Inactive Help with cleaning my laptop

[DeathPackage]

Is this the correct way?

 

[DeathPackage]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Ahmed (14-12-2017 22:23:13)
Running from C:\Users\Ahmed\Desktop
Windows 10 Home Version 1607 14393.1944 (X64) (2016-10-04 00:40:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1289880606-1661032012-1105384326-500 - Administrator - Disabled)
Ahmed (S-1-5-21-1289880606-1661032012-1105384326-1001 - Administrator - Enabled) => C:\Users\Ahmed
DefaultAccount (S-1-5-21-1289880606-1661032012-1105384326-503 - Limited - Disabled)
Guest (S-1-5-21-1289880606-1661032012-1105384326-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1289880606-1661032012-1105384326-1004 - Limited - Enabled)
_ashbackuppb_ (S-1-5-21-1289880606-1661032012-1105384326-1002 - Administrator - Enabled) => C:\Users\_ashbackuppb_

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AlphaGo (HKLM-x32\...\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71}) (Version: 1.1.0 - Default Company Name) <==== ATTENTION
AlphaGo (HKLM-x32\...\{B20B3A3C-91E3-4326-8A0F-B3C012574F8C}) (Version: 1.1.2 - Default Company Name) <==== ATTENTION
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.6.5 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Attack on Titan Wings of Freedom (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0133}) (Version: 6.0 - Black Box)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.85 - ICEpower a/s)
Auto Clicker v6.1 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 6.1 - MurGee.com)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Champions of Anteria (HKLM-x32\...\{E5202C55-A9C9-4D20-A371-A3F1CE47B6C0}_is1) (Version: - Ubisoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Danganronpa: Trigger Happy Havoc (HKLM\...\ZGFuZ2Fucm9ucGF0cmlnZ2VyaGFwcHloYXZvYw_is1) (Version: 1 - )
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Duolingo (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Duolingo) (Version: - Duolingo)
Duolingo (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Duolingo) (Version: - Duolingo)
eBay (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\eBay) (Version: - eBay Inc.)
Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-396B02139A39}) (Version: 1.8.6429.23271 - Facebook)
Fish Tycoon 1.6.2 (HKLM-x32\...\Fish Tycoon) (Version: 1.6.2 - Last Day of Work)
Foxit PhantomPDF (HKLM-x32\...\{E40149BB-552F-44C8-A10F-4188ADC5AD70}) (Version: 7.0.510.429 - Foxit Software Inc.)
GameFirst IV (HKLM-x32\...\{2B5BE4E7-3E40-4BC4-A534-5342E3078F89}) (Version: 1.5.12 - ASUS) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.12) (Version: 1.5.12 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hideman 3.3.0.0 (HKLM\...\Hideman) (Version: 3.3.0.0 - )
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Innkeeper (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Innkeeper) (Version: 0.4.19 - Curse Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000080-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.80.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version: - KOPLAYER Team)
League client alpha (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League client alpha (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 ProPlus - ar-sa (HKLM\...\O365ProPlusRetail - ar-sa) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.01.03 - Huawei Technologies Co.,Ltd)
Momodora - Reverie Under the Moonlight (HKLM-x32\...\1079762750_is1) (Version: 2.0.0.2 - GOG.com)
NieR Automata Day One Edition MULTi6 - ElAmigos version 1.0 u1 (HKLM-x32\...\{8C4E4C7A-CD50-487A-B5D9-A77F98C77185}_is1) (Version: 1.0 u1 - Square Enix)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0401-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{a6f04aed-fd84-4842-82bc-b8b413bf7f5e}) (Version: latest - ppy Pty Ltd)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.35 - ASUS)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Regalia Of Men and Monarchs (HKLM-x32\...\Regalia Of Men and Monarchs_is1) (Version: - )
RiME (HKLM-x32\...\RiME_is1) (Version: - )
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.27 - ASUSTeK Computer Inc.)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.1 - ASUS)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.49.26236 - LULU Software Limited)
Soda PDF 8 View Module (HKLM\...\{7AC76539-1A1C-4B1C-AA15-8265BD60B353}) (Version: 8.1.3.27559 - LULU Software Limited) Hidden
Spotify (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tahira: Echoes of the Astral Empire (HKLM\...\dGFoaXJhZWNob2Vzb2Z0aGVhc3RyYWxlbXBpcmU_is1) (Version: 1 - )
Tanki Online version 1.0 (HKLM-x32\...\{F3FB53B4-47A2-4C94-B5CC-D430234912E6}_is1) (Version: 1.0 - AlternativaGame Ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
TED (HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\TED) (Version: - TED Conferences, LLC)
TED (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\TED) (Version: - TED Conferences, LLC)
Undertale (gog-2) (HKLM-x32\...\1456487183_is1) (Version: 0.1.1.295 - GOG.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Vine (HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Vine) (Version: - Vine Labs, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.9.564 - ASUS Cloud Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/06/2015 8.0.0.23) (HKLM\...\DA2E0A005E6CD7900733D89DA6D9F31585E338DF) (Version: 10/06/2015 8.0.0.23 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{0E12BEC0-F2EE-43FA-AEA0-24B5E9F80167}) (Version: 2.5.1507.3011 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001_Classes\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B}\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-14] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-02-21] ()
ContextMenuHandlers1-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => -> No File
ContextMenuHandlers1-x32: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => -> No File
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-14] (AVAST Software)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-05-01] (Foxit Software Inc.)
ContextMenuHandlers1-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-14] (AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Ahmed\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4-x32: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-08] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => -> No File
ContextMenuHandlers6-x32: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => -> No File
ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-14] (AVAST Software)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6-x32: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08EB5848-6BF5-4A64-899F-1D60EFC11D15} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {0C4AAC50-2164-446F-BC9A-DE403CE9E9D2} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {0FECB4DC-9EC1-46D7-87CA-8D34258937D4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-14] (AVAST Software)
Task: {1017DCE4-BA42-4856-B693-B36DD578E57E} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {12855CA4-7596-4D0B-8BC7-F1897D411B12} - \Qihesclzty Schedule -> No File <==== ATTENTION
Task: {1EEAA649-442A-40F9-8723-DB576DF20EBA} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-09-18] (ASUSTek Computer Inc)
Task: {261E39B2-5B77-4283-B389-865D11F35758} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {29DF6B67-364C-4F36-B77B-4369AA1EC9B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {2BBD3DCB-55C0-4E32-BBF3-5FE4F2C34601} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-11-23] (Advanced Micro Devices, Inc.)
Task: {2F6AB014-8BC1-4A75-B82F-B9FEB1F38EF6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {39292901-2DD1-4507-9308-DD171BF25631} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {472D828D-C406-41E0-8966-8ED4DD331BE4} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {489C705C-D7E9-4DDE-8DDA-8FBA3D4A8BE8} - System32\Tasks\{ECC64930-484C-4DA8-8965-BF699CF5F953} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.31.0.104/en/abandoninstall?page=tsProgressBar
Task: {4B6000BC-4199-4A9A-A2FC-63FF4F12F84C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {507FF827-0694-48EE-8122-BA39C7A8C11F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {5192F6D2-D8E5-4467-BF9A-5C3C0DE51723} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {57197FD3-0B5C-44A3-8B2A-56680FE23B1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-01] (Microsoft Corporation)
Task: {599942EF-149B-4F0C-B0EE-7F4E52F837EB} - System32\Tasks\{AF38E88B-4F48-483B-9D85-A98F37A0BE4F} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
Task: {6B245F8F-E747-470A-9E63-466FC44C767B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6C6A3DCF-E5CA-4EAB-9C8E-41D67ED293EF} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {6E9D5546-D7A6-4455-8FF5-F0287F21C770} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-01] (Microsoft Corporation)
Task: {6EC5E952-07BA-43F3-8A92-002B4A2FD460} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-01] (Microsoft Corporation)
Task: {7B860BD1-6D30-4F99-A8BC-92802E2D1D67} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {7D861A5F-F1E5-49B2-A138-10D93BD81A31} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {7F6D212F-B774-47CA-948C-B4B521403B05} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {8BE9EECD-A0A2-45D0-A53A-B0F6064BEB15} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {8D9C609F-902B-4269-B907-249B18E7144F} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
Task: {9B2F7D27-06FB-4FA7-994D-0DB0AC3B926D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {9FB587D7-13C3-47B6-B4EC-0B073B4BD560} - System32\Tasks\{DFEF9D49-156B-42DA-99E2-730606AA910A} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
Task: {A4D72B03-32B7-4168-AA5F-0FD5468417FD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {A888694F-A96F-4708-87B6-AEFF2D2873D2} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2015-08-13] (ASUSTek Computer Inc.)
Task: {B0DC3178-7FDB-48D5-B2BD-C31AA87624FE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {B4D8A756-4DDC-4595-A46A-2E1677C80579} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {C1D8D332-5A92-464D-8815-7D517B2CE423} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {C3C23934-3A5E-4B4D-96A5-37F3CBDD8716} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-14] (AVAST Software)
Task: {C626187E-5F10-42CF-9037-3A0B3179CBA8} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {C64B0BFF-E045-4D0C-9BAF-3B3BF7418561} - \Clequcertain -> No File <==== ATTENTION
Task: {DA387BF9-7F67-4227-B184-E0AB25CFEC56} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-15] (ASUSTek Computer Inc.)
Task: {DC308D05-2499-49CC-8A79-572319E442D7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {DDC02361-3289-416D-A7D0-283845FF5FEB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {E37E61FA-B7AA-4FC0-B08E-ECB7034F93D1} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-10-22] (AsusTek)
Task: {F1262B7F-CE0E-4F40-836C-C83717F265E1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {F26DB6A8-235A-4398-A25E-90A06991C3CD} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {F52CF11A-C516-458A-969D-F2AED8E8CE80} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aa00b40640d81196\Ahmed - Chrome.lnk -> C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aa00b40640d81196 ()
Shortcut: C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Ahmed - Chrome.lnk -> C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3 ()
Shortcut: C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Ahmed - Chrome.lnk -> C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9 ()
Shortcut: C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2572d0ef8585eb3c\Ahmed - Chrome.lnk -> C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2572d0ef8585eb3c ()
Shortcut: C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1e9dbac0bb94874\Ahmed - Chrome.lnk -> C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1e9dbac0bb94874 ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-12-13 20:53 - 2017-09-07 08:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-11 11:18 - 2017-06-21 09:07 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 11:53 - 2016-09-24 11:53 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2015-05-19 19:11 - 2015-05-19 19:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-02-19 19:07 - 2015-09-23 04:24 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-06-28 14:10 - 2017-03-07 18:15 - 000824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-06-28 14:10 - 2017-03-07 18:18 - 001981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-06-28 14:10 - 2017-03-07 18:10 - 000248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-06-28 14:10 - 2017-03-07 18:09 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-06-28 14:10 - 2017-03-07 18:10 - 000175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-06-28 14:10 - 2017-03-07 18:09 - 000204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-06-28 14:10 - 2017-03-07 18:08 - 000337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-06-28 14:10 - 2017-03-07 18:05 - 000148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-06-28 14:10 - 2017-03-07 18:05 - 000178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll
2017-06-28 14:10 - 2017-03-07 18:10 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-06-28 14:10 - 2017-03-07 18:06 - 000229648 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-06-28 14:10 - 2017-03-07 18:07 - 000225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-06-28 14:10 - 2017-03-07 18:05 - 000212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-06-28 14:10 - 2017-03-07 18:07 - 000220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-10-12 13:09 - 2017-10-04 12:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000032072 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupService-abpb.exe
2016-07-14 17:22 - 2016-03-24 08:56 - 000119112 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupServiceLib.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 012080968 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupCore.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000174408 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\deemon.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000573768 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\twirl.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 006344520 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\ox.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000388424 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\tomb.dll
2016-07-14 17:22 - 2016-03-02 10:58 - 000081920 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\zdll.dll
2016-07-14 17:22 - 2016-03-02 10:59 - 001403904 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\webdave.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000388424 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\crumb.dll
2016-07-14 17:22 - 2016-03-02 10:59 - 000324096 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\party.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000589640 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\veem.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000068936 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\minizutil.dll
2016-07-14 17:22 - 2016-03-02 10:59 - 000220672 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\jsoncpp.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000061768 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\lzmaUtil.dll
2016-07-14 17:22 - 2016-03-02 10:58 - 000091648 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\ziputil.dll
2016-07-14 17:22 - 2016-03-02 10:58 - 000022528 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\zlibutil.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000231752 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\netutil.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000163144 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\scoolite.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000031560 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\lz4util.dll
2016-07-14 17:22 - 2016-03-02 10:59 - 000049664 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\lzma.dll
2016-07-14 17:22 - 2016-03-02 10:58 - 000107008 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\minizip.dll
2016-07-14 17:22 - 2016-03-02 10:59 - 000626688 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\sqlite.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000049480 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\lz4.dll
2016-07-14 17:22 - 2016-03-24 08:56 - 000067912 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\oxHelper.exe
2016-10-04 13:26 - 2016-10-04 13:26 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-24 16:15 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-24 16:16 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-24 16:16 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-24 16:17 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-13 20:53 - 2017-11-30 09:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-13 20:53 - 2017-11-30 09:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-12-14 14:18 - 2017-12-14 14:20 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-14 14:18 - 2017-12-14 14:20 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-14 14:18 - 2017-12-14 14:20 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-14 14:18 - 2017-12-14 14:20 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-14 14:18 - 2017-12-14 14:19 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 000361984 _____ () C:\WINDOWS\SYSTEM32\HrtfApo.dll
2017-06-28 14:10 - 2017-03-07 18:13 - 000747792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-06-28 14:10 - 2017-03-07 18:11 - 000238864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-06-28 14:10 - 2017-03-07 18:08 - 000218384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-12-07 09:23 - 2017-12-06 06:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-07 09:23 - 2017-12-06 06:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-06-11 10:50 - 2017-06-21 09:07 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-18 09:15 - 2017-09-18 09:15 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2015-08-25 08:40 - 2015-08-25 08:40 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 08:40 - 2015-08-25 08:40 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-09-18 09:15 - 2017-09-18 09:15 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-09-18 09:15 - 2017-09-18 09:15 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2017-09-18 09:15 - 2017-09-18 09:15 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-09-18 09:15 - 2017-09-18 09:15 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
2017-06-11 11:18 - 2017-06-21 09:06 - 066837112 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-07-22 10:18 - 2015-07-22 10:18 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-12-14 22:20 - 2017-12-14 22:20 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-14 22:20 - 2017-12-14 22:20 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-07 21:30 - 2017-07-07 21:30 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-14 22:20 - 2017-12-14 22:20 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-12-14 22:20 - 2017-12-14 22:20 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-14 22:20 - 2017-12-14 22:20 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\sharepoint.com -> hxxps://engjustedu-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\sharepoint.com -> hxxps://engjustedu-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-02-13 17:46 - 000001261 ____R C:\WINDOWS\system32\Drivers\etc\hosts

