quarantined, [416], [186636],1.0.4842
PUP.Optional.Amonetize, C:\Users\Admin\AppData\Local\8053\Updater.xml, Quarantined, [416], [186636],1.0.4842
PUP.Optional.SoftwareUpdater, C:\WINDOWS\TASKS\AMIUPDXP.JOB, Quarantined, [4391], [251669],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.myway.com_0.localstorage, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_howtosimplified.dl.myway.com_0.localstorage-journal, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.myway.com_0.localstorage, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.myway.com_0.localstorage-journal, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.myway.com_0.localstorage, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_totalrecipesearch.dl.myway.com_0.localstorage-journal, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.MindSpark.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, Quarantined, [1705], [443124],1.0.4842
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, Quarantined, [8242], [393793],1.0.4842
Adware.Elex.ShrtCln, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [245], [454721],1.0.4842
Adware.Elex.ShrtCln, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [245], [454721],1.0.4842
PUP.Optional.ASK, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2], [454825],1.0.4842
PUP.Optional.ASK, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2], [454825],1.0.4842

Physical Sector: 0
(No malicious items detected)

(end)

And yes, I deleted them from quarantine.

Broni · Apr 24, 2018

Good

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Devwa · Apr 25, 2018

Man...This thing really does his job!
Here's the log:
ComboFix 18-03-14.01 - Admin 04/25/2018 15:23:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1739 [GMT 3:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1437399323.bdinstall.bin
c:\programdata\1437399575.bdinstall.bin
c:\programdata\1437399577.bdinstall.bin
c:\users\Admin\AppData\Local\assembly\tmp
c:\users\Admin\AppData\Local\assembly\tmp\MGBWX9HW\__AssemblyInfo__.ini
c:\users\Admin\AppData\Local\assembly\tmp\MGBWX9HW\Xilium.CefGlue.DLL
c:\windows\capsys184523.log
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((((( Files Created from 2018-03-25 to 2018-04-25 )))))))))))))))))))))))))))))))
.
.
2018-04-25 12:45 . 2018-04-25 12:45 220896 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-04-25 12:42 . 2018-04-25 12:47 -------- d-----w- c:\users\Admin\AppData\Local\temp
2018-04-23 13:11 . 2018-04-23 13:14 -------- d-----w- C:\AdwCleaner
2018-04-23 04:22 . 2018-03-19 09:57 58656 ----a-w- c:\windows\system32\drivers\mbae.sys
2018-04-23 04:22 . 2018-04-23 04:22 -------- d-----w- c:\program files\Malwarebytes
2018-04-22 15:50 . 2018-04-22 15:50 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-04-22 15:49 . 2018-04-22 18:15 -------- d-----w- c:\programdata\RogueKiller
2018-04-22 15:49 . 2018-04-22 15:49 -------- d-----w- c:\program files\RogueKiller
2018-04-22 05:40 . 2018-04-22 05:47 -------- d-----w- C:\FRST
2018-04-21 07:28 . 2018-04-21 07:28 -------- d-----w- c:\program files\Common Files\AV
2018-04-21 07:26 . 2018-04-25 12:47 -------- d-----w- c:\programdata\Kaspersky Lab
2018-04-21 07:26 . 2018-04-21 07:30 -------- d-----w- c:\program files\Kaspersky Lab
2018-04-21 07:26 . 2018-04-21 07:26 229592 ----a-w- c:\windows\system32\drivers\klhk.sys
2018-04-21 07:26 . 2018-04-21 07:26 164056 ----a-w- c:\windows\system32\drivers\klflt.sys
2018-04-21 06:54 . 2018-04-21 07:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2018-04-15 11:54 . 2018-03-14 17:14 535040 ----a-w- c:\windows\system32\aeinv.dll
2018-04-15 11:54 . 2018-03-14 13:04 594944 ----a-w- c:\windows\system32\generaltel.dll
2018-04-15 11:54 . 2018-03-14 13:04 507392 ----a-w- c:\windows\system32\devinv.dll
2018-04-15 11:54 . 2018-03-14 13:04 338432 ----a-w- c:\windows\system32\invagent.dll
2018-04-15 11:54 . 2018-03-14 13:04 338432 ----a-w- c:\windows\system32\centel.dll
2018-04-15 11:54 . 2018-03-14 13:04 238592 ----a-w- c:\windows\system32\acmigration.dll
2018-04-15 11:54 . 2018-03-14 13:04 190976 ----a-w- c:\windows\system32\aepic.dll
2018-04-15 11:54 . 2018-03-14 13:04 1319424 ----a-w- c:\windows\system32\appraiser.dll
2018-04-15 11:54 . 2018-03-14 17:18 116928 ----a-w- c:\windows\system32\CompatTelRunner.exe
2018-04-15 11:54 . 2018-03-14 13:04 1893376 ----a-w- c:\windows\system32\aitstatic.exe
2018-04-07 14:50 . 2018-04-21 07:17 -------- d-----w- C:\Temp
2018-04-07 14:42 . 2018-04-07 14:42 -------- d-----w- c:\program files\SWF File Player
2018-04-01 13:05 . 2018-04-01 13:06 -------- d-----w- c:\users\Admin\AppData\Local\Temporary Projects
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-04-21 12:15 . 2017-10-11 16:37 133987696 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2018-04-21 07:47 . 2016-10-11 11:14 50888 ----a-w- c:\windows\system32\drivers\klim6.sys
2018-04-21 07:47 . 2017-12-24 01:58 98496 ----a-w- c:\windows\system32\drivers\klbackupflt.sys
2018-04-15 11:23 . 2014-03-25 12:03 804864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-04-15 11:23 . 2014-03-25 12:03 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-03-31 01:09 . 2018-04-15 11:58 70144 ----a-w- c:\windows\system32\TSpkg.dll
2018-03-31 01:09 . 2018-04-15 11:58 172032 ----a-w- c:\windows\system32\wdigest.dll
2018-03-31 01:09 . 2018-04-15 11:58 400896 ----a-w- c:\windows\system32\srcore.dll
2018-03-31 01:09 . 2018-04-15 11:58 99840 ----a-w- c:\windows\system32\sspicli.dll
2018-03-31 01:09 . 2018-04-15 11:58 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2018-03-31 01:09 . 2018-04-15 11:58 43008 ----a-w- c:\windows\system32\srclient.dll
2018-03-31 01:09 . 2018-04-15 11:58 254464 ----a-w- c:\windows\system32\schannel.dll
2018-03-31 01:09 . 2018-04-15 11:58 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2018-03-31 01:09 . 2018-04-15 11:58 141312 ----a-w- c:\windows\system32\rpchttp.dll
2018-03-31 01:09 . 2018-04-15 11:58 22016 ----a-w- c:\windows\system32\secur32.dll
2018-03-31 00:49 . 2018-04-15 11:58 262656 ----a-w- c:\windows\system32\rstrui.exe
2018-03-31 00:47 . 2018-04-15 11:58 69632 ----a-w- c:\windows\system32\smss.exe
2018-03-31 00:47 . 2018-04-15 11:58 15872 ----a-w- c:\windows\system32\sspisrv.dll
2018-03-28 07:18 . 2018-04-15 11:58 2404352 ----a-w- c:\windows\system32\win32k.sys
2018-03-22 20:52 . 2018-04-15 11:58 499712 ----a-w- c:\windows\system32\vbscript.dll
2018-03-22 20:28 . 2018-04-15 11:58 73216 ----a-w- c:\windows\system32\tdc.ocx
2018-03-22 19:55 . 2018-04-15 11:58 2767872 ----a-w- c:\windows\system32\wininet.dll
2018-03-09 18:12 . 2018-04-15 11:58 111616 ----a-w- c:\windows\system32\t2embed.dll
2018-03-06 18:11 . 2018-04-15 11:58 52224 ----a-w- c:\windows\system32\wsnmp32.dll
2018-03-06 18:11 . 2018-04-15 11:58 184320 ----a-w- c:\windows\system32\scksp.dll
2018-02-22 03:06 . 2018-04-15 11:58 134656 ----a-w- c:\windows\system32\WinSCard.dll
2018-02-18 21:34 . 2018-04-15 11:58 535616 ----a-w- c:\windows\system32\winload.exe
2018-02-10 18:49 . 2018-04-15 11:58 21696 ----a-w- c:\windows\system32\streamci.dll
2018-02-10 18:23 . 2018-04-15 11:58 330240 ----a-w- c:\windows\system32\zipfldr.dll
2018-02-10 17:36 . 2018-04-15 11:58 40960 ----a-w- c:\windows\system32\sdchange.exe
2018-01-25 14:04 . 2018-04-15 11:58 922944 ----a-w- c:\windows\system32\ucrtbase.dll
2015-08-16 16:59 . 2015-08-16 16:59 1169408 ----a-w- c:\program files\SSS44GGS.exe
2015-07-20 13:48 . 2015-07-20 13:48 1169408 ----a-w- c:\program files\UUU66IIU.exe
2015-07-01 12:23 . 2015-07-01 12:23 1169408 ----a-w- c:\program files\OOO00CCO.exe
2015-06-23 16:18 . 2015-06-23 16:18 1169408 ----a-w- c:\program files\AAAMMYYY.exe
2015-06-23 16:18 . 2015-06-23 16:18 1169408 ----a-w- c:\program files\YYAAMMYM.exe
2015-06-23 16:18 . 2015-06-23 16:18 1169408 ----a-w- c:\program files\IIIUU666.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-11-10 08:52 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-11-10 08:52 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-11-10 08:52 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2018-04-23 10:12 289104 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-05 143144]
"Steam"="e:\heroes\steam.exe" [2018-04-02 3199776]
"Wargaming.net Game Center"="c:\programdata\Wargaming.net\GameCenter\wgc.exe" [2018-04-24 2119544]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2016-11-24 3519168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-02-24 12021464]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2018-4-25 3642688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 KSDE2.0.0;Kaspersky Secure Connection Service 2.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [2017-01-24 354672]
R2 Mobizen plugin;Mobizen plugin;c:\program files\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-04-05 317400]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2013-11-29 1296728]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2017-10-31 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys [2017-10-31 40504]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files\EasyAntiCheat\EasyAntiCheat.exe [2017-12-19 526888]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2018-03-22 104960]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-08-13 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-25 1343400]
R3 XDva409;XDva409;c:\windows\system32\XDva409.sys [x]
R3 XDva410;XDva410;c:\windows\system32\XDva410.sys [x]
R3 XDva415;XDva415;c:\windows\system32\XDva415.sys [x]
R3 XDva423;XDva423;c:\windows\system32\XDva423.sys [x]
R3 XDva424;XDva424;c:\windows\system32\XDva424.sys [x]
R3 XDva425;XDva425;c:\windows\system32\XDva425.sys [x]
R3 XDva511;XDva511;c:\windows\system32\XDva511.sys [x]
R3 XDva534;XDva534;c:\windows\system32\XDva534.sys [x]
R3 XDva535;XDva535;c:\windows\system32\XDva535.sys [x]
R3 XDva536;XDva536;c:\windows\system32\XDva536.sys [x]
R3 XDva537;XDva537;c:\windows\system32\XDva537.sys [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys [2016-12-26 176864]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2017-12-24 62184]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2018-04-21 98496]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2018-04-21 229592]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2018-04-21 50888]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2017-12-24 45552]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2017-12-24 75760]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys [2017-12-24 120544]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2017-12-24 165088]
S2 AVP18.0.0;Kaspersky Anti-Virus Service 18.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe [2017-01-24 354672]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2015-03-03 112856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2015-03-03 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2015-03-03 794328]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2016-05-31 69000]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-03-27 4707104]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S3 Disc Soft Pro Bus Service;Disc Soft Pro Bus Service;c:\program files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [2016-11-24 1730240]
S3 dtproscsibus;DAEMON Tools Pro Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtproscsibus.sys [2017-11-01 26168]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2018-04-21 164056]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2016-12-23 50400]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2016-12-07 51424]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys [2016-06-06 48056]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2018-04-25 220896]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-03-23 14:37 1634648 ----a-w- c:\program files\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-07-31 22:31 324080 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2018-04-24 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000Core.job
- c:\users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 09:45]
.
2018-04-24 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000UA.job
- c:\users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search Engine
FF - prefs.js: browser.startup.homepage - hxxps://ro.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180325__yaff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-HyperCam 2 - c:\program files\HyperCam 2\HcUnInst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\keyiso.dll
.
- - - - - - - > 'Explorer.exe'(10008)
c:\windows\System32\pnidui.dll
c:\windows\System32\Actioncenter.dll
c:\windows\System32\SyncCenter.dll
c:\windows\System32\bthprops.cpl
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
e:\program files\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
e:\heroes\bin\cef\cef.win7\steamwebhelper.exe
e:\heroes\bin\cef\cef.win7\steamwebhelper.exe
c:\program files\Common Files\Steam\SteamService.exe
e:\heroes\bin\cef\cef.win7\steamwebhelper.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2018-04-25 15:54:00 - machine was rebooted
ComboFix-quarantined-files.txt 2018-04-25 12:53
.
Pre-Run: 9,797,169,152 bytes free
Post-Run: 32,103,165,952 bytes free
.
- - End Of File - - 023FB5229B9CE5D6310E82FC44CC459C
A36C5E4F47E84449FF07ED3517B43A31

