Solved Virus causing pc internet to slow down and turn off

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E595E249-59D6-409D-A5FE-E2E891ECA31F}] => (Allow) D:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{8E26A590-35DB-47CF-A12C-215FBFB9F40D}] => (Allow) D:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{10406D22-A92E-4EFF-B84B-0D36601461F0}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\STEEP\steep.exe
FirewallRules: [UDP Query User{3CBDF26E-0EAB-4098-B139-EC29E5ADDB41}D:\program files (x86)\image-line\fl studio 12\fl.exe] => (Block) D:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [TCP Query User{940BE97B-F255-4FEF-B68D-116A00487126}D:\program files (x86)\image-line\fl studio 12\fl.exe] => (Block) D:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [UDP Query User{2871BFDC-4AA6-4C6A-876C-81323D4A55BB}D:\program files (x86)\novation\automap\automapserver.exe] => (Allow) D:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{AA5FFAE9-6950-4017-BF1F-8B6564934850}D:\program files (x86)\novation\automap\automapserver.exe] => (Allow) D:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [{D057E58E-E9DE-4A6F-83F5-7B5782017383}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A770FBE6-CC2C-4232-98D9-AD9C0DE9FBA8}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{E59E5B80-38A5-4636-A5BB-6C5DAF574369}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{185843A7-3279-467A-BE49-E848F055AD7D}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{8D842E21-D85C-450E-90E1-FFD2E299BA77}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E12C3502-CF97-4768-9785-8BE32C5F615D}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BA6ECAF-886A-4DCE-9616-D4BC8950B632}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FE9288A-BED0-43B1-9462-51F441E9CBE6}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28DDB9DD-FBC3-435F-B1C7-6532F169C516}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7943FA5F-FDB2-4E16-85C1-9F87842DE213}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4FD0B70-4973-4702-A797-FF5B37767122}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6D0BDB82-D4A0-4D3D-99DD-E14DA64DC361}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{3ABA35D2-4B2D-4085-8574-AC4B4222BDB5}C:\users\henrik\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\henrik\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F008EDDD-1500-4303-9790-58E7C4D2F836}C:\users\henrik\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\henrik\appdata\roaming\spotify\spotify.exe
FirewallRules: [{18215A13-3E04-4DBA-AFAB-32030B211C3E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EEBF25B5-1E2C-40DB-823E-7C857CC762B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC493CDB-EFAE-4E55-B22A-E6D2276A42E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3CB38D5-7544-4181-8AF8-420285055EA3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BCF82A08-AB4E-4523-92B0-F07306AE50FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F415DD9C-2DD1-4C38-9A96-8BC6095E5EB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{98275266-437E-4EF9-B787-9D633880F127}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Block) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [UDP Query User{E3E7C063-8743-4C3B-B4A9-9BCE504C590C}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Block) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [TCP Query User{921B3F3E-F90C-4034-AC9D-7D3885B44548}C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [UDP Query User{BE00A915-0473-4AFA-9E6C-DFBF998CC1A3}C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [{DDBF36AF-16AE-48D5-B14C-DEEEC894E77D}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{D821A434-5012-4CF8-9709-915B4BDFA338}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{30E90204-C0EE-41D6-8068-0886070748F5}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{08017A71-7053-4348-87AE-DEAD56641E19}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7145FC12-98C5-4AE7-BD6E-FD4A5C82D2CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{180DD12C-562A-4A01-8188-92BBB20C5B32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8BCCB8D6-D42B-4D32-9FAF-D2558CD1BA81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E3AFD387-02E6-455E-81BD-796F1A8AB27F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{943F6FFC-862C-4821-BF1E-CCD4C020C90D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E5BD139A-7088-47D2-A9EB-EE11CC33441A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4DE9FCBD-EA75-483D-83D7-70C7EA710CE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{AA565851-2CB2-47B7-BC07-7550E3C1773B}D:\programdata\ableton\live 9 lite\program\ableton live 9 lite.exe] => (Allow) D:\programdata\ableton\live 9 lite\program\ableton live 9 lite.exe
FirewallRules: [UDP Query User{2FF83968-4EAE-4324-8330-0F275750DC44}D:\programdata\ableton\live 9 lite\program\ableton live 9 lite.exe] => (Allow) D:\programdata\ableton\live 9 lite\program\ableton live 9 lite.exe
