Usaam

Members

View Profile See their activity

Posts
8
Joined
January 7, 2017
Last visited
January 14, 2017

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Usaam

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

Yes, the install does roll back. However the malwarebytes directory is still created in the installation location and uninstall also fails for add/remove programs. how do I fix the disallowed certificates issue? Do you think I may be a victim of an attack here? Please advise.
- January 14, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

Addition.txt contents: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017 Ran by essam (14-01-2017 07:09:46) Running from D:\ Windows 10 Pro Version 1607 (X64) (2016-09-23 12:20:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1863352165-33519677-2338508-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1863352165-33519677-2338508-503 - Limited - Disabled) essam (S-1-5-21-1863352165-33519677-2338508-1001 - Administrator - Enabled) => C:\Users\essam Guest (S-1-5-21-1863352165-33519677-2338508-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.6.0 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_0_1) (Version: 16.0 - Adobe Systems Incorporated) Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_1) (Version: 10.0.1 - Adobe Systems Incorporated) Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated) Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated) Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_0) (Version: 17.0.0 - Adobe Systems Incorporated) Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated) Adobe Edge Animate CC 2015 (HKLM-x32\...\{92AC6B8F-F962-11E4-867D-81149C0292DF}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Edge Code CC (HKLM-x32\...\{2033D10C-8B25-6EED-97C0-708693677BA6}) (Version: 0.98 - Adobe Systems Incorporated) Adobe Edge Inspect CC (HKLM-x32\...\{2532C427-E595-4768-B6E9-C20F3AB751CA}) (Version: 1.5.486 - Adobe Systems Incorporated) Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated) Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated) Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated) Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated) Adobe Muse CC 2017 (HKLM-x32\...\MUSE_2017_0_0) (Version: 2017.0.0.149 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios) Air Video Server HD 2.2.1 (HKLM-x32\...\Air Video Server HD) (Version: 2.2.1 - InMethod, s.r.o.) Anno 1404 - Gold Edition (HKLM-x32\...\1440426004_is1) (Version: 2.0.0.2 - GOG.com) Anno 1701 A.D. (HKLM-x32\...\1438075172_is1) (Version: 2.0.0.4 - GOG.com) Ansel (Version: 376.33 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions) CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - ) ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft) Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles) Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version: - EA Los Angeles) Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version: - Relic Entertainment) Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version: - Relic Entertainment) Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios) Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts) Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios) Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal) Dex (HKLM-x32\...\1929434313_is1) (Version: 2.2.0.5 - GOG.com) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Divinity: Original Sin Enhanced Edition (HKLM-x32\...\Steam App 373420) (Version: - Larian Studios) DOOM (HKLM\...\Steam App 379720) (Version: - id Software) Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned © Morrigan) (Version: - ) Dragon Age Redesigned Oghren© (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned Oghren©) (Version: - ) Dragon Age Redesigned© Zevran (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned© Zevran) (Version: - ) Dragon Age Redesigned© (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned©) (Version: - ) Dragon Age Redesigned© Leliana (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned© Leliana) (Version: - ) Dragon Age Redesigned© Sten (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned© Sten) (Version: - ) Dragon Age Redesigned© Wynne (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Dragon Age Redesigned© Wynne) (Version: - ) Dragon Age: Origins (HKLM-x32\...