128.199.121.125 skadp.com
128.199.121.125 onhax.net
127.0.0.2 www.onhax.net
128.199.121.125 do2dear.net
128.199.121.125 cloudanna.com
128.199.121.125 www.fullstuff.net
128.199.121.125 www.masterkreatif.com
128.199.121.125 keyscity.net
128.199.121.125 piratecity.net

 

[DeathPackage]

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\Control Panel\Desktop\\Wallpaper -> D:\Ahmed\Anime\BLEACH.full.399355.jpg
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Ashampoo Backup PB"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "Mal Updater 2"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "Exetender"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "background_fault"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\StartupApproved\Run: => "Mal Updater 2"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{C940E1E6-7172-4BF0-A6B5-1E11C930E4A6}D:\battle.net\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{809D83C6-BDC1-49E4-AA7F-A2448430E60E}D:\battle.net\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{58AA69C7-B186-4C4B-AE1D-502D365FB0F6}D:\battle.net\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0CDFAA8D-952D-476B-8C42-4F4E88B4F88C}D:\battle.net\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DC69C2D1-A398-492E-9FC5-DB15A366FC23}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{AF96D2F0-15EF-482A-A19F-98C81BD3DFFB}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{2C31E3ED-986E-401D-A1E6-779EB14AC7A4}D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Block) D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{63C54C53-047A-4714-B141-F54678A52DAE}D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Block) D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0A1A2910-1050-4D5B-8069-534EC247EAE0}D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{645DBDA7-93FD-411D-A6FB-D3C32BDAC41D}D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{31668EF9-0BBE-4B1B-8147-52161B269F19}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{9BF93E8E-87A9-4B28-871C-B589827DBEB0}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [UDP Query User{492D5573-CC42-4D47-9C1B-61A58CCFBD6A}D:\ahmed\documents\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\ahmed\documents\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BB872232-0FC8-4A1B-B0C5-2971A9938B46}D:\ahmed\documents\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\ahmed\documents\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{EBB3F8F5-4591-4261-9DED-AA7544CCC704}] => (Allow) D:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{4F3DAC70-2D03-4CAF-AB89-171FAEC9CF8E}] => (Allow) D:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{9AAC2FB4-AE82-430E-876C-88E498999B90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ACBF0DEB-1456-45F5-B3B5-9A7201DAAFE3}] => (Allow) D:\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{1F46C701-ACB9-4397-BCE0-71177C09E28C}] => (Allow) D:\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{BB40308A-3720-4CB5-B4C7-ABAFF2B4DFB1}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{703C682B-95E6-4A81-B054-52533808585E}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{B777AD6C-283E-4593-9139-F3BA282D166F}] => (Allow) D:\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{B42B271F-3B79-4866-8D89-F366B65FDBE9}] => (Allow) D:\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{0CF29D36-1BBB-4999-A104-A124C8A36CFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B13C66A5-DEDF-49B4-8E15-C0AB9BBE579B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4C7AE980-411B-40D0-97BC-B8120B31A06C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{40972B54-CD94-4758-86E6-EB8D3EC5F1A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{042DA2BB-E8AD-4A5F-916F-295F4E6C30A7}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F0838AAB-E131-43E4-858E-6B9E2A8E57CE}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{07EDF2FC-8C55-43A7-8AF9-2FC9A8A3F23E}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3E846BC8-E363-433A-896D-C30F0CD8BF38}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{2755866C-6C58-47D4-83B7-28ECF3F4DF8A}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{C703B310-D019-4CAE-9277-81D3118E84E1}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{7730E9F5-F29E-4FB2-BA32-3D5416B4E407}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{D297341C-CE3E-492E-AD0F-6A2AEA52D064}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{536A66A5-530C-4F4D-923D-41CBBB4DEB96}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{CA5ADF77-D9F8-465C-AA64-304349509EF8}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{50577781-A845-4013-8911-E7CDB6B2456E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{7BDFDC3D-4BBF-4A5C-9510-56C7D166EE00}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{E1E80B8A-98BC-4ACC-8760-B167364770D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94D9E82D-7821-4A8E-9D58-0DCE0A7B24D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7402862F-943A-40F2-889B-6B5E5C4A1D4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC7399FA-4288-4C6B-AEEB-06C2BD8423F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [TCP Query User{6BC56F21-436C-4D00-A62A-2FA627762232}D:\battle.net\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BF53DAB8-8EA1-4EEE-A136-10028852C5E6}D:\battle.net\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{F168A4EC-5CC3-401D-BFBF-DBB34647C847}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{4BF2123D-48DF-469D-AF3A-7F7FBC4CB2C2}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{DF4B66C7-C9E9-46DF-92FA-415CC0A26934}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{F16A2EB8-B3BD-4694-8C7E-8C36DB1FC8D6}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{EA08A06A-C82F-4B48-B2CA-9BF3E0499EAC}] => (Allow) D:\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{CCA08C12-7E19-4535-9DD6-1746D8F89D22}] => (Allow) D:\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{8F35259E-2B85-4B0A-8DE1-586B1854B372}] => (Allow) D:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{9EA3A193-D404-4646-8774-C6F714EFA747}] => (Allow) D:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{3E6A57C8-7AAA-4AAF-A9BE-AE437354F16C}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{33452384-D61C-46CE-BBEC-AFA3B6A50777}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{FF9997F5-6830-437D-8FA6-4176F0E36A13}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{847FBA48-660C-4EF5-B822-04FE4DA2DD84}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{4066DCFA-C8C0-465B-BF4F-AA9B3BDE02D1}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E558EDF7-8129-4149-AA30-DC5869622FCB}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{0AD5B8B1-FABC-4104-9D89-64FFF18F44EA}D:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) D:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{424E7DE7-7593-4465-B004-69329F46B428}D:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) D:\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{D1817CC1-2539-4CB5-814B-8009BAF44F00}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BDA63669-EFE9-4F9A-B293-1FC8AFAA1AD4}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{FF5FAB09-9064-4786-BAA5-C3D606A7B885}] => (Allow) D:\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{AE45BA3F-B5E8-4768-80EB-3B07A20894B7}] => (Allow) D:\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{0A80AE46-CFDE-4646-8D0F-29118700FAA8}D:\steam\steamapps\common\awesomenauts\awesomenautsnewmatchmaking.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenautsnewmatchmaking.exe