FirewallRules: [TCP Query User{DD2B71D8-1F38-4FA0-AC2F-52BC4B98F6AA}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [UDP Query User{FE086A2C-1ED0-4CF5-8051-16742BE63802}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [{094DFCCB-963A-4BBB-9DA2-37BCEA926F74}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5FC10A25-6DAD-45DD-99D6-E1FD1755FA34}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{3493C184-EC19-4914-8192-1D3A0EC63B66}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{1CB1EAD1-32F6-4CD6-82F4-7CACE86E4970}] => (Allow) D:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{24A9975F-C900-4B51-848A-FB7193F49FF5}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{1E5E03D0-5FC2-4CC9-9E97-E1C8DE8D9FE0}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{04A14983-3607-447A-92D5-4661680B1F07}C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [UDP Query User{74034BCD-E66B-4944-A2B6-8C9FBE52CCAA}C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [{DEDFC86D-3F61-4431-8854-60676C4FCF53}] => (Allow) D:\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{300C5207-E116-491B-B8B7-94172007AF48}] => (Allow) D:\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{B5A059AE-FB1E-40D0-9430-B93418DA4DBF}] => (Allow) D:\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{890860F5-925A-456A-BE4C-1E9A516A2F43}] => (Allow) D:\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{E2C9B226-D3FC-40BB-81D0-B871BA76FF6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{F6AE8FC0-97BE-4EB5-8D9E-001F4D3C8EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{7F002107-2C0E-4D24-823F-3BEF6D964DA1}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CABC07F4-9618-438C-8067-F7AB3D2B508F}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{64E3E6A7-489F-4E6C-B22E-864FA6FF1160}] => (Allow) D:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{B5C927D2-563E-4150-948A-683DA1817DA1}] => (Allow) D:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{04DD4EC9-ABA1-47AC-9BCF-C5A02BCD56D2}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [UDP Query User{24465C93-89AA-4B8F-B951-77F580ABC859}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\32bit\ilbridge.exe
FirewallRules: [TCP Query User{DB142851-5B72-4D30-B4E0-4326C05A6F56}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe
FirewallRules: [UDP Query User{DF5B4712-CDB5-4854-9294-F5FEA0EA974A}D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe] => (Allow) D:\program files (x86)\image-line\fl studio 12\system\tools\bridge\64bit\ilbridge.exe
FirewallRules: [TCP Query User{4A3F1E68-75A9-4E4D-BD0D-D27999A5CEE2}C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [UDP Query User{6CFBC0D9-CA54-40DF-8CD4-03D1685A5A4E}C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [{E69CC76D-2160-4288-9A47-5D479FD93888}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{89B2B7E3-6E98-4E22-9FE6-57762156D9B4}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8A9ABDC7-647C-4E80-A632-37BCAD2FFA0B}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{88E67F13-03A0-407F-9595-F904522A60DB}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{CF63DA79-8AE6-470E-AB29-6F5DD95D9E09}D:\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{A2AB1551-30F0-49DE-AA58-D244EAE1B629}D:\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{185A624D-6CE7-4155-91A6-0D873564E701}C:\users\henrik\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\henrik\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{17B3C428-AF8B-4D25-8E51-A911BB252DA6}C:\users\henrik\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\henrik\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{D87BB95D-8D85-49EB-B06C-4ECEEEEEE4A5}D:\battlenet\overwatch\overwatch\overwatch.exe] => (Allow) D:\battlenet\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F98F39AA-F998-4785-8E88-69C6078D16CE}D:\battlenet\overwatch\overwatch\overwatch.exe] => (Allow) D:\battlenet\overwatch\overwatch\overwatch.exe
FirewallRules: [{CBDAA32C-3B1A-4A9F-AB82-831A8C8FE628}] => (Allow) D:\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{D5E67DA4-876B-4EB5-8ED8-71ED929EF0F4}] => (Allow) D:\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{A0ADD61A-9869-4F2F-971E-3F5659712C62}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20B5DC09-CFAA-46AF-816B-853B3DF1B218}] => (Allow) D:\Steam\steamapps\common\YookaLaylee\YookaLaylee64.exe
FirewallRules: [{F4E7C8AF-B310-46F0-9F48-8510B5F4501E}] => (Allow) D:\Steam\steamapps\common\YookaLaylee\YookaLaylee64.exe
FirewallRules: [{5C342244-E913-47D6-9BAC-488DC49EE0CB}] => (Allow) D:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{AD6F9B13-6BF0-4D0E-A3ED-12AD2CBB8165}] => (Allow) D:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{68250E07-9750-4EF9-B3DC-5607A7DC81A1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [TCP Query User{08CCF43F-595C-413E-A9C4-DC87618D1AE9}C:\program files\reflector\reflector.exe] => (Allow) C:\program files\reflector\reflector.exe
FirewallRules: [UDP Query User{7F30CCF8-81C9-4B02-90E8-95B29E216A54}C:\program files\reflector\reflector.exe] => (Allow) C:\program files\reflector\reflector.exe
FirewallRules: [TCP Query User{084CF1B5-88BF-4871-AEC2-F48929E535D2}C:\users\henrik\appdata\local\temp\rar$exa0.349\airplayer\airplayer.exe] => (Allow) C:\users\henrik\appdata\local\temp\rar$exa0.349\airplayer\airplayer.exe
FirewallRules: [UDP Query User{024458A8-0342-40DD-A88F-FE6373E1CB34}C:\users\henrik\appdata\local\temp\rar$exa0.349\airplayer\airplayer.exe] => (Allow) C:\users\henrik\appdata\local\temp\rar$exa0.349\airplayer\airplayer.exe
FirewallRules: [TCP Query User{BB6B96A1-18C1-4E37-8F34-00A576BFCF72}C:\users\henrik\appdata\local\temp\rar$exa0.321\airplayer\airplayer.exe] => (Allow) C:\users\henrik\appdata\local\temp\rar$exa0.321\airplayer\airplayer.exe
FirewallRules: [UDP Query User{FD1BDEE1-8B68-4CD0-8D72-7CA1B96CF4AC}C:\users\henrik\appdata\local\temp\rar$exa0.321\airplayer\airplayer.exe] => (Allow) C:\users\henrik\appdata\local\temp\rar$exa0.321\airplayer\airplayer.exe
FirewallRules: [TCP Query User{5D29533E-E55D-4A04-B329-6CCA667E5E5D}C:\users\henrik\desktop\airplayer.exe] => (Allow) C:\users\henrik\desktop\airplayer.exe
FirewallRules: [UDP Query User{819D284C-2098-46C2-9163-0F079A4F4704}C:\users\henrik\desktop\airplayer.exe] => (Allow) C:\users\henrik\desktop\airplayer.exe
FirewallRules: [TCP Query User{39DB3796-8D71-4D0F-A24C-CAD0EA8FF6D7}C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe] => (Allow) C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe
FirewallRules: [UDP Query User{2A9C3565-1864-48E1-9EB0-AC2E68CE8756}C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe] => (Allow) C:\program files (x86)\apowersoft\apowersoft phone manager\apowersoft phone manager.exe
FirewallRules: [{2DA20CCE-0A6F-43B2-AF87-B25CF4A8C12A}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{5A817BEF-4155-4FDA-B155-A106BB873E82}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{0C991DE6-4B2C-4B44-B927-954ED9A81FCD}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D731AADD-CEFD-4DCE-A6BA-C0C5369AC0A2}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{D7BE41E3-ACDC-4766-AE4A-442F488169AE}C:\users\henrik\appdata\roaming\utorrent\updates\3.5.0_43804.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.5.0_43804.exe
FirewallRules: [UDP Query User{3EAA4CB4-3013-4CBE-A768-54F18D1013F2}C:\users\henrik\appdata\roaming\utorrent\updates\3.5.0_43804.exe] => (Allow) C:\users\henrik\appdata\roaming\utorrent\updates\3.5.0_43804.exe
FirewallRules: [{CC214A2A-EF87-4DEB-85E4-6105A76592FF}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [TCP Query User{A5B942EB-C68B-4373-861D-0B56325E54BA}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{91E6C7FA-A6D6-48BE-BB7A-22134E7D365D}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{C4072852-896B-4147-BD16-1980C081AB32}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{AC0F2770-611C-4FA0-AD2D-19243F768A79}] => (Allow) D:\Steam\steamapps\common\SnookerWorld\SNOK.exe
FirewallRules: [{20C81EF3-736D-4E96-8E4F-58D12F3F9BF4}] => (Allow) D:\Steam\steamapps\common\SnookerWorld\SNOK.exe
FirewallRules: [{4D1C0BF1-4FE2-4AFA-AE54-422AB77B2E68}] => (Allow) D:\Steam\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [{E3D20A05-6D7F-4CA2-AFAB-71230A3B389F}] => (Allow) D:\Steam\steamapps\common\Pool Nation FX\PoolNationFX\Binaries\Win64\PoolNationFX.exe
FirewallRules: [TCP Query User{842D7206-2586-46A3-9A35-6D8CA47FCD46}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{CBFC3790-C681-41E2-8521-DCBE1E25E4D9}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{5E3AD7F0-0CC8-4A65-94EB-2091F532C103}C:\programdata\oracle\java\javapath_target_865328546\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_865328546\java.exe
FirewallRules: [UDP Query User{8F603CA5-B668-49F4-B2E2-17A97DB924C7}C:\programdata\oracle\java\javapath_target_865328546\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_865328546\java.exe
FirewallRules: [{9A0622D8-4FD1-4024-811B-427ABF0755C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CE3E6C85-5168-4CD8-84D2-71F4EFB165FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F236A0AC-29AF-40BE-9AC6-1848F25292DD}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{515501E1-B9E3-43B2-94C4-B70614DB071A}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9028A3F7-E846-43C5-A359-C3128B60BBE2}] => (Allow) D:\Steam\steamapps\common\The Crew\TheCrew.exe
FirewallRules: [{A9F400C8-8C0B-4ECA-AC9A-655402E91079}] => (Allow) D:\Steam\steamapps\common\The Crew\TheCrew.exe
FirewallRules: [{AA33386B-3B00-4657-A5D6-1384DB57F0EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{591F9680-762F-4FE3-A452-6F4AC3678FA1}] => (Allow) D:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{E5E82FA0-E759-4B4F-B6F4-1B25CD1CD7FF}] => (Allow) D:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2017 03:17:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x2a1c
Faulting application start time: 0x01d2f3359554dd2d
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 9c828dd7-8c78-48ac-b527-44491dfc77f7
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0xde0
Faulting application start time: 0x01d2f335929aaa68
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 4b4298f0-ee31-4993-a7dc-b32c080fb12f
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x5b8
Faulting application start time: 0x01d2f3359015475a
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 3493b0ee-2bf8-4c6e-8c51-0095612ef581
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:17:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x29c4
Faulting application start time: 0x01d2f3358d8915f9
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: f376f4e0-d8ee-48ba-8387-7ef013cc4b05
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x2a20
Faulting application start time: 0x01d2f3358b071e99
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 1e7d1df6-c233-4e13-9779-ee08299177be
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:17:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x14f8
Faulting application start time: 0x01d2f335886be52e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 1585de53-2712-455e-99ec-0975d0fea2af
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x434
Faulting application start time: 0x01d2f33402d80c96
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 8dda0e81-8e89-4725-a120-0056b29385f4
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x1e20
Faulting application start time: 0x01d2f3340052925c
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: c5ddb44c-992a-4470-8756-27a76e18cfa1
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x29c4
Faulting application start time: 0x01d2f333fdd8c53f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 20da9c44-1afb-46e3-900f-1d8a82bbeaec
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/02/2017 03:06:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Exception code: 0x80000003
Fault offset: 0x00000000001f672f
Faulting process id: 0x13bc
Faulting application start time: 0x01d2f333fb6bc92d
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: e7c19c57-16f7-4a52-abee-7312c70f4c43
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI


System errors:
=============
Error: (07/02/2017 03:02:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: 2017-06 Update for Windows 10 Version 1607 for x64-based Systems (KB3150513).

Error: (07/02/2017 02:36:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/02/2017 02:19:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: 2017-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022715).

Error: (07/02/2017 02:18:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/02/2017 03:11:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 03:10:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: 2017-06 Update for Windows 10 Version 1607 for x64-based Systems (KB3150513).

Error: (07/01/2017 02:33:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 02:31:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: 2017-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022715).

Error: (07/01/2017 02:31:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/01/2017 02:27:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-06-29 15:33:00.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2017-06-29 15:33:00.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-29 15:19:19.632
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CSSGUARD64.DLL that did not meet the Windows signing level requirements.

Date: 2017-06-29 15:06:00.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CSSGUARD64.DLL that did not meet the Windows signing level requirements.

Date: 2017-06-29 15:02:52.209
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\CSSGUARD64.DLL because the set of per-page image hashes could not be found on the system.

Date: 2017-06-29 14:49:55.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\CSSGUARD64.DLL because the set of per-page image hashes could not be found on the system.

Date: 2017-06-29 14:49:19.591
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CSSGUARD64.DLL that did not meet the Windows signing level requirements.

Date: 2017-06-29 14:34:19.606
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2017-06-29 14:32:57.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-29 14:17:41.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 64%
Total physical RAM: 8086.01 MB
Available physical RAM: 2892.41 MB
Total Virtual: 15510.01 MB
Available Virtual: 9507.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:0.97 GB) NTFS
Drive d: (Programs) (Fixed) (Total:585.94 GB) (Free:246.47 GB) NTFS
Drive f: (Movies) (Fixed) (Total:1276.48 GB) (Free:530.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 0746030D)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 8FEB1950)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    7.3 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Henrik (02-07-2017 23:44:08) Run:1
Running from C:\Users\Henrik\Desktop
Loaded Profiles: Henrik (Available Profiles: Henrik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2799272097-1707510344-1613828314-1001\...\Run: [Reflector2] => [X]
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2799272097-1707510344-1613828314-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR Profile: C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-07-02] <==== ATTENTION
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S3 WsDrvInst; "D:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe" [X]
2016-10-12 21:29 - 2016-10-12 21:29 - 0000000 _____ () C:\Program Files (x86)\ASUS Xonar D2 Audio
2016-11-07 21:45 - 2017-02-05 16:29 - 0000033 _____ () C:\Users\Henrik\AppData\Roaming\AdobeWLCMCache.dat
2017-07-01 17:10 - 2017-07-01 18:11 - 0003138 _____ () C:\Users\Henrik\AppData\Roaming\SpeedRunnersLog.txt
2016-11-26 07:18 - 2016-12-01 20:58 - 0004014 _____ () C:\Users\Henrik\AppData\Roaming\VoiceMeeterDefault.xml
2016-12-15 13:51 - 2017-03-18 19:09 - 0009275 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 13:51 - 2017-03-16 19:05 - 0006884 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-06-20 21:48 - 2017-06-20 21:48 - 0008720 _____ () C:\Users\Henrik\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-06-20 21:49 - 2017-06-20 21:49 - 0012080 _____ () C:\Users\Henrik\AppData\Local\Temp\BullseyeCoverage-x64-3.dll
2017-06-20 21:49 - 2017-06-20 21:49 - 0010520 _____ () C:\Users\Henrik\AppData\Local\Temp\BullseyeCoverage-x86-3.dll
2017-07-01 12:31 - 2016-11-11 12:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Henrik\AppData\Local\Temp\dllnt_dump.dll
2017-07-01 12:00 - 2017-07-01 12:01 - 4109176 _____ (COMODO) C:\Users\Henrik\AppData\Local\Temp\ise_installer.exe
2017-06-21 20:32 - 2017-06-21 20:32 - 0019968 _____ (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-1071075392364444971.dll