\Steam App 17450) (Version: - BioWare) Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts) DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited) Elite Dangerous (HKLM-x32\...\Steam App 359320) (Version: - Frontier Developments) Elite Dangerous Launcher version 0.4.5499.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.5499.0 - Frontier Developments) Elite Dangerous: Horizons (HKLM-x32\...\Steam App 419270) (Version: - Frontier Developments) Empire: Total War (HKLM\...\Steam App 10500) (Version: - The Creative Assembly) FileZilla Client 3.22.1 (HKLM-x32\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North) iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.) iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP) Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Maxwell for SketchUp 2015 (HKLM-x32\...\{DEC405C1-CB23-4C20-948D-BF8631B7E8EE}) (Version: 3.1.0 - Next Limit Technologies) Medal of Honor: Airborne (HKLM-x32\...\Steam App 24840) (Version: - EA Los Angeles) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version: - The Creative Assembly) METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions) Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES) Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version: - 4A Games) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.) Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint) Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts) Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.9 - Black Tree Gaming) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation) NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation) NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.) Overlord (HKLM-x32\...\Steam App 11450) (Version: - Triumph Studios) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.) Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation) qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project) QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software) Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1031 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Republique Remastered (HKLM-x32\...\Steam App 317100) (Version: - Camouflaj) Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games) Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version: - The Creative Assembly) Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden Star Citizen Launcher (HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.19 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) STAR WARS™: Knights of the Old Republic™ (HKLM\...\Steam App 32370) (Version: - BioWare) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Styx: Master of Shadows (HKLM-x32\...\Steam App 242640) (Version: - Cyanide Studio) Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) The Elder Scrolls Online: Tamriel Unlimited (HKLM-x32\...\Steam App 306130) (Version: - Zenimax Online Studios) The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version: - Bethesda Game Studios) Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version: - Ion Storm) This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios) Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment) Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version: - Iron Lore Entertainment) Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version: - Iron Lore Entertainment) Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.3 - Electronic Arts, Inc.) Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft) Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games) Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly) Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly) TrackIR 5 (HKLM-x32\...\{2f2e6053-043c-4d69-94d0-4d42304ea4ee}) (Version: 5.2.0200 - NaturalPoint) Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Tropico 5 (HKLM\...\Steam App 245620) (Version: - Haemimont Games) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation) X-55 Rhino (HKLM\...