Broni · Apr 25, 2018

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Devwa · Apr 26, 2018

I forgot to say that ComboFix did a penta kill

Anyway, here's the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19.04.2018
Ran by Admin (administrator) on ADMIN-PC (26-04-2018 15:20:50)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & (Available Profiles: Admin)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Hi-Rez Studios) E:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) E:\heroes\Steam.exe
(Valve Corporation) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
(Valve Corporation) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Steam] => E:\heroes\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2119544 2018-04-24] (Wargaming.net)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3519168 2016-11-24] (Disc Soft Ltd)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\Run: [Steam] => E:\heroes\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2119544 2018-04-24] (Wargaming.net)
HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3519168 2016-11-24] (Disc Soft Ltd)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F34F7871-6B4F-4CC1-BBA9-906100AE495B}: [NameServer] ,8.8.8.8
Tcpip\..\Interfaces\{F34F7871-6B4F-4CC1-BBA9-906100AE495B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-51145358-2442092094-1609093457-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-51145358-2442092094-1609093457-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ro.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180325__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ro.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180325__yaie&p={searchTerms}
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll [2018-04-21] (AO Kaspersky Lab)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-19] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll [2018-04-21] (AO Kaspersky Lab)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF DefaultProfile: i7p503c2.default-1439149941763
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763 [2018-04-25]
FF Homepage: Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763 -> hxxps://ro.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180325__yaff
FF NewTab: Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763 -> hxxps://ro.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180325__yaff
FF Extension: (Firebug) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\Extensions\firebug@software.joehewitt.com.xpi [2017-10-16] [Legacy]
FF Extension: (Dust-Me Selectors) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\Extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37} [2017-11-11] [Legacy]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7p503c2.default-1439149941763\searchplugins\yahoo-lavasoft-ff59.xml [2018-03-25]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gelmk903.dev-edition-default [2018-03-25]
FF Homepage: Mozilla\Firefox\Profiles\gelmk903.dev-edition-default -> hxxps://google.ro/
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-04-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.ro/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-04-25]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Black blue shards) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgoflmajhinnohnhkfeggflmmppiilck [2017-06-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP18.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [392192 2015-03-06] (BlueStack Systems, Inc.) [File not signed]
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-03-03] (BlueStack Systems, Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1730240 2016-11-24] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-12-19] (EasyAntiCheat Ltd)
U2 HiPatchService; E:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KSDE2.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15904544 2014-02-05] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Mobizen plugin; C:\Program Files\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-03-03] (BlueStack Systems)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [176864 2016-12-26] (AO Kaspersky Lab)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2017-10-31] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2017-10-31] (Disc Soft Ltd)
R3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [26168 2017-11-01] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [58656 2018-03-19] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [62184 2017-12-24] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [98496 2018-04-21] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [164056 2018-04-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [229592 2018-04-21] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [835784 2018-04-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50888 2018-04-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [50400 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [51424 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45552 2017-12-24] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75760 2017-12-24] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [120544 2017-12-24] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165088 2017-12-24] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-25] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [93920 2018-04-26] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [72824 2018-04-26] (Malwarebytes)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
S3 XDva415; \??\C:\Windows\system32\XDva415.sys [X]
S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
S3 XDva424; \??\C:\Windows\system32\XDva424.sys [X]
S3 XDva425; \??\C:\Windows\system32\XDva425.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 XDva536; \??\C:\Windows\system32\XDva536.sys [X]
S3 XDva537; \??\C:\Windows\system32\XDva537.sys [X]