2017-06-21 21:25 - 2017-06-21 21:25 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-1153001586639308607.dll
2017-06-21 18:54 - 2017-06-21 18:54 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-1260291970132728421.dll
2017-05-07 13:59 - 2017-05-07 13:59 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-1363634836949659710.dll
2017-06-21 20:33 - 2017-06-21 20:33 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-2186400338576564517.dll
2017-05-12 20:03 - 2017-05-12 20:03 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-2290271135544366362.dll
2017-06-21 18:34 - 2017-06-21 18:34 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-2469749168740701734.dll
2017-06-21 18:24 - 2017-06-21 18:24 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-2728434572421372818.dll
2017-06-21 19:03 - 2017-06-21 19:03 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-2855344790019296826.dll
2017-06-21 21:34 - 2017-06-21 21:34 - 0019968 _____ (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-2917035292047346074.dll
2017-05-12 20:03 - 2017-05-12 20:03 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3215167825315777799.dll
2017-06-21 20:14 - 2017-06-21 20:14 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3277872538019738130.dll
2017-06-20 22:50 - 2017-06-20 22:50 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3282594619801589884.dll
2017-06-21 18:48 - 2017-06-21 18:48 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3305238220643517183.dll
2017-06-21 00:07 - 2017-06-21 00:07 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3353997431882390676.dll
2017-06-21 18:30 - 2017-06-21 18:30 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3355681635270746290.dll
2017-06-23 13:16 - 2017-06-23 13:16 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3589258148788507051.dll
2017-06-20 23:25 - 2017-06-20 23:25 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3627287089634379371.dll
2017-06-21 18:33 - 2017-06-21 18:33 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3719675648887146509.dll
2017-06-20 23:41 - 2017-06-20 23:41 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-3837546123523305305.dll
2017-05-28 04:02 - 2017-05-28 04:02 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-4216179287273088663.dll
2017-06-20 23:22 - 2017-06-20 23:22 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-4235778254976684987.dll
2017-06-21 20:47 - 2017-06-21 20:47 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-5038764882999847846.dll
2017-06-24 15:45 - 2017-06-24 15:45 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-5460312811184151518.dll
2017-06-21 21:38 - 2017-06-21 21:38 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-5581777625304781288.dll
2017-06-24 15:29 - 2017-06-24 15:29 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-6368812674826841464.dll
2017-06-21 19:22 - 2017-06-21 19:22 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-6761491517736766672.dll
2017-06-20 22:44 - 2017-06-20 22:44 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-7062560105360448856.dll
2017-06-21 18:57 - 2017-06-21 18:57 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-7176761637998703884.dll
2017-06-21 19:01 - 2017-06-21 19:01 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-7261807896661401354.dll
2017-06-24 15:29 - 2017-06-24 15:29 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-7367500199629893132.dll
2017-06-20 22:20 - 2017-06-20 22:20 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-7496619433307775273.dll
2017-06-21 19:01 - 2017-06-21 19:01 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-7518563292777661402.dll
2017-06-21 19:22 - 2017-06-21 19:22 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-8366214386157331703.dll
2017-06-20 23:16 - 2017-06-20 23:16 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-8663732862190852744.dll
2017-06-21 21:12 - 2017-06-21 21:12 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-8929307440126607196.dll
2017-06-21 00:17 - 2017-06-21 00:17 - 0019968 ____N (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-92277662226697748.dll
2017-05-28 03:54 - 2017-05-28 03:54 - 0019968 _____ (Red Hat�, Inc.) C:\Users\Henrik\AppData\Local\Temp\jansi-64-946592660185118486.dll
CustomCLSID: HKU\S-1-5-21-2799272097-1707510344-1613828314-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3F8F9E874C70}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {6D16567C-7600-4687-8DAF-3BC4751C5B4A} - \Uzuydarient -> No File <==== ATTENTION
HKU\S-1-5-21-2799272097-1707510344-1613828314-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