\{9A5C2A50-D50B-4D21-A128-43FDB36C560C}) (Version: 7.0.38.0 - Mad Catz Inc) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1863352165-33519677-2338508-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4EA180149EC0}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-1863352165-33519677-2338508-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12647669-CE94-4B5C-95FF-4830FCDBF213} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation) Task: {1266DF74-47FB-4664-BA5F-4F910D28282C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {14844863-F9A4-4E18-99D4-68C618C8C6B6} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-essamchaudhry@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {199F4435-9D7E-4BF6-961F-3FDE3CAE9649} - System32\Tasks\{FB323209-7A05-4CA7-87FC-4A4AFC20C962} => pcalua.exe -a D:\Saitek\X55_Rhino_7_0_32_81_x64_Drivers.exe -d D:\Saitek Task: {1CD1044B-22D8-4285-955C-E3EF31DB1E18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {26144834-E0C0-4FF9-95BB-D98BEDA52DBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {272BABD9-0C2A-4FCB-BEE1-266339D5A23A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {2E3BB926-A03E-4B9E-AE85-4BA4E766F391} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation) Task: {3014BAD9-EC99-4AD5-919B-B8CA18B4E095} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {39FAF5D2-CDB8-45E7-A9F8-9A336DE8578D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-12] (Microsoft Corporation) Task: {4A9C9DDD-32C0-49F1-B59C-D2C3680F8EB7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\essam\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {587083CB-59DD-49C3-ABC7-55DC61741B96} - System32\Tasks\Microsoft\Windows\NetTrace\Cache updating idle => C:\WINDOWS\System32\UpdateIdle.exe Task: {5EF4234F-BB0B-4519-AF09-BA1DB3ED2D6B} - System32\Tasks\Microsoft\Windows\User Profile Service\Outlook Office 202 => C:\WINDOWS\Outlook Office 202.exe [2016-06-10] () Task: {5F874B05-A08B-472C-9949-0F04DD92D154} - System32\Tasks\{E646CBD5-EC48-4E09-AD26-63D126739D91} => pcalua.exe -a C:\Users\essam\Downloads\lide500fvst6411222a_64en\SetupSG.exe -d C:\Users\essam\Downloads\lide500fvst6411222a_64en Task: {6001FA8F-0CB1-44C0-A998-7C30BA9D88BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {6178281A-22D1-4484-A324-E3FC059F14C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {66250AA1-0582-416E-A90C-2C09690512D6} - System32\Tasks\{38F73340-0DC2-4459-888F-80B8291E9D05} => pcalua.exe -a "D:\Origin Games\Command and Conquer Generals Zero Hour\Command and Conquer Generals Zero Hour\generals.exe" -d "D:\Origin Games\Command and Conquer Generals Zero Hour\Command and Conquer Generals Zero Hour" -c D:\Origin Games\Command and Conquer Generals Zero Hour\Command and Conquer Generals Ze (the data entry has 20 more characters). Task: {667D731B-D213-411B-9D23-D181027FC90A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {68B3ED98-1087-41FD-94B5-E0A831D7D170} - System32\Tasks\Microsoft\Windows\Multimedia\Adobe Flash 202 => C:\WINDOWS\Adobe Flash 202.exe [2016-06-10] () Task: {714BE54A-BFB1-48F7-8156-17F34F913B76} - System32\Tasks\{27D33B94-B80D-4FF7-BC8E-DB6BBA57A84E} => pcalua.exe -a C:\Users\essam\AppData\Roaming\istartpageing\UninstallManager.exe -c -ptid=cmi Task: {74D95C73-0EF5-4118-B233-6C442B33E56F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] () Task: {7ABA0E95-28D7-4A99-8D91-FBDC24373184} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7C822A82-57A0-4515-8EC9-30E4126A209D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {7CE086F8-6EA3-473F-A397-364828617D74} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation) Task: {9EE0E3E4-DD83-461B-8648-719C0E9D6952} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation) Task: {A20D8D20-19A3-4CA2-BBBB-8D52812B37DB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation) Task: {A3C52F25-93ED-4A62-8715-7CE30B787622} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {AA2B0489-5A65-4ECF-BC5C-BF7469FC59C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {BAB1BEC9-2243-4CB7-9C67-497A118914A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation) Task: {C5C45F36-0EB2-4936-AB8D-A945CA05B209} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {CF2B043E-9958-4326-A5D1-18820D9F4886} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-13] (Adobe Systems Incorporated) Task: {D7AF5CD9-89CC-4E02-B985-9C362BAE22DE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {DD60245D-3CE3-4BF2-A0FC-FC7BEFFB8AC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {ECAB274A-E56B-414D-BF7F-E4A318094E4B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation) Task: {FA9799D6-8ACF-4C1A-8577-DDA35E3CB6DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {FD61B14B-AE13-44DD-B8C5-D5B4A7822498} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\essam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxps://s3.eu-central-1.amazonaws.com/nwaaff/V00_3B.html" ShortcutWithArgument: C:\Users\essam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxps://s3.eu-central-1.amazonaws.com/nwaaff/V00_3B.html" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxps://s3.eu-central-1.amazonaws.com/nwaaff/V00_3B.html" ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 15:42 - 2016-07-16 15:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 09:22 - 2016-12-09 14:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-23 16:08 - 2013-07-04 03:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2016-09-12 11:01 - 2016-11-17 17:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-09-12 11:01 - 2016-11-17 17:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-09-12 11:01 - 2016-11-17 17:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2016-09-25 02:20 - 2016-09-25 02:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-06-22 16:33 - 2016-06-22 16:33 - 00242688 _____ () C:\Windows\appinf.exe 2016-09-23 16:08 - 2016-12-11 22:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-14 09:22 - 2016-12-09 14:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-03-15 04:18 - 2016-12-28 21:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-10-03 18:57 - 2016-10-03 18:57 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2015-04-16 00:13 - 2015-04-16 00:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-09-23 20:04 - 2016-09-23 20:04 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 23:48 - 2016-12-21 11:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-10 23:48 - 2016-12-21 10:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 23:48 - 2016-12-21 10:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 23:48 - 2016-12-21 10:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 23:48 - 2016-12-21 10:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 23:48 - 2016-12-21 10:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-14 15:56 - 2016-12-14 15:56 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-12-14 15:56 - 2016-12-14 15:56 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-14 15:56 - 2016-12-14 15:56 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-12-14 15:56 - 2016-12-14 15:56 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll 2015-10-30 18:11 - 2015-10-30 18:11 - 00693048 _____ () C:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe 2015-03-17 17:15 - 2015-03-17 17:15 - 12443648 _____ () C:\Program Files\Mad Catz\X-55 Rhino\Pr0fileEditor_Forms.dll 2015-03-17 17:15 - 2015-03-17 17:15 - 00004096 _____ () C:\Program Files\Mad Catz\X-55 Rhino\en-US\Pr0fileEditor_Forms.resources.dll 2015-03-17 17:15 - 2015-03-17 17:15 - 00007168 _____ () C:\Program Files\Mad Catz\X-55 Rhino\en\Pr0fileEditor_Forms.resources.dll 2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2016-12-10 04:47 - 2017-01-10 18:39 - 00022024 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe 2016-09-23 16:08 - 2017-01-13 17:41 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2016-09-23 16:08 - 2013-07-04 03:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2016-12-10 04:47 - 2017-01-10 18:39 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2015-03-30 23:37 - 2016-11-17 17:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-09-12 11:01 - 2016-11-17 17:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-09-12 11:01 - 2016-11-17 17:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-06-22 16:33 - 2016-06-22 16:33 - 00103936 _____ () C:\Windows\advapi.dll 2016-09-12 11:01 - 2016-11-17 14:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-09-12 11:01 - 2016-11-17 14:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-09-12 11:01 - 2016-11-17 14:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-09-12 11:01 - 2016-11-17 14:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-09-12 11:01 - 2016-11-17 14:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-09-12 11:01 - 2016-11-17 14:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-09-12 11:01 - 2016-11-17 14:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2015-10-21 02:05 - 2015-10-21 02:05 - 00800768 _____ () C:\Program Files (x86)\AirVideoServer HD\gstreamer-1.0.dll 2015-10-21 02:05 - 2015-10-21 02:05 - 00292864 _____ () C:\Program Files (x86)\AirVideoServer HD\gstbase-1.0.dll 2015-10-21 02:06 - 2015-10-21 02:06 - 00237568 _____ () C:\Program Files (x86)\AirVideoServer HD\gstaudio-1.0.dll 2015-10-21 02:07 - 2015-10-21 