FirewallRules: [UDP Query User{ED9AB23A-AC0C-4395-AEEA-DCB4A15C2002}D:\steam\steamapps\common\awesomenauts\awesomenautsnewmatchmaking.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenautsnewmatchmaking.exe
FirewallRules: [TCP Query User{78261745-502E-4DD9-B090-3454847F10E9}D:\battle.net\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{89C19D79-1D24-40C8-AD10-0CD6BF2D362C}D:\battle.net\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F2B5FBB7-9302-40C2-B8E4-A86FEC35EF97}D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CDDB2F9A-C303-4303-86E2-F1523533A59C}D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{1861A31F-72BF-49AE-80E7-8BE087348056}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{091751B7-66DA-4ADC-872C-8107FE748C23}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{8D4BA9C2-5EF0-4018-9F2D-8BDED74676FC}D:\battle.net\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{213CD87E-EA77-489F-894C-6E960F942D6B}D:\battle.net\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AF759FB3-D0CD-47D0-A4FA-35E86D5A0D63}D:\battle.net\starcraft ii\versions\base48645\sc2_x64.exe] => (Block) D:\battle.net\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [UDP Query User{C2AA8A0F-4FBC-40BF-988D-649ABD35A35F}D:\battle.net\starcraft ii\versions\base48645\sc2_x64.exe] => (Block) D:\battle.net\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [TCP Query User{EFD6852D-F065-4311-8F71-08989F2DE3E1}D:\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => (Allow) D:\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
FirewallRules: [UDP Query User{9C193D39-7EAA-494B-AFAD-F9247A0C8C13}D:\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe] => (Allow) D:\steam\steamapps\common\siryouarebeinghunted\x64\multiplayer\sir.exe
FirewallRules: [{B7395A8A-4517-4835-BACA-0373C64E47AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{750FE248-EF22-46E3-B4ED-243183768F4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BD05E3E2-433F-4E75-96EE-18789010C506}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{596089AE-F1DE-4A67-99F6-F0F4C71CDE2F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CEF67795-B458-42FB-9604-EC871B64408B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8D69DF39-BE3E-4960-AA57-DBB0256521C7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{1B01ADD6-68B1-46C8-9E55-9F60DAF83EA2}D:\battle.net\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{174D76B2-5B37-4FB9-9DF0-58AB19D55EB7}D:\battle.net\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{21C0DE3E-EB30-41E0-A402-62ABCABD863C}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{02DFFAF5-D7F6-4CBC-82EB-72586C15A07E}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{68CFD107-70CF-48AC-9FCB-BA6324918335}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{6B4183AB-96B7-48CB-83BC-2157AF6F672B}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{28C4CA8F-DBF8-4390-937E-547B9EEF3A69}] => (Block) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{C9DA21BF-E2D9-4E6C-8ED8-EB58EBBB8BC0}] => (Block) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{6B4290C0-AC99-4272-9FF9-51C6A4C3A576}] => (Allow) D:\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{019646DF-432E-4C34-A845-8BB36F39017C}] => (Allow) D:\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{35D46C49-3276-424C-9471-CC6EB4769FAD}] => (Allow) D:\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{955BBF3F-77DC-47FA-874E-6C3FA67D6A84}] => (Allow) D:\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D4D44921-ACC8-4049-AD92-C6959DDD3E2A}] => (Allow) D:\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{6EEFB715-CC25-4AD2-B3DF-A8F3025CD3F2}] => (Allow) D:\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [TCP Query User{B79F634C-5C4B-42D6-8F2F-DF6DC84FE711}D:\ahmed\anime\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\ahmed\anime\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{548E7DC5-BB4B-41E8-B24F-1613EC6CE17D}D:\ahmed\anime\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\ahmed\anime\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{0730C51F-D4DD-421C-BC41-7FD9DC018D8B}D:\battle.net\battle.net.8293\battle.net.exe] => (Allow) D:\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{DCEDACD4-F13B-4AAD-817D-CB073A10B41F}D:\battle.net\battle.net.8293\battle.net.exe] => (Allow) D:\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [TCP Query User{5F2E0143-A887-4C66-A563-8D7E5A650A3C}D:\battle.net\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1ECAA966-4FA7-452A-A73A-01C5CFA8FD97}D:\battle.net\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C8FDAC9D-D2DD-438B-9402-6213D12A2FFF}D:\ahmed\games\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\ahmed\games\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{F83F0277-9801-47A0-94A7-F3D47C6DFE0F}D:\ahmed\games\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\ahmed\games\xcom_2\steamapps\depotcache\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{3FA1FE36-F009-4A31-99D0-4AA0FE8C8B7C}] => (Allow) D:\Riot Games\League of Legends\LeagueClient.exe
FirewallRules: [{031D237F-DE07-49BB-B41D-EF5BDF06F392}] => (Allow) D:\Riot Games\League of Legends\LeagueClient.exe
FirewallRules: [{ABC99795-A64F-4289-8AAC-E6797EABC655}] => (Allow) D:\Riot Games\League of Legends\LeagueClient.exe
FirewallRules: [{D7156847-9482-42AA-A102-F54BCC9F4947}] => (Allow) D:\Riot Games\League of Legends\LeagueClient.exe
FirewallRules: [{EC350003-D0AB-4611-8702-2A413A6EC54B}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{3C4D910F-1591-4BE2-B1AC-46901E95F516}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{BA49F421-4F51-4935-AD14-6BA0FCF8D9BB}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{6008C562-9875-4068-8A36-7B95284E8A10}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{16B693E0-54CC-42E8-86CA-F241DEAF080B}] => (Allow) D:\Program Files (x86)\Tanki Online\Tanki Online.exe
FirewallRules: [{B1455E1E-3BCD-4B78-9C29-CC48F4AB0028}] => (Allow) D:\Program Files (x86)\Tanki Online\Tanki Online.exe
FirewallRules: [{0FD63204-87A5-4286-9584-CBC4945B48B0}] => (Allow) D:\Program Files (x86)\Tanki Online\Tanki Online.exe
FirewallRules: [{4AB52983-7235-45C2-824A-03885956F6C6}] => (Allow) D:\Program Files (x86)\Tanki Online\Tanki Online.exe
FirewallRules: [{44F78480-B7DC-486B-9C19-D383DDBB4E3A}] => (Allow) D:\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{9DCD83AF-D682-4185-82EE-6EB056E6C0D1}] => (Allow) D:\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{D0C409AC-240D-4727-B7D5-791C8D427F94}] => (Allow) D:\Steam\steamapps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{1DCF6B67-AF6A-4B8C-8527-95BD69C456D6}] => (Allow) D:\Steam\steamapps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{B29976A8-B030-4CC9-B925-F3063618A013}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{BAE76D5B-D093-4368-9C37-87C8E57D8820}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{6A6D77E6-4CCD-4E0B-B877-E6EE058AA578}D:\battle.net\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E6F68663-9BD9-4117-B60E-5C0D155C1E8C}D:\battle.net\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{5E6C3737-472F-4DA7-892A-3A99E76EC1C3}] => (Allow) D:\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{92D9A466-BF6A-4702-8C54-B2A51C6BDE12}] => (Allow) D:\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{CE63D7DD-209E-4B0C-AD31-273621FC32A5}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{A6016C60-B99B-4B7B-B9C9-697567F1B7EE}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{75905670-761B-4EFA-B029-EF1557CB302E}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [TCP Query User{0CBFF626-5D68-47B9-B265-36E451DD496A}D:\battle.net\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [UDP Query User{092CA7D5-DC85-49B0-BE83-3DA482A39972}D:\battle.net\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [TCP Query User{6DDEE332-26EF-4180-B2AE-AE914487DF62}D:\battle.net\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BCB98B17-C783-4CD8-9D07-522A499D885E}D:\battle.net\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{EC11B53B-5F9A-4A6D-8DF7-D374A81677E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{89AE07E6-2B44-494B-9551-AEE2775C17A4}D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{19E07CBB-2589-421A-9E5C-58E804B7FB9D}D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6459645C-0161-4EEE-BD7E-59D78833CE65}D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{231530D9-5F88-4726-BF5C-C6D9D0E8DDF2}D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{6FA6ABD3-D2D7-43C5-94FC-CD0831CC9D4C}] => (Allow) D:\Steam\steamapps\common\SPAZ2\SPAZ2_64.exe