Devwa · Apr 26, 2018

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-26 15:20 - 2018-04-26 15:21 - 000023078 _____ C:\Users\Admin\Desktop\FRST.txt
2018-04-26 15:19 - 2018-04-26 15:19 - 000000000 ____D C:\Users\Admin\Desktop\frst old log
2018-04-25 16:01 - 2018-04-26 15:18 - 000072824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-25 16:01 - 2018-04-26 15:17 - 000093920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-25 16:01 - 2018-04-26 15:17 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-25 16:01 - 2018-04-25 16:01 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-25 15:54 - 2018-04-25 15:54 - 000022219 _____ C:\ComboFix.txt
2018-04-25 15:45 - 2018-04-26 15:16 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-25 15:20 - 2011-06-26 09:45 - 000256000 _____ C:\Windows\PEV.exe
2018-04-25 15:20 - 2010-11-07 20:20 - 000208896 _____ C:\Windows\MBR.exe
2018-04-25 15:20 - 2009-04-20 07:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-04-25 15:20 - 2000-08-31 03:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-04-25 15:20 - 2000-08-31 03:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-04-25 15:20 - 2000-08-31 03:00 - 000098816 _____ C:\Windows\sed.exe
2018-04-25 15:20 - 2000-08-31 03:00 - 000080412 _____ C:\Windows\grep.exe
2018-04-25 15:20 - 2000-08-31 03:00 - 000068096 _____ C:\Windows\zip.exe
2018-04-25 15:19 - 2018-04-25 15:54 - 000000000 ____D C:\Qoobox
2018-04-25 15:18 - 2018-04-25 15:52 - 000000000 ____D C:\Windows\erdnt
2018-04-25 15:17 - 2018-04-25 15:17 - 005659794 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2018-04-25 15:17 - 2018-04-25 15:17 - 005659794 _____ (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2018-04-25 15:14 - 2018-04-25 15:14 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-23 16:11 - 2018-04-23 16:14 - 000000000 ____D C:\AdwCleaner
2018-04-23 16:11 - 2018-04-23 16:11 - 007256272 _____ (Malwarebytes) C:\Users\Admin\Desktop\AdwCleaner.exe
2018-04-23 16:10 - 2018-04-23 16:11 - 007256272 _____ (Malwarebytes) C:\Users\Admin\Downloads\AdwCleaner.exe
2018-04-23 16:10 - 2018-04-23 16:11 - 007256272 _____ (Malwarebytes) C:\Users\Admin\Downloads\AdwCleaner (1).exe
2018-04-23 08:18 - 2018-04-23 08:18 - 000013296 _____ C:\Users\Admin\Desktop\MalwareB reo.txt
2018-04-23 08:08 - 2018-04-23 08:08 - 000013851 _____ C:\Users\Admin\Desktop\MB report.txt
2018-04-23 07:22 - 2018-04-23 07:22 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-23 07:22 - 2018-04-23 07:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-23 07:22 - 2018-04-23 07:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-23 07:22 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
2018-04-23 07:21 - 2018-04-23 07:21 - 073551144 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4834 (1).exe
2018-04-23 07:20 - 2018-04-23 07:21 - 073551144 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4834.exe
2018-04-22 21:13 - 2018-04-22 21:13 - 000146242 _____ C:\Users\Admin\Desktop\report.txt
2018-04-22 18:50 - 2018-04-22 18:50 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-22 18:49 - 2018-04-22 21:15 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-22 18:49 - 2018-04-22 18:49 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-22 18:49 - 2018-04-22 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-22 18:49 - 2018-04-22 18:49 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-22 18:47 - 2018-04-22 18:47 - 036543568 _____ (Adlice Software ) C:\Users\Admin\Downloads\RogueKiller_setup_ref3.exe
2018-04-22 08:40 - 2018-04-26 15:18 - 000000000 ____D C:\FRST
2018-04-22 08:40 - 2018-04-22 08:40 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2018-04-22 08:39 - 2018-04-22 08:40 - 001764864 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2018-04-22 08:39 - 2018-04-22 08:39 - 001753600 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2018-04-21 17:08 - 2018-04-21 17:08 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.10.3.1001.exe
2018-04-21 16:42 - 2018-04-21 16:47 - 000090479 _____ C:\Users\Admin\Downloads\avira_registry_cleaner_en.zip
2018-04-21 15:08 - 2018-04-21 15:08 - 042808440 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Windows-KB890830-V5.59 (1).exe
2018-04-21 15:07 - 2018-04-21 15:08 - 042808440 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\Windows-KB890830-V5.59.exe
2018-04-21 10:30 - 2018-04-21 10:30 - 000001206 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-04-21 10:30 - 2018-04-21 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-04-21 10:28 - 2018-04-21 10:28 - 000000000 ____D C:\Program Files\Common Files\AV
2018-04-21 10:27 - 2018-04-21 10:27 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-04-21 10:27 - 2018-04-21 10:27 - 000002053 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2018-04-21 10:27 - 2018-04-21 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2018-04-21 10:26 - 2018-04-26 15:19 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-21 10:26 - 2018-04-21 10:47 - 000835784 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-04-21 10:26 - 2018-04-21 10:30 - 000000000 ____D C:\Program Files\Kaspersky Lab
2018-04-21 10:26 - 2018-04-21 10:26 - 000229592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-04-21 10:26 - 2018-04-21 10:26 - 000164056 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-04-21 09:54 - 2018-04-21 10:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-04-21 09:49 - 2018-04-21 09:50 - 000012148 _____ C:\Users\Admin\Downloads\Kaspersky.Anti-Virus+Internet.Security+Total.Security.2017.17.0.0.611.0.1709.0-FiLELiST.torrent
2018-04-15 14:58 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-15 14:58 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-15 14:58 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-04-15 14:58 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-15 14:58 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-04-15 14:58 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-15 14:58 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-15 14:58 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-15 14:58 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-15 14:58 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-15 14:58 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-15 14:58 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-15 14:58 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-15 14:58 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-15 14:58 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-15 14:58 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-15 14:58 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-15 14:58 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-15 14:58 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-15 14:58 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-15 14:58 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-15 14:58 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-15 14:58 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-15 14:58 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-15 14:58 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-15 14:58 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-15 14:58 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-15 14:58 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-15 14:58 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-15 14:58 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-15 14:58 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-15 14:58 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-15 14:58 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-15 14:58 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-15 14:58 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-15 14:58 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-15 14:58 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-15 14:58 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-15 14:58 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-15 14:58 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-15 14:58 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-15 14:58 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-15 14:58 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-15 14:58 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-15 14:58 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-15 14:58 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-15 14:58 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-15 14:58 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-15 14:58 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-15 14:58 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-15 14:58 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-15 14:58 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-15 14:58 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-15 14:58 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-15 14:58 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-15 14:58 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-15 14:58 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-15 14:58 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-04-15 14:58 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-15 14:58 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-15 14:58 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-15 14:58 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-15 14:58 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-15 14:58 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-15 14:58 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-15 14:58 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-15 14:58 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-15 14:58 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-15 14:58 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-15 14:58 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-04-15 14:58 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-15 14:58 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-15 14:58 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-15 14:58 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-15 14:58 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-04-15 14:58 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-15 14:58 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-15 14:58 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-15 14:58 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-15 14:58 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-15 14:58 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-15 14:58 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-15 14:58 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-15 14:58 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-15 14:58 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-15 14:58 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-15 14:58 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-15 14:58 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-15 14:58 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-15 14:58 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-15 14:58 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-15 14:58 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-15 14:58 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-15 14:58 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-15 14:58 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-15 14:58 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-15 14:54 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-15 14:54 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-15 14:54 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-15 14:54 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-10 12:49 - 2018-04-10 12:50 - 014479242 _____ C:\Users\Admin\Downloads\BPMOD_More_Cakes.zip
2018-04-08 14:42 - 2018-04-08 14:42 - 007892518 _____ C:\Users\Admin\Downloads\» L.O.L Sounds «.rar
2018-04-07 17:50 - 2018-04-21 10:17 - 000000000 ____D C:\Temp
2018-04-07 17:50 - 2012-05-07 04:30 - 033810432 _____ C:\Users\Admin\Desktop\Fancy Pants Adventure World 3.exe
2018-04-07 17:49 - 2018-04-07 17:49 - 045742105 _____ C:\Users\Admin\Downloads\Fancy Pants Adventure.rar
2018-04-07 17:44 - 2018-04-07 17:44 - 009427312 _____ C:\Users\Admin\Downloads\fancy_pants_adventure_world_2 (1).swf
2018-04-07 17:42 - 2018-04-07 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWF File Player
2018-04-07 17:42 - 2018-04-07 17:42 - 000000000 ____D C:\Program Files\SWF File Player
2018-04-07 17:41 - 2018-04-07 17:41 - 000415159 _____ (swffileplayer.com ) C:\Users\Admin\Downloads\swffileplayer_setup.exe
2018-04-07 17:40 - 2018-04-07 17:41 - 001718640 _____ C:\Users\Admin\Downloads\fancy_pants_adventure_world_1.swf
2018-04-07 17:39 - 2018-04-07 17:39 - 009427312 _____ C:\Users\Admin\Downloads\fancy_pants_adventure_world_2.swf
2018-04-07 15:07 - 2018-04-19 19:02 - 000001339 _____ C:\Users\Admin\Desktop\BadPiggies.lnk
2018-04-07 13:31 - 2018-04-07 13:31 - 000166903 _____ C:\Users\Admin\Downloads\BP-Requests3.contraptions.zip
2018-04-07 13:23 - 2018-04-07 13:23 - 014487397 _____ C:\Users\Admin\Downloads\BadPiggiesMOD.18.08.2014.zip
2018-04-07 13:09 - 2018-04-07 13:09 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Rovio
2018-04-07 13:07 - 2018-04-07 13:07 - 042551756 _____ C:\Users\Admin\Downloads\Bad Piggies Hack Islender.zip
2018-04-05 17:53 - 2018-04-05 18:02 - 000002824 _____ C:\Users\Admin\Downloads\Opening Undefeatable Chests! Drakensang Online.mp4.sfk
2018-04-05 17:53 - 2018-04-05 17:53 - 000411982 _____ C:\Users\Admin\Downloads\Opening Undefeatable Chests! Drakensang Online.mp4
2018-04-05 17:49 - 2018-04-05 17:50 - 000086888 _____ C:\Users\Admin\Downloads\Devwa - LEVEL 55!! [Finally] Drakensang Online.mp4.sfk
2018-04-05 17:49 - 2018-04-05 17:49 - 009164819 _____ C:\Users\Admin\Downloads\Devwa - LEVEL 55!! [Finally] Drakensang Online.mp4
2018-04-05 17:47 - 2018-04-05 17:48 - 000004200 _____ C:\Users\Admin\Downloads\How To Trick People You Have Lots of Money Drakensang Online.mp4.sfk
2018-04-05 17:47 - 2018-04-05 17:47 - 000195843 _____ C:\Users\Admin\Downloads\How To Trick People You Have Lots of Money Drakensang Online.mp4
2018-04-05 17:46 - 2018-04-05 17:46 - 000509847 _____ C:\Users\Admin\Downloads\Armor Comparision Drakensang Online (1).mp4
2018-04-05 17:46 - 2018-04-05 17:46 - 000004200 _____ C:\Users\Admin\Downloads\Armor Comparision Drakensang Online (1).mp4.sfk
2018-04-05 17:44 - 2018-04-05 17:44 - 000509847 _____ C:\Users\Admin\Downloads\Armor Comparision Drakensang Online.mp4
2018-04-05 17:42 - 2018-04-05 17:42 - 000004200 _____ C:\Users\Admin\Downloads\I GOT PROXIMA! Marvel Future Fight.mp4.sfk
2018-04-05 17:41 - 2018-04-05 17:41 - 001504875 _____ C:\Users\Admin\Downloads\I GOT PROXIMA! Marvel Future Fight.mp4
2018-04-05 17:37 - 2018-04-05 17:38 - 000004200 _____ C:\Users\Admin\Downloads\HAPPY NEW YEAR.mp4.sfk
2018-04-05 17:37 - 2018-04-05 17:37 - 000291376 _____ C:\Users\Admin\Downloads\HAPPY NEW YEAR.mp4
2018-04-05 17:34 - 2018-04-05 17:34 - 000683198 _____ C:\Users\Admin\Downloads\Shadow Fight 2 Beat Titan With Flame Clubs.mp4
2018-04-05 17:30 - 2018-04-05 17:30 - 000635222 _____ C:\Users\Admin\Downloads\Minecraft 1.101.111.12 How to get crazy enchantments.mp4
2018-04-05 17:27 - 2018-04-05 17:27 - 000674071 _____ C:\Users\Admin\Downloads\Drakensang Online Stellar Gold Event.mp4
2018-04-05 17:23 - 2018-04-05 17:23 - 000375925 _____ C:\Users\Admin\Downloads\Drakensang all bosses (Heredur-Medusa) (1).mp4
2018-04-05 17:22 - 2018-04-05 17:22 - 000001490 _____ C:\Users\Admin\Downloads\Drakensang all bosses (Heredur-Medusa).mp4
2018-04-04 19:54 - 2018-04-04 19:54 - 000008443 _____ C:\Users\Admin\Documents\Speedrun.lsl
2018-04-04 19:46 - 2018-04-04 19:46 - 000008442 _____ C:\Users\Admin\Documents\Layout.lsl
2018-04-04 19:42 - 2018-04-07 15:05 - 000006903 _____ C:\Users\Admin\Documents\Drakensang Online - World run.lss
2018-04-04 19:34 - 2018-04-04 19:34 - 000000911 _____ C:\Users\Admin\Desktop\LiveSplit.lnk
2018-04-04 19:30 - 2018-04-04 19:31 - 008791782 _____ C:\Users\Admin\Downloads\LiveSplit_1.7.5.zip
2018-04-03 16:57 - 2018-04-03 16:57 - 000121320 _____ C:\Users\Admin\Downloads\Crash.Time.III-SKIDROW (1).torrent
2018-04-01 16:05 - 2018-04-01 16:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Temporary Projects
2018-03-31 19:07 - 2018-03-31 19:07 - 001834563 _____ C:\Users\Admin\Downloads\MTS_weerbesu_1729947_UI_Cheats_Extension_v1.10.zip
2018-03-30 15:04 - 2018-04-03 15:33 - 000001981 _____ C:\Users\Public\Desktop\Action!.lnk
2018-03-29 17:50 - 2018-03-29 17:50 - 000357269 _____ C:\Users\Admin\Downloads\Generator v2.0.117.zip
2018-03-29 17:50 - 2018-01-01 21:08 - 000393216 _____ () C:\Users\Admin\Desktop\Generator v2.0.117.exe
2018-03-29 17:48 - 2018-03-29 17:48 - 000731370 _____ C:\Users\Admin\Downloads\Woop woop (1).zip
2018-03-29 17:35 - 2018-04-19 19:05 - 000000000 ____D C:\Users\Admin\Desktop\Even More Stuff
2018-03-27 20:08 - 2018-03-27 20:08 - 000050734 _____ C:\Users\Admin\Downloads\Jazzy Note Blocks By Aaron Grooves (Animation vs. Minecraft Music).mp3.mid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-26 15:15 - 2015-08-09 21:13 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-04-26 15:14 - 2014-03-25 20:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-26 15:14 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-25 18:00 - 2017-02-19 13:41 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2018-04-25 17:02 - 2015-06-17 13:33 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000UA.job
2018-04-25 17:02 - 2015-06-17 13:33 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000Core.job
2018-04-25 15:55 - 2009-07-14 07:34 - 000026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-25 15:55 - 2009-07-14 07:34 - 000026080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-25 15:46 - 2009-07-14 05:04 - 000000215 _____ C:\Windows\system.ini
2018-04-25 15:42 - 2009-07-14 05:03 - 086507520 _____ C:\Windows\system32\config\SOFTWARE.bak
2018-04-25 15:42 - 2009-07-14 05:03 - 018087936 _____ C:\Windows\system32\config\SYSTEM.bak
2018-04-25 15:42 - 2009-07-14 05:03 - 001572864 _____ C:\Windows\system32\config\DEFAULT.bak
2018-04-25 15:42 - 2009-07-14 05:03 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2018-04-25 15:42 - 2009-07-14 05:03 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2018-04-25 15:14 - 2015-01-27 12:35 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2018-04-23 08:09 - 2014-03-25 14:22 - 000000000 ____D C:\Users\Admin
2018-04-23 07:22 - 2015-08-09 21:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-22 21:12 - 2014-03-25 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2018-04-21 16:49 - 2015-08-16 19:50 - 000000000 ____D C:\Program Files\Avira
2018-04-21 16:49 - 2015-01-08 18:23 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-21 16:49 - 2015-01-08 18:23 - 000000000 ____D C:\ProgramData\Avira
2018-04-21 15:15 - 2017-10-11 19:37 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-21 15:13 - 2014-04-24 15:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-21 10:47 - 2017-12-24 04:58 - 000098496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-04-21 10:47 - 2016-10-11 14:14 - 000050888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-04-21 10:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2018-04-21 10:22 - 2017-06-19 10:46 - 000001945 _____ C:\Windows\epplauncher.mif
2018-04-21 10:22 - 2017-05-31 18:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2018-04-21 09:50 - 2018-03-25 12:18 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent
2018-04-19 19:07 - 2017-05-27 14:23 - 000000000 ____D C:\Users\Admin\Desktop\Other stuff
2018-04-19 19:07 - 2016-12-25 17:05 - 000000000 ____D C:\Users\Admin\Desktop\Commands
2018-04-16 19:35 - 2010-11-21 00:01 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 19:28 - 2009-07-14 07:33 - 000420496 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-16 19:25 - 2015-04-16 16:31 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-16 19:25 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-15 15:09 - 2014-04-24 15:18 - 000000000 ____D C:\Windows\system32\MRT
2018-04-15 14:23 - 2014-03-25 15:03 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-04-15 14:23 - 2014-03-25 15:03 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-04-15 14:23 - 2014-03-25 15:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-07 15:19 - 2014-03-28 19:17 - 000000000 ____D C:\Users\Admin\Documents\Cross Fire
2018-04-07 12:56 - 2014-03-25 18:17 - 000000000 ____D C:\Program Files\Common Files\Steam
2018-04-03 15:33 - 2017-05-20 15:36 - 000000000 ____D C:\Program Files\Mirillis
2018-04-03 15:33 - 2017-02-19 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2018-04-01 16:05 - 2017-12-31 13:49 - 000000000 ____D C:\Users\Admin\Documents\Visual Studio 2017
2018-03-30 13:54 - 2015-06-17 13:33 - 000000000 ____D C:\Users\Admin\AppData\Local\Dropbox
2018-03-29 17:46 - 2017-09-02 11:07 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla

==================== Files in the root of some directories =======

2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\AAAMMYYY.exe
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\IIIUU666.exe
2015-07-01 15:23 - 2015-07-01 15:23 - 001169408 _____ (wj32) C:\Program Files\OOO00CCO.exe
2015-08-16 19:59 - 2015-08-16 19:59 - 001169408 _____ (wj32) C:\Program Files\SSS44GGS.exe
2015-07-20 16:48 - 2015-07-20 16:48 - 001169408 _____ (wj32) C:\Program Files\UUU66IIU.exe
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\YYAAMMYM.exe
2017-01-25 18:50 - 2017-02-26 17:35 - 000008192 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-10 12:19 - 2015-05-10 12:19 - 000000833 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2017-03-26 17:12 - 2017-03-26 17:21 - 000000552 _____ () C:\Users\Admin\AppData\Local\TroubleshooterConfig.json
2014-07-08 18:52 - 2014-07-08 18:52 - 000000000 _____ () C:\Users\Admin\AppData\Local\{82412A15-975A-419C-BAD0-F07D5FEE1225}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-21 14:51

==================== End of FRST.txt ============================

Devwa · Apr 26, 2018

Why always my logs are spam?

[/url][/IMG]

Here is the pastebin link:
https://pastebin.com/Cj31VKH1

[/url][/IMG]