*****************

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-2799272097-1707510344-1613828314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Reflector2 => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2799272097-1707510344-1613828314-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\NVIDIA Wireless Controller Service => key removed successfully
NVIDIA Wireless Controller Service => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => key removed successfully
WsDrvInst => service removed successfully
C:\Program Files (x86)\ASUS Xonar D2 Audio => moved successfully
C:\Users\Henrik\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Henrik\AppData\Roaming\SpeedRunnersLog.txt => moved successfully
C:\Users\Henrik\AppData\Roaming\VoiceMeeterDefault.xml => moved successfully
C:\ProgramData\NvTelemetryContainer.log => moved successfully
C:\ProgramData\NvTelemetryContainer.log_backup1 => moved successfully
C:\Users\Henrik\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\BullseyeCoverage-x64-3.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\BullseyeCoverage-x86-3.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\ise_installer.exe => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-1071075392364444971.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-1153001586639308607.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-1260291970132728421.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-1363634836949659710.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-2186400338576564517.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-2290271135544366362.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-2469749168740701734.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-2728434572421372818.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-2855344790019296826.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-2917035292047346074.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3215167825315777799.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3277872538019738130.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3282594619801589884.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3305238220643517183.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3353997431882390676.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3355681635270746290.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3589258148788507051.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3627287089634379371.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3719675648887146509.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-3837546123523305305.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-4216179287273088663.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-4235778254976684987.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-5038764882999847846.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-5460312811184151518.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-5581777625304781288.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-6368812674826841464.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-6761491517736766672.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-7062560105360448856.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-7176761637998703884.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-7261807896661401354.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-7367500199629893132.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-7496619433307775273.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-7518563292777661402.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-8366214386157331703.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-8663732862190852744.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-8929307440126607196.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-92277662226697748.dll => moved successfully
C:\Users\Henrik\AppData\Local\Temp\jansi-64-946592660185118486.dll => moved successfully
HKU\S-1-5-21-2799272097-1707510344-1613828314-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3F8F9E874C70} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D16567C-7600-4687-8DAF-3BC4751C5B4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D16567C-7600-4687-8DAF-3BC4751C5B4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uzuydarient => key removed successfully
HKU\S-1-5-21-2799272097-1707510344-1613828314-1001\Software\Classes\regfile => key removed successfully


The system needed a reboot.