FirewallRules: [{ED304A19-8E38-40AC-9B60-301C3501E381}] => (Allow) D:\Steam\steamapps\common\SPAZ2\SPAZ2_64.exe
FirewallRules: [TCP Query User{F26986FC-3563-4300-A393-AD637AF7B580}D:\battle.net\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2F31DD46-CEB8-41F8-A0E3-5BBFD9E96DF4}D:\battle.net\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E6A66BD9-2D8F-4753-9E92-D47E137C9475}D:\battle.net\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base54518\sc2_x64.exe
FirewallRules: [UDP Query User{733B4186-A14C-4FFA-BF5C-CA07D5FE915E}D:\battle.net\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base54518\sc2_x64.exe
FirewallRules: [{D720CEE8-DA8B-441C-AC86-3EDE20C9C45B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{76E5667A-DD6A-4293-A167-7C2896C3FFAB}D:\games\rime\sirengame\binaries\win64\rime.exe] => (Allow) D:\games\rime\sirengame\binaries\win64\rime.exe
FirewallRules: [UDP Query User{0B4D2432-A48D-4CC7-9524-2E0227A60E68}D:\games\rime\sirengame\binaries\win64\rime.exe] => (Allow) D:\games\rime\sirengame\binaries\win64\rime.exe
FirewallRules: [{91B417DD-CA1D-48F5-BBA7-0F317B443376}] => (Allow) D:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{AE67565A-2FAE-467C-914D-C761473B18B7}] => (Allow) D:\Steam\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{BCC18A18-FEDE-4160-8EE6-0F331A43F61A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{660BDC98-D381-4D65-A014-3FB671F91CBF}D:\battle.net\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{67F7005D-03F5-4799-8937-C47101C73448}D:\battle.net\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [{25F0C224-AFE2-45BF-B652-45DF8903B397}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{F223211A-DE8C-4F7A-B871-4CBEC4B6DA3C}] => (Allow) D:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{F5146F34-3B5E-401E-B2B1-198887042BCD}] => (Allow) D:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{E0CB62E5-FD6A-4EF2-81C1-6D76E437488F}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{8B42DE71-9CA1-4A80-BBC3-4E8E20CEBF12}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{C5D2A819-AEB7-453D-82F9-7A72EE6198C5}] => (Allow) D:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{445E89CA-41D1-457B-B3CF-88843A4E612C}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{99592016-8CBD-4B16-B882-E756DF60D985}] => (Allow) D:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{1F536411-F6C1-4263-AFA0-C47B68661D8F}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{086CB83C-F797-4E5C-BC4C-800D8D0A55F1}] => (Allow) D:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{057BE3D2-1DC7-425B-8992-5E95F9D6FCA4}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{94AAA004-4603-4BF3-B034-963B3C8EB58F}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{D14DCA0C-427E-4E3B-A570-30B2EDE7C00C}] => (Allow) D:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{13B38A17-2E99-4B23-8794-099D520CA28B}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{C8FF16C7-DBFD-4575-8AE2-2B65EA37322F}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{FFB7A842-B86F-4F17-AAA2-ED2434AAED1A}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{F904ED1F-66F3-4584-BBE8-5EF82FE06BAF}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{267A96BF-D2B7-420B-BC35-510EDA47E7C4}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A939F549-870A-4A01-A82D-6AF1CEA8D5AF}] => (Allow) D:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{8E4668AA-E787-4FB6-B65F-7CF32268FD76}] => (Allow) D:\KOPLAYER\KOPLAYER.exe
FirewallRules: [TCP Query User{109D12F1-5E9F-4405-ACF4-5751C6D6412D}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{250E32EB-E6CA-4564-89A3-FB7D29D96172}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{08F9BD91-B134-403C-ADE4-1CF978CB1B82}D:\battle.net\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8B8E1A38-EC0A-4A6A-A960-4723A4E2C2B5}D:\battle.net\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{99B8644B-EF6F-4690-9BD3-EF100628AD86}D:\battle.net\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AE486224-DB9B-48FC-8B1C-AA727FF89D59}D:\battle.net\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [{26E3DEFF-6F2A-41ED-B408-C98AAC4AB685}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{8AB96569-C5DB-480E-A495-22465C2AF648}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7EB8F4B4-AEC9-433A-BF91-9C1A50F23838}] => (Allow) D:\Steam\steamapps\common\Realm Grinder\RealmGrinderDesktop.exe
FirewallRules: [{2EF9FE98-7C5B-4D5C-B449-EBA926A790DF}] => (Allow) D:\Steam\steamapps\common\Realm Grinder\RealmGrinderDesktop.exe
FirewallRules: [{B6D2A222-C165-406D-812B-F146051DA565}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe
FirewallRules: [{5069E71F-38D1-4F19-928F-77F4805CBACF}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe
FirewallRules: [TCP Query User{E5ABBCD6-98D0-4BFE-83DB-EB3137A68EA1}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9F9F4321-E765-43EB-9652-0A08D3FD128F}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe
FirewallRules: [TCP Query User{3F741812-D944-4BAA-ADCC-C694EF5F6480}D:\battle.net\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F96D6C3E-42CF-4DD5-81D9-C33C1E1A63E8}D:\battle.net\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [{D524C295-4E0E-40DB-8AAB-CCEE5FF610C3}] => (Allow) D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{ED104537-4549-4C0D-90AA-83EF18721A4C}] => (Allow) D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{B9CB5633-FE7C-4BE7-8AE2-22208179C8D5}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{204363A2-4315-4C51-9CE8-F2C101D00A10}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{85A06AFA-32BA-42B4-B1B4-19025FA06691}] => (Allow) D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{60312982-9778-47C4-ABDE-2E143042092E}] => (Allow) D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{65BDBA6E-B373-441E-BFF8-3035B921B78B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-12-2017 08:59:38 Scheduled Checkpoint
13-12-2017 17:32:04 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2017 10:21:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/14/2017 10:06:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2017 10:06:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app 55591DelaireDamien.8SoundCloud_823pgb98jhb94!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2017 10:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xccc
Faulting application start time: 0x01d374ceb51dbb4c
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 79e30db1-ed57-4b5b-8d1c-3095d0a5ecd5
Faulting package full name:
Faulting package-relative application ID:

Error: (12/14/2017 09:43:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app 55591DelaireDamien.8SoundCloud_823pgb98jhb94!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2017 09:13:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app 55591DelaireDamien.8SoundCloud_823pgb98jhb94!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2017 08:43:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app 55591DelaireDamien.8SoundCloud_823pgb98jhb94!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2017 08:13:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app 55591DelaireDamien.8SoundCloud_823pgb98jhb94!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2017 08:10:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/14/2017 07:43:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AHMED-LAPTOP)
Description: Activation of app 55591DelaireDamien.8SoundCloud_823pgb98jhb94!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/14/2017 10:06:45 PM) (Source: DCOM) (EventID: 10016) (User: AHMED-LAPTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user AHMED-LAPTOP\Ahmed SID (S-1-5-21-1289880606-1661032012-1105384326-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). This security permission can be modified using the Component Services administrative tool.

Error: (12/14/2017 10:06:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/14/2017 10:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/14/2017 10:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/14/2017 10:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/14/2017 10:06:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/14/2017 10:06:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USER_ESRV_SVC_QUEENCREEK service terminated with the following error:
%%497

Error: (12/14/2017 10:06:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BIT service terminated with the following error:
The specified module could not be found.

Error: (12/14/2017 10:06:23 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (12/14/2017 10:05:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tile Data model server service terminated with the following error:
%%2147943515 = A system shutdown is in progress.


CodeIntegrity:
===================================
Date: 2017-12-04 06:18:43.918
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-23 12:13:09.130
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-05 15:25:30.159
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 01:19:35.915
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-05 18:46:08.089
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-30 21:05:13.262
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-21 18:02:56.296
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-13 19:08:17.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-22 20:34:29.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-21 00:01:58.073
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 16282.52 MB
Available physical RAM: 11635.57 MB
Total Virtual: 18714.52 MB
Available Virtual: 13594.4 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.48 GB) (Free:22.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:41.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 646C7230)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 305C3115)

Partition: GPT.

==================== End of Addition.txt ============================

 