02:07 - 00319488 _____ () C:\Program Files (x86)\AirVideoServer HD\gstvideo-1.0.dll 2014-04-15 19:38 - 2014-04-15 19:38 - 00917504 _____ () C:\Program Files (x86)\AirVideoServer HD\libiconv.dll 2014-04-15 23:41 - 2014-04-15 23:41 - 00649216 _____ () C:\Program Files (x86)\AirVideoServer HD\tag.dll 2015-10-21 02:07 - 2015-10-21 02:07 - 00037888 _____ () C:\Program Files (x86)\AirVideoServer HD\gstapp-1.0.dll 2015-10-21 02:07 - 2015-10-21 02:07 - 00120320 _____ () C:\Program Files (x86)\AirVideoServer HD\gstpbutils-1.0.dll 2015-10-21 02:09 - 2015-10-21 02:09 - 00181760 _____ () C:\Program Files (x86)\AirVideoServer HD\gstcodecparsers-1.0.dll 2015-10-21 02:12 - 2015-10-21 02:12 - 00105984 _____ () C:\Program Files (x86)\AirVideoServer HD\gstmpegts-1.0.dll 2015-10-21 02:05 - 2015-10-21 02:05 - 00177152 _____ () C:\Program Files (x86)\AirVideoServer HD\gsttag-1.0.dll 2014-04-15 19:38 - 2014-04-15 19:38 - 00069632 _____ () C:\Program Files (x86)\AirVideoServer HD\fribidi.dll 2014-08-14 21:19 - 2014-08-14 21:19 - 01680427 _____ () C:\Program Files (x86)\AirVideoServer HD\liborc-0.4-0.dll 2014-02-05 05:32 - 2014-02-05 05:32 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll 2014-02-05 05:31 - 2014-02-05 05:31 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll 2014-02-05 05:32 - 2014-02-05 05:32 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll 2014-02-05 05:32 - 2014-02-05 05:32 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll 2014-02-05 05:31 - 2014-02-05 05:31 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll 2016-09-12 11:01 - 2016-11-17 17:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2014-05-19 23:41 - 2016-12-08 19:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-22 19:08 - 2016-09-01 05:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2014-05-22 22:00 - 2016-12-20 06:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-30 15:35 - 2016-01-27 11:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-30 15:35 - 2016-01-27 11:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-30 15:35 - 2016-01-27 11:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-30 15:35 - 2016-01-27 11:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-30 15:35 - 2016-01-27 11:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-01-22 19:08 - 2016-09-01 05:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-22 19:08 - 2016-09-01 05:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-19 23:41 - 2016-12-20 06:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-10 18:21 - 2016-07-05 02:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-10 04:47 - 2017-01-10 18:39 - 00012288 _____ () C:\Program Files (x86)\Origin\libEGL.DLL 2016-09-30 09:29 - 2016-09-20 15:44 - 53018112 _____ () C:\Program Files (x86)\GOG Galaxy\libcef.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00507968 _____ () C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 01076800 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNet.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 01854528 _____ () C:\Program Files (x86)\GOG Galaxy\PocoData.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00393280 _____ () C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00307776 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 01589312 _____ () C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00330816 _____ () C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00104000 _____ () C:\Program Files (x86)\GOG Galaxy\zlib.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00520768 _____ () C:\Program Files (x86)\GOG Galaxy\PocoXML.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00272448 _____ () C:\Program Files (x86)\GOG Galaxy\PocoZip.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00680000 _____ () C:\Program Files (x86)\GOG Galaxy\sqlite.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00425536 _____ () C:\Program Files (x86)\GOG Galaxy\pcre.