==== End of Fixlog 23:44:14 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 111
Java 8 Update 121
Java version 32-bit out of Date!
Google Chrome (59.0.3071.115)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Oracle Java javapath AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Henrik (administrator) on 04-07-2017 at 13:27:42
Running from "C:\Users\Henrik\Desktop"
Microsoft Windows 10 Enterprise (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
I don't know if you needed me to let this in here, but I just pasted the "log" from the Temp File Cleaner..
-----------------------------------------------------------------------------------------------------------------------------------------

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Henrik
->Temp folder emptied: 1663271029 bytes
->Temporary Internet Files folder emptied: 104060883 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 696 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48264067 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 2018 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1583 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 67193284 bytes
Process complete!

Total Files Cleaned = 1 796,00 mb
 
2017-07-04 12:07:44.753 Sophos Virus Removal Tool version 2.6.1
2017-07-04 12:07:44.753 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-07-04 12:07:44.753 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-07-04 12:07:44.753 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2017-07-04 12:07:44.754 Checking for updates...
2017-07-04 12:07:44.765 Update progress: proxy server not available
2017-07-04 12:07:53.596 Option all = no
2017-07-04 12:07:53.596 Option recurse = yes
2017-07-04 12:07:53.596 Option archive = no
2017-07-04 12:07:53.596 Option service = yes
2017-07-04 12:07:53.596 Option confirm = yes
2017-07-04 12:07:53.596 Option sxl = yes
2017-07-04 12:07:53.598 Option max-data-age = 35
2017-07-04 12:07:53.598 Option vdl-logging = yes
2017-07-04 12:07:53.604 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-07-04 12:07:53.604 Machine ID: 3fa6311c43514e7baa3f5b099be50acb
2017-07-04 12:07:53.605 Component SVRTcli.exe version 2.6.1
2017-07-04 12:07:53.605 Component control.dll version 2.6.1
2017-07-04 12:07:53.605 Component SVRTservice.exe version 2.6.1
2017-07-04 12:07:53.605 Component engine\osdp.dll version 1.44.1.2286
2017-07-04 12:07:53.605 Component engine\veex.dll version 3.68.6.2286
2017-07-04 12:07:53.605 Component engine\savi.dll version 9.0.7.2286
2017-07-04 12:07:53.606 Component rkdisk.dll version 1.5.31.1
2017-07-04 12:07:53.606 Version info: Product version 2.6.1
2017-07-04 12:07:53.606 Version info: Detection engine 3.68.6
2017-07-04 12:07:53.606 Version info: Detection data 5.40
2017-07-04 12:07:53.606 Version info: Build date 30.05.2017
2017-07-04 12:07:53.606 Version info: Data files added 307
2017-07-04 12:07:53.606 Version info: Last successful update (not yet updated)
2017-07-04 12:07:53.745 Downloading updates...
2017-07-04 12:07:53.745 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-07-04 12:07:53.745 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-04 12:07:53.746 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-04 12:07:53.746 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-07-04 12:07:53.746 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-07-04 12:07:53.746 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-07-04 12:07:53.746 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-07-04 12:07:53.746 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-07-04 12:07:53.746 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-07-04 12:07:53.746 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-04 12:07:53.880 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-07-04 12:07:53.880 Update progress: [I19463] Product download size 165113825 bytes
2017-07-04 12:08:12.439 Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-07-04 12:08:12.439 Update progress: [I19463] Product download size 1784068 bytes
2017-07-04 12:08:32.616 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-07-04 12:08:32.616 Update progress: [I19463] Product download size 2265483 bytes
2017-07-04 12:08:32.789 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-07-04 12:08:32.789 Update progress: [I19463] Product download size 2018230 bytes
2017-07-04 12:08:32.943 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-07-04 12:08:32.943 Update progress: [I19463] Product download size 525258 bytes
2017-07-04 12:08:32.994 Installing updates...
2017-07-04 12:08:33.597 Error level 1
2017-07-04 12:08:36.181 Update successful
2017-07-04 12:08:43.620 Option all = no
2017-07-04 12:08:43.620 Option recurse = yes
2017-07-04 12:08:43.620 Option archive = no
2017-07-04 12:08:43.620 Option service = yes
2017-07-04 12:08:43.620 Option confirm = yes
2017-07-04 12:08:43.620 Option sxl = yes
2017-07-04 12:08:43.621 Option max-data-age = 35
2017-07-04 12:08:43.621 Option vdl-logging = yes
2017-07-04 12:08:43.625 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-07-04 12:08:43.625 Machine ID: 3fa6311c43514e7baa3f5b099be50acb
2017-07-04 12:08:43.625 Component SVRTcli.exe version 2.6.1
2017-07-04 12:08:43.625 Component control.dll version 2.6.1
2017-07-04 12:08:43.625 Component SVRTservice.exe version 2.6.1
2017-07-04 12:08:43.626 Component engine\osdp.dll version 1.44.1.2285
2017-07-04 12:08:43.626 Component engine\veex.dll version 3.68.5.2285
2017-07-04 12:08:43.626 Component engine\savi.dll version 9.0.7.2285
2017-07-04 12:08:43.626 Component rkdisk.dll version 1.5.31.1
2017-07-04 12:08:43.626 Version info: Product version 2.6.1
2017-07-04 12:08:43.627 Version info: Detection engine 3.68.5
2017-07-04 12:08:43.627 Version info: Detection data 5.39
2017-07-04 12:08:43.627 Version info: Build date 02.05.2017
2017-07-04 12:08:43.627 Version info: Data files added 438
2017-07-04 12:08:43.627 Version info: Last successful update 04.07.2017 14.08.36