Broni · Apr 26, 2018

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19.04.2018
Ran by Admin (26-04-2018 15:22:33)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-03-25 11:21:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-51145358-2442092094-1609093457-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-51145358-2442092094-1609093457-500 - Administrator - Disabled)
Guest (S-1-5-21-51145358-2442092094-1609093457-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-51145358-2442092094-1609093457-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 17.00 beta (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Action! (HKLM\...\Mirillis Action!) (Version: 1.29.0 - Mirillis)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Angry Birds Breakfast 1 (HKLM\...\{EFF26980-6632-40D0-9F98-4BF7C93AEA73}) (Version: 1.0.16 - Rovio Entertainment Ltd.)
ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Bandicam (HKLM\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
Blender (HKLM\...\{C64896A1-5BFD-4FBA-A85E-7DD122A1A9E8}) (Version: 2.79.0 - Blender Foundation)
BlueStacks App Player (HKLM\...\{0A3C7091-0D14-476A-A5B2-036EEB81488C}) (Version: 0.9.15.5208 - BlueStack Systems, Inc.)
Camtasia Studio 8 (HKLM\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM\...\{D1844DC3-B378-47CC-AB40-7FC16C79A2CD}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Crash Time 4 - The Syndicate (HKLM\...\Crash Time 4 - The Syndicate_is1) (Version: - dtp)
Crossfire Europe (HKLM\...\Crossfire Europe) (Version: 1.172 - MAYN INTERACTIVE)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.1.0.0654 - Disc Soft Ltd)
Drakensang Online (HKLM\...\Drakensang Online) (Version: - )
Dropbox (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
EDU Aventuri de poveste (HKLM\...\EDU Aventuri de poveste) (Version: 01.00.00.00 - Editura EDU)
EDU Roti de Fier (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\EDU Roti de Fier) (Version: 01.00.00.00 - Editura EDU)
EDU Roti de Fier (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\EDU Roti de Fier) (Version: 01.00.00.00 - Editura EDU)
Epic Games Launcher Prerequisites (x86) (HKLM\...\{B633DAAD-9294-4C7D-A625-D5B741A8C2B6}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firefox Developer Edition 58.0 (x86 en-US) (HKLM\...\Firefox Developer Edition 58.0 (x86 en-US)) (Version: 58.0 - Mozilla)
FL Studio 10 (HKLM\...\FL Studio 10) (Version: - Image-Line)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Launcher Prerequisites (x86) (HKLM\...\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Note Block Studio version 3.3.3 (HKLM\...\{0E1D8C28-6DCF-452D-A0C4-E08A0E252FE8}_is1) (Version: 3.3.3 - Stuff by David)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.1 (x86 ro) (HKLM\...\Mozilla Firefox 58.0.1 (x86 ro)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F36}) (Version: 4.0.16 - dotPDN LLC)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Roblox Player for Admin (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Player for Admin (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Studio for Admin (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Roblox Studio for Admin (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
RogueKiller version 12.12.13.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.13.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.321 - NVIDIA Corporation) Hidden
SimCity™ Societies (HKLM\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 7.37 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWF File Player (HKLM\...\{6A86F611-906C-422D-B34A-103662CBC195}_is1) (Version: - swffileplayer.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
The Sims 4 Deluxe Edition version 1.3.33.1010 Update 11 (HKLM\...\The Sims 4 Deluxe Edition_is1) (Version: 1.3.33.1010 Update 11 - GMT-MAX.ORG)
Total War Arena EU (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\TWA.EU.PRODUCTION) (Version: - Wargaming.net)
Total War Arena EU (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\TWA.EU.PRODUCTION) (Version: - Wargaming.net)
Unity Web Player (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi)
vcpp_crt.redist.clickonce (HKLM\...\{0074562E-F896-4994-9086-79F8BC8DE02C}) (Version: 14.12.25830 - Microsoft Corporation) Hidden
Vegas Pro 10.0 (HKLM\...\{5AC11070-A1CB-11E0-A0DC-0013D3D69929}) (Version: 10.0.737 - Sony)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Community 2017 (HKLM\...\0ffe0973) (Version: 15.5.27130.2010 - Microsoft Corporation)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VS Script Debugging Common (HKLM\...\{9D219D8F-0DE3-40F5-ADAD-C15A028CF0BB}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\Wargaming.net Game Center) (Version: 18.2.0.8935 - Wargaming.net)
Wargaming.net Game Center (HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\Wargaming.net Game Center) (Version: 18.2.0.8935 - Wargaming.net)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.1 - Shark007)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{0e758f0f-8faf-4231-b3f4-1e63ccebefa4}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_helper.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde}\InprocServer32 -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{1b3e6947-d9ac-4c3f-8aee-609b5ee64b2e}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_helper.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{41F2ED58-C7A8-43D8-8F5A-E15229560913}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{AAEF5EAE-A7E1-406E-B7C9-7757228AA56E}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\pluginhost.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{AD74D2F3-71DE-4DD0-8197-0A684CEE3DA3}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_helper.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{0e758f0f-8faf-4231-b3f4-1e63ccebefa4}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_helper.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde}\InprocServer32 -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{1b3e6947-d9ac-4c3f-8aee-609b5ee64b2e}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_helper.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{41F2ED58-C7A8-43D8-8F5A-E15229560913}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{AAEF5EAE-A7E1-406E-B7C9-7757228AA56E}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\pluginhost.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{AD74D2F3-71DE-4DD0-8197-0A684CEE3DA3}\localserver32 -> C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_helper.exe (Wargaming.net)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)

Broni · Apr 26, 2018

CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => F:\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-11-10] (Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\shellex.dll [2018-04-21] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\shellex.dll [2018-04-21] (AO Kaspersky Lab)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-11-10] (Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\shellex.dll [2018-04-21] (AO Kaspersky Lab)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-03-04] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\shellex.dll [2018-04-21] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-51145358-2442092094-1609093457-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-51145358-2442092094-1609093457-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-51145358-2442092094-1609093457-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-04-23] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028E04D7-7877-4ECF-A032-F78354FC5295} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000Core => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {0AFAE91B-4D0D-49E1-B8FD-A6C1E406EC81} - System32\Tasks\{04009FBE-5B29-4F0D-BAF2-B2274A3AD16E} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\chromeinstall-8u25.exe -d C:\Users\Admin\Downloads
Task: {31426DA5-D6F3-4431-A454-CB135EEA53AA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-15] (Adobe Systems Incorporated)
Task: {4C870060-33B6-4EE9-8C86-339ABF395D7D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000UA => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {8FE1176C-BD4B-48FB-ADE9-F502B08CB81A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A4183D97-3822-4DF1-A8E4-E16F983C08A3} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-04-21] (AO Kaspersky Lab)
Task: {A7E826F5-64FD-47E3-948B-4E981E1ADD2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-15] (Adobe Systems Incorporated)
Task: {BE7A27EB-C5B0-4C8D-8754-D3383601BE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DCECA34D-1BAC-4E6C-B32D-4B39D0F94E2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000Core.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-51145358-2442092094-1609093457-1000UA.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) ==============