[DeathPackage]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Ahmed (administrator) on AHMED-LAPTOP (14-12-2017 22:22:29)
Running from C:\Users\Ahmed\Desktop
Loaded Profiles: Ahmed & _ashbackuppb_ (Available Profiles: Ahmed & _ashbackuppb_)
Platform: Windows 10 Home Version 1607 14393.1944 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupService-abpb.exe
() C:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\oxHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Spotify Ltd) C:\Users\Ahmed\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(AutoIt Team) C:\WinddowsUpdater\WinddowsUpdater.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1883_none_7ed84bd822106081\TiWorker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Ashampoo Backup PB] => C:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupClient-abpb.exe [323400 2016-03-24] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-14] (AVAST Software)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\ASUSWSLoader.exe [63968 2016-06-22] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [Steam] => D:\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [Discord] => C:\Users\Ahmed\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4005944 2017-03-30] (Tonec Inc.)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [Spotify Web Helper] => C:\Users\Ahmed\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-25] (Spotify Ltd)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [Spotify] => C:\Users\Ahmed\AppData\Roaming\Spotify\Spotify.exe [15849072 2017-07-25] (Spotify Ltd)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [Innkeeper] => C:\Users\Ahmed\AppData\Local\Innkeeper\Update.exe [1888136 2017-01-23] (Innkeeper)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Ahmed\AppData\Roaming\Auto Clicker\AutoClicker.exe [128168 2017-10-21] (MurGee.com)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [WinddowsUpdater] => C:\WinddowsUpdater\WinddowsUpdater.exe [937776 2015-09-18] (AutoIt Team)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [WinddowsUpdate] => C:\WINDOWS\system32\cmd.exe /c start C:\WinddowsUpdater\WinddowsUpdater.exe "C:\WinddowsUpdater\WinddowsUpdater.zip" & exit
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\Run: [661-6060889821-12-5-1-S\] => C:\661-6060889821-12-5-1-S\S-1-5-21-1289880606-166.exe [1742898 2017-12-12] (Acunetix Ltd.)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {6fc1efd2-9965-11e6-9158-9c5c8e104b30} - "F:\autorun.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {90791783-9bcc-11e7-91c7-9c5c8e104b30} - "G:\autorun.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {c72fed08-72b1-11e6-914c-9c5c8e104b30} - "G:\AutoRun.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {d9538d81-c0cd-11e7-91d1-185e0fd90e6c} - "G:\autorun.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {de4a1800-f6ce-11e6-9168-9c5c8e104b30} - "H:\setup.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {de4a186e-f6ce-11e6-9168-9c5c8e104b30} - "I:\setup.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\MountPoints2: {e47c1a75-c78d-11e6-9160-9c5c8e104b30} - "G:\autorun.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Run: [OneDrive] => "C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Run: [Steam] => D:\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\Run: [Mal Updater 2] => D:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\RunOnce: [Uninstall C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\RunOnce: [Uninstall 17.3.6517.0809\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\RunOnce: [Uninstall 17.3.6517.0809] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ahmed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\MountPoints2: {6fc1efd2-9965-11e6-9158-9c5c8e104b30} - "F:\autorun.exe"
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\...\MountPoints2: {e47c1a75-c78d-11e6-9160-9c5c8e104b30} - "F:\autorun.exe"
Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-10-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Ahmed\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-05-11]
ShortcutTarget: Twitch.lnk -> C:\Users\Ahmed\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{947e61df-32f4-4d82-a8ab-4100153283d1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{969ee63a-c43d-47c0-803c-2274a5871667}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{ba055047-16d6-481d-a396-bc4d52e8bcd3}: [DhcpNameServer] 172.16.255.1
Tcpip\..\Interfaces\{dbd1adda-60a3-4d46-8aed-469c45fb5387}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1289880606-1661032012-1105384326-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1289880606-1661032012-1105384326-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1289880606-1661032012-1105384326-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001 -> hxxp://www.google.com
Edge Session Restore: HKU\S-1-5-21-1289880606-1661032012-1105384326-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: ym9kxiod.default
FF ProfilePath: C:\Users\Ahmed\AppData\Roaming\Firefox\Firefox\Profiles\ym9kxiod.default [2017-05-27] <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-03-22] [Legacy] [not signed]
FF HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2017-04-06] [Legacy] [not signed]
FF HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin HKU\S-1-5-21-1289880606-1661032012-1105384326-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN","hxxp://www.startpageing123.com/?type=hp&ts=1489130288&z=1c0f34a53a9254cfcb14d88g0z9b1t5g0cbecocb5q&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX","hxxp://www.startpageing123.com/?type=hp&ts=1489144826&z=05dbb390ddc85e09db40483g5zfb8tfgezaz4b2o3w&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX","hxxp://www.startpageing123.com/?type=hp&ts=1490969059&z=f51512098351a045017084agezetbe3t8q4t4e6w8b&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX","hxxp://www.ourluckysites.com/?type=hp&ts=1492593394&z=bfc1ce1e20b55ca92fefa12g8z4t6o6w3t9c9c6t0o&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX","hxxp://www.ourluckysites.com/?type=hp&ts=1494887636&z=cd954d1dddd5bdefc81d8c4g8z8tdz0b0b6mdqfc3m&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX","hxxp://www.ourluckysites.com/?type=hp&ts=1495621878&z=9fefff6f7d4fefe8af0796dg3z7t2wfqfobg4b1mfm&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX","hxxp://www.ourluckysites.com/?type=hp&ts=1495791194&z=2d2934f91cd8a260f18e0d3gfzftfwam0tcg0gbt4o&from=che0812&uid=HGSTXHTS721010A9E630_JS100X620E838S0E838SX"
CHR DefaultSearchKeyword: Default -> mystarting123
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default [2017-12-14]
CHR Extension: (Slides) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Duolingo on the Web) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-05-25]
CHR Extension: (Docs) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (Manga Viewer) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebalkdfejapnfbngpmhchkboajaofen [2017-12-06]
CHR Extension: (Turn Off the Lights) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]
CHR Extension: (YouTube) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Kingdoms Of Camelot) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm [2017-05-25]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-05-25]
CHR Extension: (Sheets) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-25]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2017-10-09]
CHR Extension: (Avast Online Security) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2017-05-25]
CHR Extension: (Deadpool [FVD]) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\liabepoelohehnplkhbgcapfedbnenod [2017-05-25]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2017-05-25]
CHR Extension: (IDM Integration Module) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-07]
CHR Profile: C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-09]
CHR Profile: C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12]
CHR Extension: (Google Docs) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12]
CHR Extension: (Google Drive) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12]
CHR Extension: (YouTube) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12]
CHR Extension: (Google Sheets) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-12]
CHR Extension: (Gmail) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]
CHR Profile: C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-03-28]
HKU\S-1-5-21-1289880606-1661032012-1105384326-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Cupduck\Application\chrome.exe <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ashbackuppb; c:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupService-abpb.exe [32072 2016-03-24] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe [75264 2015-10-22] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [356664 2015-02-02] (ASUSTeK)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-14] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-09-24] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-22] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [76032 2015-08-13] (ASUSTeK COMPUTER INC.)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-04-19] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-04-19] (LULU SOFTWARE LIMITED)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-08-13] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-10-22] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-14] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-14] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-07-13] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-20] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-20] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUS)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [223232 2016-05-17] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-09-24] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [245768 2017-08-07] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-13] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-12-14] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-14] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7630080 2017-04-03] (Intel Corporation)
R1 NFC_Driver; C:\WINDOWS\System32\drivers\NFC_Driver.sys [53440 2015-01-06] (Titan ARC Corp.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvlddmkm.sys [14461344 2017-06-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 TTDrv; D:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
U2 snare; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 22:22 - 2017-12-14 22:22 - 000040733 _____ C:\Users\Ahmed\Desktop\FRST.txt
2017-12-14 22:21 - 2017-12-14 22:21 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-12-14 22:21 - 2017-12-14 22:21 - 000001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-14 22:21 - 2017-12-14 22:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2017-12-14 22:21 - 2017-12-14 22:21 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-14 22:20 - 2017-12-14 22:20 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151328285407804
2017-12-14 22:20 - 2017-12-14 22:20 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-14 22:20 - 2017-12-14 22:20 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-14 22:20 - 2017-12-14 22:20 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

 

[DeathPackage]

Btw I ran this

takeown /f "%WINDIR%\notepad.exe" /a
icacls "%WINDIR%\notepad.exe" /remove "Administrators" "Authenticated Users" "Users" "System"
takeown /f "%WINDIR%\System32\notepad.exe" /a
icacls "%WINDIR%\System32\notepad.exe" /remove "Administrators" "Authenticated Users" "Users" "System"

in the CMD

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Uninstall following unwanted program:

AlphaGo (two instances)

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.