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00157760 _____ () C:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll 2016-09-30 09:29 - 2016-12-20 19:33 - 00152128 _____ () C:\Program Files (x86)\GOG Galaxy\expat.dll 2016-11-01 11:58 - 2016-11-01 11:58 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll 2016-12-13 21:23 - 2016-12-05 20:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2014-05-19 23:41 - 2016-12-20 06:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-01-22 19:08 - 2015-09-25 03:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2015-03-17 01:34 - 2015-03-17 01:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\en_ae\acrotray.mea 2016-10-03 18:57 - 2016-10-03 18:57 - 00048304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2016-09-30 09:29 - 2016-09-20 15:44 - 01738752 _____ () C:\Program Files (x86)\GOG Galaxy\libglesv2.dll 2016-09-30 09:29 - 2016-09-20 15:44 - 00078848 _____ () C:\Program Files (x86)\GOG Galaxy\libegl.dll 2016-10-10 23:15 - 2016-10-10 23:15 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-10-10 23:15 - 2016-10-10 23:15 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node 2016-10-10 23:15 - 2016-10-10 23:15 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-10-10 23:17 - 2016-10-10 23:17 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-10-25 10:41 - 2016-10-25 10:41 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-10-10 23:14 - 2016-10-10 23:14 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node 2016-10-10 23:14 - 2016-10-10 23:14 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 17:25 - 2015-12-15 22:23 - 00000922 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1863352165-33519677-2338508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\essam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [UDP Query User{F49DC61D-C701-4304-B5F1-E393CFB75B86}D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server_64\elitedangerous64.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server_64\elitedangerous64.exe FirewallRules: [TCP Query User{FE6AA90F-D101-44A9-A1B4-FE8F8159748A}D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server_64\elitedangerous64.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server_64\elitedangerous64.exe FirewallRules: [UDP Query User{8EB49169-03D7-46C2-BEA0-C4EB2242575D}D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe FirewallRules: [TCP Query User{D4938367-9A7F-4DB6-BD90-03FAD593DAD8}D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe FirewallRules: [UDP Query User{190A1BCF-3806-4A96-8AC4-421341579B41}D:\steamlibrary\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game] => D:\steamlibrary\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game FirewallRules: [TCP Query User{8DA22D64-5403-4559-812F-BE859137C1A8}D:\steamlibrary\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game] => D:\steamlibrary\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game FirewallRules: [{4815207B-0789-4621-B56B-AB22C17EF5D0}] => D:\SteamLibrary\SteamApps\common\DOOM\DOOMx64.exe FirewallRules: [{591923A6-0424-4952-8DAC-1A22BF3F4F60}] => D:\SteamLibrary\SteamApps\common\DOOM\DOOMx64.exe FirewallRules: [{4216F382-0148-4F20-8A60-9F4C03445265}] => D:\SteamLibrary\SteamApps\common\Mafia II\pc\mafia2.exe FirewallRules: [{33C9E66B-E07D-44D5-A3F2-E1A5656197F6}] => D:\SteamLibrary\SteamApps\common\Mafia II\pc\mafia2.exe FirewallRules: [{9C2E0B4E-FB2B-4A10-9EA2-E7A20151F101}] => D:\Games\Star Wars-The Old Republic\launcher.exe FirewallRules: [{CC77C1FD-6427-44FC-BE86-A49157696480}] => D:\Games\Star Wars-The Old Republic\launcher.exe FirewallRules: [{6BEBE5FD-335B-4F4E-A934-07570B61DCCA}] => D:\Games\Star Wars-The Old Republic\launcher.exe FirewallRules: [{AAD1CD07-8028-432F-BA76-1056F8A5DE74}] => D:\Games\Star Wars-The Old Republic\launcher.exe FirewallRules: [{0F94ABC0-34D2-4DA9-8790-496E0FD9754E}] => D:\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe FirewallRules: [{2544422B-2672-41E4-A790-59E556E042FC}] => D:\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe FirewallRules: [{13953F31-0B7C-42C4-95C0-CBA39CACAD10}] => D:\Origin Games\Need for Speed\NFS16_trial.exe FirewallRules: [{4DE3EB29-4728-4801-9AED-F3C506ED2834}] => D:\Origin Games\Need for Speed\NFS16_trial.exe FirewallRules: [{B3219AA8-F0A6-444F-8994-C95FAE181F01}] => D:\Origin Games\Need for Speed\NFS16.exe FirewallRules: [{5D8DBD45-E42D-4393-8F9E-FD88CF244A2D}] => D:\Origin Games\Need for Speed\NFS16.exe FirewallRules: [{3EE05FCE-ED1D-4944-9C88-3AAACCD9DFD9}] => D:\SteamLibrary\SteamApps\common\Total War Attila\launcher\launcher.exe FirewallRules: [{44661CD5-BE49-45C6-98D8-DF8FA84EA3DA}] => D:\SteamLibrary\SteamApps\common\Total War Attila\launcher\launcher.exe FirewallRules: [{1D32A879-9E16-4490-9D8F-EEFB19235F2F}] => LPort=9211 FirewallRules: [{279122BB-4D4F-4CAA-BCC2-C7885F03E8A7}] => LPort=9211 FirewallRules: [UDP Query