2017-07-04 12:17:07.716 Could not open C:\hiberfil.sys
2017-07-04 12:27:27.587 Could not open C:\swapfile.sys
2017-07-04 12:27:42.045 Could not open C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Profile 1\Current Session
2017-07-04 12:27:42.045 Could not open C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs
2017-07-04 12:35:47.383 Could not open C:\Windows\System32\config\BBI
2017-07-04 12:35:47.417 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-07-04 12:35:47.418 Could not open C:\Windows\System32\config\RegBack\SAM
2017-07-04 12:35:47.419 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-07-04 12:35:47.420 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-07-04 12:35:47.421 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-07-04 12:46:23.741 Could not open D:\pagefile.sys
2017-07-04 12:53:05.567 >>> Virus 'Troj/Agent-AJTU' found in file D:\The Sims 4\Game\Bin\rld.dll
2017-07-04 12:53:05.567 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-07-04 12:53:05.567 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-07-04 12:53:07.350 >>> Virus 'Mal/Scribble-D' found in file D:\The Sims 4\Game\Bin\TS4.exe
2017-07-04 12:53:07.350 Disinfection not offered
2017-07-04 12:53:13.491 Could not open LOGICAL:0004:00000000
2017-07-04 12:53:13.495 Could not open E:\
2017-07-04 12:58:40.592 The following items will be cleaned up:
2017-07-04 12:58:40.592 Troj/Agent-AJTU
2017-07-04 12:58:40.592 Mal/Scribble-D
 
On the Sophos Free Virus Removal Tool scan, I first got 2 threats which were both on Sims 4. I tried opening the results thing, but it appeared an error, so I went on and uninstalled Sims 4 right after.
I scanned my computer with the program once more, and it didn't detect any threats this time! :)

UPDATE: It feels like my computer is virus free at the moment. I haven't had any issues with my internet connection, and my internet browser is back to normal!
And I'll stay away from game cracks and stuff like that from now, LOL!
 
Good :)

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=============================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
Hey! Sorry, I have been quite busy the past days. But everything works the way it should now! I am so grateful, and I appreciate your help so much! When I get my payment next month, I'm gonna hand in a donation as a huge thanks.. You literally saved my computer. Thank you so much! :D
 
You must log in or register to reply here.

Similar threads

Mickey1
PC Freezes & won't open anything
Replies
3
Views
530
info12345
info12345
I
  • Locked
Inactive Virus or rootkit on Windows and Linux
Replies
9
Views
2K
Broni
Broni
D
Here's how to turn off Microsoft Edge's pesky new sidebar button
Replies
4
Views
185
ScottSoapbox
S

Latest posts

Back