2014-03-25 20:21 - 2014-03-04 15:34 - 000109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-04-21 10:27 - 2018-04-21 10:27 - 000836968 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\kpcengine.2.3.dll
2016-12-23 23:33 - 2018-01-11 05:05 - 000784672 _____ () E:\heroes\SDL2.dll
2016-12-23 23:33 - 2016-09-01 04:02 - 004969248 _____ () E:\heroes\v8.dll
2016-12-23 23:33 - 2016-09-01 04:02 - 001563936 _____ () E:\heroes\icui18n.dll
2016-12-23 23:33 - 2016-09-01 04:02 - 001195296 _____ () E:\heroes\icuuc.dll
2016-12-23 23:33 - 2018-04-03 02:34 - 002631968 _____ () E:\heroes\video.dll
2017-12-15 15:47 - 2017-12-20 04:43 - 005137696 _____ () E:\heroes\libavcodec-57.dll
2017-12-15 15:47 - 2017-12-20 04:43 - 000847136 _____ () E:\heroes\libavutil-55.dll
2017-12-15 15:47 - 2017-12-20 04:43 - 000695584 _____ () E:\heroes\libavformat-57.dll
2017-12-15 15:47 - 2017-12-20 04:43 - 000351520 _____ () E:\heroes\libavresample-3.dll
2017-12-15 15:47 - 2017-12-20 04:43 - 000783648 _____ () E:\heroes\libswscale-4.dll
2016-12-23 23:33 - 2018-04-03 02:34 - 000977184 _____ () E:\heroes\bin\chromehtml.DLL
2016-12-23 23:33 - 2016-07-05 01:17 - 000266560 _____ () E:\heroes\openvr_api.dll
2017-06-09 13:57 - 2017-09-07 05:04 - 000678400 _____ () E:\heroes\bin\cef\cef.win7\SDL2.dll
2016-12-23 23:34 - 2017-12-14 00:16 - 071471392 _____ () E:\heroes\bin\cef\cef.win7\libcef.dll
2016-12-23 23:33 - 2015-09-25 02:52 - 000119208 _____ () E:\heroes\winh264.dll
2018-04-25 15:13 - 2018-04-23 13:15 - 000866120 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-04-25 15:13 - 2018-04-23 13:15 - 002079048 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-04-15 14:21 - 2018-04-23 13:15 - 000100312 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000018896 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\select.pyd
2018-04-15 14:21 - 2018-04-23 13:16 - 000020808 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000035808 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000694232 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000021856 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000130520 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 001856864 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000022880 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-04-25 15:13 - 2018-04-23 13:15 - 000145880 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-04-25 15:13 - 2018-04-23 13:15 - 000116696 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-04-15 14:21 - 2018-04-23 13:15 - 000105944 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000022872 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000063312 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000024536 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000077120 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-04-25 15:13 - 2018-04-23 13:15 - 000392664 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-04-25 15:13 - 2018-04-23 13:15 - 000020952 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000124888 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000114136 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-04-15 14:21 - 2018-04-23 13:16 - 000392520 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000026464 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000043480 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000024024 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000175576 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000030168 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000026072 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000048600 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000057816 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000021840 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000023376 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000022864 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000066400 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 003863880 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000084944 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\sip.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 001798464 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 001959232 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000028632 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000155472 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000521544 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000051024 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000043336 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000131400 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000219984 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000204104 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000025440 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000060888 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000054616 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000024024 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000022880 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000022368 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000021856 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000022368 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000027496 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-04-15 14:21 - 2018-04-23 13:15 - 000349144 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-04-15 14:21 - 2018-04-23 13:17 - 000023904 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000025432 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-04-25 15:13 - 2018-04-23 13:15 - 000036312 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\librsync.dll
2018-04-15 14:21 - 2018-04-23 13:17 - 000021856 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000181064 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-04-15 14:21 - 2018-04-23 13:17 - 000030544 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000024384 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-04-25 15:13 - 2018-04-23 13:16 - 001638208 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-04-15 14:21 - 2018-04-23 13:17 - 000026464 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000546632 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000359744 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-04-25 15:13 - 2018-04-23 13:16 - 000038216 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2018-04-23 07:22 - 2018-03-12 15:09 - 001936672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-23 07:22 - 2018-03-27 13:47 - 001912096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-51145358-2442092094-1609093457-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-11-23 18:44 - 2018-04-25 15:45 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-51145358-2442092094-1609093457-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6DC26B7F-536F-4063-9D32-D7F9FA57FA5F}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{A263A380-031E-4F23-9BE9-8F411C28123A}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{175CB71F-CE1C-439C-8C65-74C317C738B8}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{3FA846D6-7C5A-4589-9733-D43769AAB4F6}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{3DDB6214-0CB1-41BF-8E49-904809F174C6}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{51D24BAA-0F53-4816-AF80-CB0808A5642D}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{0284CD5C-1BDA-453B-8BD4-436E303BE881}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{F73C17B0-620D-4DFC-A703-CAE767B6224D}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{4025F7C2-BDA6-4719-A786-B2B6046D76D3}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7BE351C4-EB3F-472F-A51B-6C45083E7A1D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3D46DA49-49F3-4829-8522-D0B0835C8B5F}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{CD3BB603-AE00-4A4F-A30E-136DDB3F086F}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F283D48C-70CF-4B84-8CF5-2432E2BC1547}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{86760438-52A6-4648-B537-3D9DCFA42E19}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8901D3CE-BED0-4D9A-9D63-21D98904A0EF}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{F87ACD97-FE99-475C-A6DF-296D81642B04}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{3ADAD896-FCEF-461F-A45D-71C77B485645}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{A6465B56-8D95-448A-930A-DBEE221A5EC1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{38A5A242-365D-4734-92E2-6FFFDE1BAA35}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E014B89E-A115-454B-999A-2BD7F6A1C179}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C84733ED-C9EF-431F-A369-1FE4202938A2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{10FFC9B6-9C26-4BF7-9707-4155553CD542}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{660907D7-1798-4B92-B7D5-BC6549343A77}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{88C298D8-28D2-404D-A9BC-D8BD9AF3491D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3BF1FC36-B730-4D2B-83AF-9F3758B9AB5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AC1EF16D-6649-4BE8-9977-FD4C7F1C1CB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{871DE06A-569C-4D24-86B7-2979B0881DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{106BA889-EBB0-4E3C-86EF-409C0C8A9C19}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5F51ABC0-12EF-48C5-94A8-67B445774902}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DAA3674F-A531-4EE0-9705-E427107E0059}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{92DDEDF9-175B-455A-B40B-6931EE185CEF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5801DAAB-ECDF-4CFE-B7F0-DCA0369EED16}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E1FA0C1E-3A2B-4F1F-A490-084A8EDD37A9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{080591D4-7574-477B-A9C9-1646A9723720}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8D016B2B-58D8-403F-B463-47EC5288F287}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8F2E1B62-5D5A-4A6B-AE57-3281334894C4}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B9F0CA37-CBA9-4CD2-829A-CE7DA56C382A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{27EA2BF8-134D-4DA7-A311-3B3C3848D5E0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FC1D3E9F-C844-41AB-B625-DD877CD4058C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E13A77CA-3500-4F4D-9B70-74AB1663CD08}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{01A75506-9897-4335-A619-435FE34B9A3F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E6591303-A620-47E9-A241-D1BEE63ABDD5}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FA268864-34C6-42F3-A010-98E5C0EB8887}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D23D698D-E529-4697-8F0E-995C45EB5BDE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C954F5D4-097B-4EEF-981A-50AA1B7AC517}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FEA43AC1-9F7A-450F-91C7-240C6C99BD57}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{ADD527C1-085D-4858-B5B5-1F55840742BA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{44F168FF-3463-4023-B6EA-2596E34396A9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8FAE23EB-D3C3-4E30-A5D0-0F2DB040B65B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{01ED1996-BE85-49E4-A504-DB8AD5796504}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{98E0633C-0595-4EFF-A73A-BA4602C16C82}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A9401298-A296-4E3F-99D8-DC1D8DF188C2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5761EBC0-915D-4CE8-A658-331347E54D97}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6EE0817A-8383-43B2-92E1-B06C065DD361}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7F788BEA-977E-4628-8A79-C1F24B035414}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F529ABD-D451-4B66-B01A-1845A84FBA42}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8961D1A2-1B9F-4BF7-B211-8207248CA468}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AEA7510B-2851-4D19-AC8C-F5C1B7D1296A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6D7E5CCE-6169-46AB-8BEF-CB0E10A73B17}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{788A2B8F-881D-4513-922C-9187AADCC037}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0EDE4FF8-F51B-482B-B438-34EFE3E8CAB6}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{10F443F0-F9FB-48CD-8B56-BC7A6F9A10BC}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C3E1C5B1-09E2-4C18-B0CA-8CF0979DD3AA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D0470C1E-FBF7-47F7-8C70-9CB43C78A496}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{193C4EF2-13E6-4625-97C9-FDA2A6761071}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{90FC0C6E-5FF0-4AE2-AC37-419FCCAC491F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{40314AC0-5FCF-475C-8F79-45262D8314DA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5476AAFB-1349-4D24-9349-EE6CB41A18E3}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{77BAD2CD-D8CA-44CA-806C-A1F518C51765}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{72988FDB-5361-4253-A462-CC8B585FD50B}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A08CEB03-6D4E-4938-A5A0-029823DC21A2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EA4A9372-2AE5-46D7-A01C-0952DC82D82D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{164237F0-639A-43D8-9848-CA3F22AFB5A9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{163B62DB-444B-4478-B5DA-593E4C57267C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{30D95BE9-220D-4697-B1BF-70F3A0B28890}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5B1827EE-6995-4489-8076-2256115F3AE2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F35FADD4-DE64-4A64-BFE8-85A05B02DA7B}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{04CC3710-F636-4FA9-80DD-357EA4A6A260}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2E74D83D-EA52-4731-98FA-B5788E76299D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7E990947-79AF-4E0D-9341-BFDA9C91C59F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F20F52A8-FA11-4E21-98D8-A4929B6DD45D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3CF30E04-24A4-4790-8C88-77529FB81720}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{41F03F8E-74A9-41F8-88D0-4D265B62DE8E}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6764B4DA-97E2-4B68-86B1-2C7B24B314D2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9190C5E4-8ABA-44DE-ADBD-2972022977D1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F2061428-7005-4D36-B713-A505A365053F}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1FCD57AE-DF00-4642-9251-D2204C75202B}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4B1B30A9-C5F5-49AB-BFB4-7549FAC9E5BA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B634885B-1C3E-4A6E-9D5E-849C0D1FE38D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{63A3A34A-F29F-4F86-8B9A-B01BDBBE3561}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DAB8E0E7-0A7A-48C0-9640-3ED3437E7F8C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4C2F2AFF-E181-4FA3-9941-8E31B0549029}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B6A3FF5D-DA13-4414-A803-8260574DEDFB}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F6166568-378B-43A5-A155-85BA79BC8032}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{03AB01FA-666A-4F88-8122-1197E865E8BD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A3831D43-91DE-4E10-921F-8E6E7A5B09F5}] => (Allow) E:\CrossFire\Crossfire Europe\CF_SGIN.exe
FirewallRules: [{F61627A0-3AC7-4F21-9A18-60E4DE24D911}] => (Allow) E:\CrossFire\Crossfire Europe\CF_SGIN.exe
FirewallRules: [{8AC80BA3-04EC-4089-A69A-7379FED51B2B}] => (Allow) E:\CrossFire\Crossfire Europe\CF_SGIN.exe
FirewallRules: [{C4649B91-208B-4CFD-BFF5-C74FFC8CDFDF}] => (Allow) E:\CrossFire\Crossfire Europe\CF_SGIN.exe
FirewallRules: [TCP Query User{CE0A38E4-92AF-4E52-8847-38798F4EE7E4}E:\wot\wotlauncher.exe] => (Allow) E:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{6A35CA16-C2F5-47F8-A513-9C8171BFF4EB}E:\wot\wotlauncher.exe] => (Allow) E:\wot\wotlauncher.exe
FirewallRules: [TCP Query User{3692FDD7-5A7D-4098-B792-5A7C72EC1C21}E:\wot\worldoftanks.exe] => (Allow) E:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{38C24AA6-6635-41F9-970C-674A4D9D5B8C}E:\wot\worldoftanks.exe] => (Allow) E:\wot\worldoftanks.exe
FirewallRules: [TCP Query User{AF58B558-14D8-4DD2-A0AF-469A5F24EB1D}C:\program files\bitcomet\bitcomet.exe] => (Block) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{C5D24C65-446B-4A69-ADD0-622EA6EE3748}C:\program files\bitcomet\bitcomet.exe] => (Block) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [{4E8DFB45-97A3-4F83-84EC-CABFA58CD1D4}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{CF9ECA07-02CE-4D53-873B-14C92069F82A}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{FBA24712-E9CC-4462-A205-8BEA3828350B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{01D2E2FF-C88A-4E17-B9FA-50FD9F26A250}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D284844B-9252-4CFF-9BBD-3CC321FE958F}] => (Allow) E:\Battle.net\Battle.net.exe
FirewallRules: [{4DC2A35F-6ECE-42A1-9E1B-C6A6D81D16B6}] => (Allow) E:\Battle.net\Battle.net.exe
FirewallRules: [{944244A0-C088-48A2-9E98-539B9ED145D0}] => (Allow) E:\Hearthstone\Hearthstone.exe
FirewallRules: [{20189597-5CD5-4AF0-850C-6624B670D60C}] => (Allow) E:\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{2E07E31B-E9BC-46AD-9AB4-65D153CD226F}G:\easysetupassistant\easysetupassistant.exe] => (Allow) G:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{FDDBA80D-0CFC-42D5-9E76-E8C7A334C78D}G:\easysetupassistant\easysetupassistant.exe] => (Allow) G:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{70C16F34-72E5-4AE4-9B74-13B12ABAACAB}G:\openarena-0.8.1\openarena.exe] => (Block) G:\openarena-0.8.1\openarena.exe
FirewallRules: [UDP Query User{7EDC2D33-C07B-4C61-B9FD-562A992DB45B}G:\openarena-0.8.1\openarena.exe] => (Block) G:\openarena-0.8.1\openarena.exe
FirewallRules: [{758128FF-8000-4E6E-BF6F-303597384741}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A68FD185-B348-4E65-B41B-E07CF2379D70}] => (Allow) LPort=2869
FirewallRules: [{88962147-BEB2-4CEE-9DAC-8CF16B4605CE}] => (Allow) LPort=1900
FirewallRules: [{0FFC8B49-BFBE-4608-847F-339433C6934F}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{83F4009F-783B-44C9-99AD-FEB913120889}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7570DF00-C779-44A6-A3DD-CEB399E5F5A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{6E63564F-9418-4D83-9608-B9E7F51A71A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{A84E7224-8146-4582-A49C-083658797573}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{E5BF052A-81D5-40D8-ADBF-386CD7C45458}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{392F9A72-9069-42D8-ADF5-EE6CE6DE3CFA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C6FD3B2E-FBB0-4CC5-A9D0-75E950F7A312}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{06E92707-B7B5-4833-AB1E-CD817D722F2A}E:\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe

Broni · Apr 26, 2018

FirewallRules: [UDP Query User{C83F9DF3-0837-4B68-BC60-11E0F4082D7B}E:\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{D1A47C0A-9827-4E69-9275-72424E4A1B2F}F:\dungeon lords mmxii\dlords2012.exe] => (Block) F:\dungeon lords mmxii\dlords2012.exe
FirewallRules: [UDP Query User{409C1D45-4195-4880-8A9B-71EEC482C7EA}F:\dungeon lords mmxii\dlords2012.exe] => (Block) F:\dungeon lords mmxii\dlords2012.exe
FirewallRules: [TCP Query User{DD55449C-9F35-449B-B6DD-0F1B5FDBB4C8}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{298177C1-7B07-49CF-ABB3-EE55195AB867}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{CD94F3BA-D3A8-44B6-96B5-C34A6DD4C891}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{57812093-14CC-4405-B695-02F9FF903463}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{4D488667-1FEF-48C8-9712-573415DBE5E4}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Block) C:\program files\java\jre1.8.0_111\bin\java.exe
FirewallRules: [UDP Query User{44195406-9BF7-42FD-BF01-8FCF3E2791B5}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Block) C:\program files\java\jre1.8.0_111\bin\java.exe
FirewallRules: [{5E38E930-EC57-480C-A1EB-0B22D3A7BB47}] => (Allow) E:\heroes\Steam.exe
FirewallRules: [{259B99FD-EEBC-4E1F-A93A-E151D7175958}] => (Allow) E:\heroes\Steam.exe
FirewallRules: [{6776CA89-6438-43DB-994F-9D78736C0A95}] => (Allow) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30A88870-99DD-4B8C-AB39-86CAEE0913D4}] => (Allow) E:\heroes\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E2EB79DE-2CFC-45B6-9B63-94523034ED6D}] => (Allow) E:\heroes\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe
FirewallRules: [{9A63D2D0-75E9-44C0-9FD4-C4736F5BF5FB}] => (Allow) E:\heroes\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe
FirewallRules: [{28CD2161-6C58-4CE6-9D96-B2BD708BB239}] => (Allow) E:\heroes\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe
FirewallRules: [{2A5CA9E3-53C9-4E31-8881-2A129ABB4D19}] => (Allow) E:\heroes\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe
FirewallRules: [{65169954-8F81-4DA4-BE95-FA8C1709B430}] => (Allow) E:\heroes\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe
FirewallRules: [{63086BFB-49D1-4D95-953D-7E4E8DC91C12}] => (Allow) E:\heroes\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe
FirewallRules: [TCP Query User{C02BB34C-F837-48AA-856C-673419E36A4D}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{0A28DEAE-8A68-40A7-803E-36BE308EBD19}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{CC6527F4-1924-4D2F-8AF2-50E410195AA3}] => (Allow) LPort=8317
FirewallRules: [{9AB3FF11-AD79-4CAA-879C-96FED9CA6477}] => (Allow) F:\T.A.B.Z\steamapps\common\Totally Accurate Battle Zombielator\GAME.exe
FirewallRules: [{D3BFF437-378B-47A3-B42C-7942D66D0DB6}] => (Allow) F:\T.A.B.Z\steamapps\common\Totally Accurate Battle Zombielator\GAME.exe
FirewallRules: [TCP Query User{E4116402-217B-4F8D-91F2-A508A58C1B3B}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{1F395E30-7F9E-454A-85E5-A016DFCCFEC4}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{424E6E27-B43A-4207-B781-9D734BF61E4A}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{834D7885-0AC4-406F-BED4-B4F087EEEC83}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B649A5A6-87A4-4A11-8712-E696D4B55455}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0DB356EE-2E80-44B6-B402-11015EA80FD5}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B679885-05A1-4D76-BF61-E98C4D7BE13E}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D44E6A3D-D069-497F-A520-99CD70CB47C4}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CE4FAFB1-FEF6-4F0D-84A7-73F7DFAD9DBD}F:\unreal engine\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) F:\unreal engine\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{5044C37C-015E-4933-A01D-861B9D864133}F:\unreal engine\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) F:\unreal engine\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{61C2079D-50A9-474D-915F-245E54B2BE34}] => (Block) F:\unreal engine\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{9B927CE7-B2CD-4BFD-96E6-5791C2F6B14E}] => (Block) F:\unreal engine\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{2A1DE31E-676B-4AE7-BAB8-09FB06FBFAE1}F:\unity\editor\unity.exe] => (Allow) F:\unity\editor\unity.exe
FirewallRules: [UDP Query User{4258C401-22FE-4EAF-80DD-55F85511F05F}F:\unity\editor\unity.exe] => (Allow) F:\unity\editor\unity.exe
FirewallRules: [{323E5406-7EF6-4718-B40E-B8045BADC6C3}] => (Block) F:\unity\editor\unity.exe
FirewallRules: [{0F89BA2F-9693-42EA-98F6-891154EA9B94}] => (Block) F:\unity\editor\unity.exe
FirewallRules: [TCP Query User{9BAF5A74-8B34-42FA-B3BA-2CDFEFAD9183}F:\unity\monodevelop\bin\monodevelop.exe] => (Block) F:\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{9026A27A-097D-463F-B518-C767A50BAD50}F:\unity\monodevelop\bin\monodevelop.exe] => (Block) F:\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{43F8903E-E93E-4581-B741-8D1025ADCFB9}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EDF071FA-06E8-44E2-B2D1-3AB72007F1D8}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D4195B05-8AC7-49B9-BE6B-25C4A7C62EA6}E:\wot\worldoftanks.exe] => (Allow) E:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{AD0A495D-AEBB-445D-B064-D14AF6437C4F}E:\wot\worldoftanks.exe] => (Allow) E:\wot\worldoftanks.exe
FirewallRules: [TCP Query User{8ED60F48-DA8C-4613-9B36-0C7E26A5C1F2}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{2532DCA9-5BEC-4769-B410-69C2CBF5F11F}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{46C0E0C0-4EC4-4F4D-86CB-1FCEB894411C}G:\openarena-0.8.1\openarena.exe] => (Allow) G:\openarena-0.8.1\openarena.exe
FirewallRules: [UDP Query User{6BC1BE25-FE8D-42BA-81F0-825A87AB4D9F}G:\openarena-0.8.1\openarena.exe] => (Allow) G:\openarena-0.8.1\openarena.exe
FirewallRules: [TCP Query User{253A6F81-6C79-48F1-B5FC-24EDB67E14F4}E:\wot\wotlauncher.exe] => (Allow) E:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{36DB3EDA-DDCC-4A2E-A953-E7A05A952CF0}E:\wot\wotlauncher.exe] => (Allow) E:\wot\wotlauncher.exe
FirewallRules: [TCP Query User{D315D42A-9D68-402B-A329-C770EF7CDBD7}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [UDP Query User{E68C2A97-87BD-409D-ACD1-69B6934AC6A1}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [TCP Query User{91F83310-1F9E-416C-9A20-652A291AD187}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [UDP Query User{A0F65A9B-A9B4-42A3-BA18-C1360573CC24}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [{C8C0FE98-7849-4EEB-B91E-196D1549888C}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{4ACFB90C-5F79-4D98-AD1D-803538D0A127}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [TCP Query User{64D5200D-C8DF-42A2-BCC4-205BEDA45BF3}F:\the escapists 2\theescapists2.exe] => (Allow) F:\the escapists 2\theescapists2.exe
FirewallRules: [UDP Query User{E74A8D07-7CF0-450F-836A-974277C4BD9E}F:\the escapists 2\theescapists2.exe] => (Allow) F:\the escapists 2\theescapists2.exe
FirewallRules: [{4F8F6BE9-9801-460B-B038-75427C7BEBB8}] => (Block) F:\the escapists 2\theescapists2.exe
FirewallRules: [{96CCB1FA-19AA-43CE-B07C-5FABDF43E925}] => (Block) F:\the escapists 2\theescapists2.exe
FirewallRules: [{E120E880-AC4A-4225-BF40-9571D87AB67A}] => (Block) %ProgramFiles%\Mirillis\Action!\Action.exe
FirewallRules: [{8A885BAE-0CAB-4B0E-8B73-8139AC2BB043}] => (Block) %ProgramFiles%\Mirillis\Action!\action_launcher.exe
FirewallRules: [{956E5F4F-6B40-4F51-B9DD-1D941DD08705}] => (Block) %ProgramFiles%\Mirillis\Action!\action_logon.exe
FirewallRules: [{5C4D356D-2B6F-4D1F-B9CF-77CD1C88B1A7}] => (Block) %ProgramFiles%\Mirillis\Action!\action_svc.exe
FirewallRules: [{B54DDCC5-E095-4C68-AE38-57C8A8B2B342}] => (Block) %ProgramFiles%\Mirillis\Action!\ActionPlayer.exe
FirewallRules: [{24721B8E-998D-47C6-A763-1D33EB01A03E}] => (Block) %ProgramFiles%\Mirillis\Action!\Uninstall.exe
FirewallRules: [{763BB212-0C10-4514-97D7-484A70095BAD}] => (Block) %ProgramFiles%\Mirillis\Action!\upload_login.exe
FirewallRules: [{DD66E8D3-06AA-4410-8807-50EEC8B802E4}] => (Block) %ProgramFiles%\Mirillis\Action!\Action.exe
FirewallRules: [{7113932A-AE52-4146-8CE3-59A31FE37035}] => (Allow) F:\T.A.B.Z\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{F69AA1BE-B481-4885-81CC-0A0CF56B7BC0}] => (Allow) F:\T.A.B.Z\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{7F1EF68C-D07D-4CAA-A5D6-23728D95FE55}] => (Allow) F:\T.A.B.Z\steamapps\common\HOMEFRONT\Binaries\HOMEFRONT.exe
FirewallRules: [{4447D9D4-D15A-484D-B2AC-C301BA43230C}] => (Allow) F:\T.A.B.Z\steamapps\common\HOMEFRONT\Binaries\HOMEFRONT.exe
FirewallRules: [{E356393F-06B6-4F5F-A9A9-B7037039BC71}] => (Allow) F:\T.A.B.Z\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{7BA22188-C948-4E35-A961-2D5B527EC63C}] => (Allow) F:\T.A.B.Z\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{BE73BCF6-E5C3-4723-9AD8-18DD8E3FD2CE}F:\t.a.b.z\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) F:\t.a.b.z\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{2FBDE81C-F07F-4277-A214-9C3AEE33F05B}F:\t.a.b.z\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) F:\t.a.b.z\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{F4AE056C-F3B5-4A19-855F-FCAA43B14564}F:\openarena-0.8.1\openarena.exe] => (Allow) F:\openarena-0.8.1\openarena.exe
FirewallRules: [UDP Query User{343564CE-CD0F-406D-A540-6D6F7292F2FA}F:\openarena-0.8.1\openarena.exe] => (Allow) F:\openarena-0.8.1\openarena.exe
FirewallRules: [TCP Query User{D5A879D4-7A4A-443F-8C96-E52BA6335ED5}F:\openarena-0.8.1\oa_ded.exe] => (Block) F:\openarena-0.8.1\oa_ded.exe
FirewallRules: [UDP Query User{6A035642-1757-4442-AC63-0C320599CF2E}F:\openarena-0.8.1\oa_ded.exe] => (Block) F:\openarena-0.8.1\oa_ded.exe
FirewallRules: [TCP Query User{4B4A0AEB-BFB6-47D5-856B-CB79D0E73C3B}F:\openarena-0.8.1\openarena-deprecated.exe] => (Block) F:\openarena-0.8.1\openarena-deprecated.exe
FirewallRules: [UDP Query User{651253AB-4A66-4FB5-AA53-48BF53A9B80F}F:\openarena-0.8.1\openarena-deprecated.exe] => (Block) F:\openarena-0.8.1\openarena-deprecated.exe
FirewallRules: [{0E872545-426E-4189-B97D-B91C94853FA9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{84615023-3BD9-406C-8FCB-A64BAC3987F2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{AFA2761A-E0E9-4666-AB20-25719E69E88D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{67BB79DC-EDDD-45C9-82AC-809A0D374890}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6E6EEBBC-5581-45A3-ABF5-0E915310A6EC}] => (Allow) F:\T.A.B.Z\steamapps\common\Crash Time II\BurningWheels.exe
FirewallRules: [{0657D717-AD10-46B5-82DE-3EC400E34878}] => (Allow) F:\T.A.B.Z\steamapps\common\Crash Time II\BurningWheels.exe
FirewallRules: [{D2CE3A9B-EF16-407A-81BC-AB4B413334C8}] => (Allow) F:\Crash Time 4 - The Syndicate\CrashTime4Hi.exe
FirewallRules: [{0F55DBB0-FD01-4D17-82D1-529481ECC336}] => (Allow) F:\Crash Time 4 - The Syndicate\CrashTime4Hi.exe
FirewallRules: [{AAA5974F-FC77-4BB6-B272-50428A0FABAE}] => (Allow) F:\Crash Time 4 - The Syndicate\CrashTime4Low.exe
FirewallRules: [{E5342B1C-6F4B-49AC-90AD-624E9BCC5005}] => (Allow) F:\Crash Time 4 - The Syndicate\CrashTime4Low.exe
FirewallRules: [{68C37F97-4ABD-4EC7-886A-52D8DDA9720C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2DC6F63B-4060-48A5-A958-07023106AFB2}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3A8B0EB-256C-4174-93C0-FDFAC0B67127}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{28271578-4A9E-41C7-81AA-173020CF59A9}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Block) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [UDP Query User{D4EF19F0-678C-4BA9-AF16-B094DB045F7B}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Block) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [TCP Query User{4CB2DC8C-607A-4565-9249-85A570FC8873}F:\l.o.l\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) F:\l.o.l\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe
FirewallRules: [UDP Query User{83298266-77A9-4A21-9559-62F95882CA70}F:\l.o.l\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) F:\l.o.l\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2018 03:16:58 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/26/2018 03:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/25/2018 06:00:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QtWebEngineProcess.exe, version: 5.6.2.0, time stamp: 0x5ab2d70a
Faulting module name: ntdll.dll, version: 6.1.7601.24094, time stamp: 0x5abee039
Exception code: 0xc0000005
Fault offset: 0x0001fc1e
Faulting process id: 0x1fd8
Faulting application start time: 0x01d3dca610cd6f47
Faulting application path: C:\Users\Admin\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5cce0d02-4899-11e8-b3aa-001966914398

Error: (04/25/2018 03:45:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/25/2018 03:44:56 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/25/2018 03:13:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.643, time stamp: 0x5ab290dc
Faulting module name: ScanControllerImpl.dll, version: 3.0.0.818, time stamp: 0x5aac0db1
Exception code: 0xc0000005
Fault offset: 0x000cd447
Faulting process id: 0xdd4
Faulting application start time: 0x01d3dc8e43cfb6b0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Report Id: 11f96990-4882-11e8-bcb7-001966914398

Error: (04/25/2018 03:10:07 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/25/2018 03:09:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (04/26/2018 03:16:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Error: (04/26/2018 03:14:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobizen plugin service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/26/2018 03:14:09 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/25/2018 03:44:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Error: (04/25/2018 03:43:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobizen plugin service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/25/2018 03:43:25 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/25/2018 03:43:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:42:21 PM on ‎4/‎25/‎2018 was unexpected.

Error: (04/25/2018 03:42:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 3071.3 MB
Available physical RAM: 1596.54 MB
Total Virtual: 6138.88 MB
Available Virtual: 4074.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:29.88 GB) NTFS
Drive d: () (Fixed) (Total:19.53 GB) (Free:3.32 GB) NTFS
Drive e: () (Fixed) (Total:54.98 GB) (Free:33.65 GB) NTFS
Drive f: () (Fixed) (Total:368.1 GB) (Free:180.3 GB) NTFS

\\?\Volume{4276d153-b45a-11e3-bea5-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 001D001D)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 98CEF70C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Apr 26, 2018

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Devwa · Apr 27, 2018

You are a magician

Fix result of Farbar Recovery Scan Tool (x86) Version: 19.04.2018
Ran by Admin (27-04-2018 16:06:11) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
S2 Mobizen plugin; C:\Program Files\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
S3 XDva415; \??\C:\Windows\system32\XDva415.sys [X]
S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
S3 XDva424; \??\C:\Windows\system32\XDva424.sys [X]
S3 XDva425; \??\C:\Windows\system32\XDva425.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 XDva536; \??\C:\Windows\system32\XDva536.sys [X]
S3 XDva537; \??\C:\Windows\system32\XDva537.sys [X]
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\AAAMMYYY.exe
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\IIIUU666.exe
2015-07-01 15:23 - 2015-07-01 15:23 - 001169408 _____ (wj32) C:\Program Files\OOO00CCO.exe
2015-08-16 19:59 - 2015-08-16 19:59 - 001169408 _____ (wj32) C:\Program Files\SSS44GGS.exe
2015-07-20 16:48 - 2015-07-20 16:48 - 001169408 _____ (wj32) C:\Program Files\UUU66IIU.exe
2015-06-23 19:18 - 2015-06-23 19:18 - 001169408 _____ (wj32) C:\Program Files\YYAAMMYM.exe
2017-01-25 18:50 - 2017-02-26 17:35 - 000008192 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-10 12:19 - 2015-05-10 12:19 - 000000833 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2017-03-26 17:12 - 2017-03-26 17:21 - 000000552 _____ () C:\Users\Admin\AppData\Local\TroubleshooterConfig.json
2014-07-08 18:52 - 2014-07-08 18:52 - 000000000 _____ () C:\Users\Admin\AppData\Local\{82412A15-975A-419C-BAD0-F07D5FEE1225}
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde}\InprocServer32 -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{41F2ED58-C7A8-43D8-8F5A-E15229560913}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{1aad99ea-ee10-5c3a-8174-84c63a67adde}\InprocServer32 -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{41F2ED58-C7A8-43D8-8F5A-E15229560913}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Admin\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-51145358-2442092094-1609093457-1000_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File

*****************

"HKU\S-1-5-21-51145358-2442092094-1609093457-1000\Software\MozillaPlugins\anvisoft.com/AdblockPlugin" => removed successfully.
"C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll" => not found
FF Plugin HKU\S-1-5-21-51145358-2442092094-1609093457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04262018151827522: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File] => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\Mobizen plugin" => removed successfully.
Mobizen plugin => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\KProcessHacker2" => removed successfully.
KProcessHacker2 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully.
VGPU => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva409" => removed successfully.
XDva409 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva410" => removed successfully.
XDva410 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva415" => removed successfully.
XDva415 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva423" => removed successfully.
XDva423 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva424" => removed successfully.
XDva424 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva425" => removed successfully.
XDva425 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva511" => removed successfully.
XDva511 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva534" => removed successfully.
XDva534 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva535" => removed successfully.
XDva535 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva536" => removed successfully.
XDva536 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XDva537" => removed successfully.
XDva537 => service removed successfully.

Devwa · Apr 27, 2018

Oh come on! Please tell me your secret... Half of it is "spam"

You know what I do now: https://pastebin.com/sCtTTRaZ

Solved Windows has encountered a critical problem and will restart. (different type)

Posts: 19 +1

Posts: 56,041 +516

Posts: 19 +1

Posts: 19 +1

Posts: 19 +1

Posts: 19 +1

Posts: 56,041 +516

Posts: 19 +1

Posts: 19 +1

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 19 +1

Posts: 56,041 +516

Posts: 19 +1

Posts: 56,041 +516

Posts: 19 +1

Posts: 19 +1

Posts: 19 +1

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Attachments

Posts: 19 +1

Posts: 19 +1

Similar threads