User{C5A4C429-15A0-45A5-AC01-EBA69ABBD045}D:\steamlibrary\steamapps\common\total war attila\attila.exe] => D:\steamlibrary\steamapps\common\total war attila\attila.exe FirewallRules: [TCP Query User{2B1A2B2C-102B-4E2E-9D31-8AD589929F40}D:\steamlibrary\steamapps\common\total war attila\attila.exe] => D:\steamlibrary\steamapps\common\total war attila\attila.exe FirewallRules: [{F15C2E23-3BA1-4D25-8745-AFF5C70A737D}] => D:\SteamLibrary\SteamApps\common\swkotor\swkotor.exe FirewallRules: [{ECA31445-B6B1-4F85-B91C-DDB86B405003}] => D:\SteamLibrary\SteamApps\common\swkotor\swkotor.exe FirewallRules: [{F96FA400-35EF-4E42-80EE-6503E35BAE7F}] => D:\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{AB94A864-7637-4D1C-88C2-A009AE6F59F9}] => D:\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{10B256D1-B53D-4208-8707-DA3883D94639}] => D:\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{8C652C5D-70BC-4F19-9960-27A5CA64FC77}] => D:\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe FirewallRules: [{C9CC20DC-8E3A-43A1-B198-675B21B4BCA3}] => D:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe FirewallRules: [{CBE05926-04E3-4F70-927F-687A9D9A216B}] => D:\SteamLibrary\SteamApps\common\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{F7FBDB19-9DFA-4C94-AB54-217F5809539F}] => D:\SteamLibrary\SteamApps\common\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{EFD3D5DC-CC1C-4AD1-BEF2-9E78CF8BFE0D}] => D:\SteamLibrary\SteamApps\common\Elite Dangerous\EDLaunch.exe FirewallRules: [{E991679F-50FB-4144-AC3F-1F96D78E633C}] => D:\SteamLibrary\SteamApps\common\Elite Dangerous\EDLaunch.exe FirewallRules: [{BCA6A316-E0B4-41CB-BF49-E405936BC8C3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3C61F20C-C067-4B38-93A3-B5243E62E82F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A42C3525-4226-4534-8FC9-38FF8C90CE02}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9D1C9E3C-A399-44C3-B749-70F18A4FDB08}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [UDP Query User{50739CD5-F4C2-4A00-9D7E-9EEDE9C60013}D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe FirewallRules: [TCP Query User{748A694E-45F5-4AFC-8742-B1F79288E3D2}D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe FirewallRules: [UDP Query User{D1A151B1-763B-4242-AC88-010B9339A153}D:\steamlibrary\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe FirewallRules: [TCP Query User{4D58611F-66BA-4A9E-912D-2CDFB8889072}D:\steamlibrary\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe FirewallRules: [UDP Query User{1CD558F7-C6CC-4C56-A256-27CCA4B8BA3D}C:\program files\comicrack\comicrack.exe] => C:\program files\comicrack\comicrack.exe FirewallRules: [TCP Query User{E2418E0A-0859-4B2E-894D-43091D1F54B2}C:\program files\comicrack\comicrack.exe] => C:\program files\comicrack\comicrack.exe FirewallRules: [{22C45392-DE7E-44B2-9262-B74A33FF03F1}] => D:\SteamLibrary\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{14A4A4EE-2253-4741-B43D-F5818CE21319}] => D:\SteamLibrary\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{3FA1FC72-A3F9-449C-A821-6ADFC7A06677}] => D:\SteamLibrary\SteamApps\common\Company of Heroes\RelicCOH.exe FirewallRules: [{1B1421EC-DAAE-4470-93DC-FC60FC5C00D4}] => D:\SteamLibrary\SteamApps\common\Company of Heroes\RelicCOH.exe FirewallRules: [{383A3E26-C6C2-4B46-9373-A23773B1B813}] => C:\Program Files (x86)\Adobe\Adobe Edge Inspect CC\EdgeInspect.exe FirewallRules: [{165D55C4-90E8-429C-B1AC-2E6B6AE0EB3A}] => D:\SteamLibrary\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe FirewallRules: [{7B23F429-3F14-4350-923C-75529E4A8278}] => D:\SteamLibrary\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe FirewallRules: [{701C0AA2-D349-46EA-9549-E74D63841B50}] => D:\SteamLibrary\SteamApps\common\Company of Heroes 2\RelicCoH2.exe FirewallRules: [{B3CFB2AC-4F55-4668-9478-9B7F5D6D2640}] => D:\SteamLibrary\SteamApps\common\Company of Heroes 2\RelicCoH2.exe FirewallRules: [UDP Query User{269B0AA4-BFDF-410D-83D2-6B73966AF21A}D:\adobe\adobe edge animate cc\edgeanimate.exe] => D:\adobe\adobe edge animate cc\edgeanimate.exe FirewallRules: [TCP Query User{5EEEFBE0-3588-4185-A868-99D7A9B73D9A}D:\adobe\adobe edge animate cc\edgeanimate.exe] => D:\adobe\adobe edge animate cc\edgeanimate.exe FirewallRules: [{B673D0E3-6922-4A12-88AA-6A46AAB71D27}] => D:\SteamLibrary\SteamApps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe FirewallRules: [{3781B27C-AAFC-4B33-AEE7-4442252747C9}] => D:\SteamLibrary\SteamApps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe FirewallRules: [{44EA8866-22CA-41F2-90A8-8C05A17DB6E8}] => D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe FirewallRules: [{7A25452C-50D7-4FB7-9BC8-1EAD89A0C0EE}] => D:\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe FirewallRules: [{76AF938C-2C0F-4615-B57F-0AEFB3258D2E}] => D:\SteamLibrary\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe FirewallRules: [{78537ECA-DFBA-4577-9268-5E21711F3BD1}] => D:\SteamLibrary\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe FirewallRules: [{125B3AFE-0EE0-480C-A531-3BFF54064709}] => D:\SteamLibrary\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe FirewallRules: [{DCF786FE-9122-4B88-8840-5F46E61E6094}] => D:\SteamLibrary\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe FirewallRules: [{690366D6-D95F-4E69-9049-C43D39049C34}] => D:\SteamLibrary\SteamApps\common\Republique\Republique.exe FirewallRules: [{13731546-7B2C-4BB7-B2CE-172DA01A8B35}] => D:\SteamLibrary\SteamApps\common\Republique\Republique.exe FirewallRules: [{939643C9-9DE5-4C19-ACF9-00E6C76278EB}] => D:\SteamLibrary\SteamApps\common\This War of Mine\This War of Mine.exe FirewallRules: [{E3F832EE-E78E-4CC9-B33F-ED4A7AC30938}] => D:\SteamLibrary\SteamApps\common\This War of Mine\This War of Mine.exe FirewallRules: [{7490AE56-8EEC-4157-8A5B-AF4CCEBC539F}] => D:\SteamLibrary\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{AA20BAF6-3D74-40FD-A495-A6C0221AF46F}] => D:\SteamLibrary\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{CAE9F467-10F3-4FAB-9244-50CE609B5D25}] => D:\SteamLibrary\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe FirewallRules: [{87873768-8FD8-44FD-A71C-D52EB98DDE59}] => D:\SteamLibrary\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe FirewallRules: [UDP Query User{5A387453-4439-4608-9F89-83C26F6A4AAB}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{85806D27-315C-4404-8B81-78874E72EBC5}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{CE7ECE8A-237F-4FC2-BAD2-BC4D18258EAF}D:\program files (x86)\diablo iii\diablo iii.exe] => D:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{5B62CB2C-5CFE-42EE-9555-D19D9BB8C10B}D:\program files (x86)\diablo iii\diablo iii.exe] => D:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [{66FF8C9C-F274-4DC8-ADD1-99B013AF1457}] => D:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{BA676A2A-C401-47B7-AD7E-F1B49CB90BBD}] => D:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{3CC3FFDD-D30F-4715-B8F6-C8ADC0402BD4}] => D:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{ABAA9145-BF13-4B97-A489-7D0F7B0522B2}] => D:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{1C464344-6005-4D4A-87B4-0CACE9A853D6}] => D:\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe FirewallRules: [{D1E0B997-37CD-4EBC-AF7C-D26D68CC24C7}] => D:\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe FirewallRules: [{5F201768-FE39-49F6-AEA8-87344C989AA9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7B8B1BD2-4CE5-447B-9C06-F252F3511988}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{07A0D4D3-3D37-4C7C-A9C2-207B5A89B4D6}] => D:\Origin Games\Need for Speed(TM) Rivals\NFS14.exe FirewallRules: [{3E2D36EA-7E84-4039-AA89-6EF945A1D7F5}] => D:\Origin Games\Need for Speed(TM) Rivals\NFS14.exe FirewallRules: [{622ED4D5-86D5-4C88-BCA5-1DA7D4AE92AB}] => D:\Origin Games\Need for Speed(TM) Rivals\NFS14_x86.exe FirewallRules: [{F7150FCD-BA02-4015-8511-DA41E5207C9E}] => D:\Origin Games\Need for Speed(TM) Rivals\NFS14_x86.exe FirewallRules: [{85733919-2AC1-465A-9EAA-14F91C7CA9EA}] => D:\Origin Games\Crysis 3\Bin32\Crysis3.exe FirewallRules: [{39D6E5DE-2DF7-4FEA-A854-5A556EDA30DC}] => D:\Origin Games\Crysis 3\Bin32\Crysis3.exe FirewallRules: [{1616FD3C-A182-4525-9E73-80E664E936BE}] => D:\SteamLibrary\SteamApps\common\BrutalLegend\BrutalLegend.exe FirewallRules: [{8D459FAB-4E2C-4961-B75A-AF6C991ADD27}] => D:\SteamLibrary\SteamApps\common\BrutalLegend\BrutalLegend.exe FirewallRules: [{D3E7F145-8D7D-4513-AA02-7E152F2D1C59}] => D:\SteamLibrary\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe FirewallRules: [{B376A03D-2A3E-49A7-BB49-E5E1EE0DA063}] => D:\SteamLibrary\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe FirewallRules: [{E7974918-42F8-46E6-A0E4-100294007AD1}] => D:\SteamLibrary\SteamApps\common\Metro 2033 Redux\metro.exe FirewallRules: [{76696221-E46E-486B-9CC5-4981207231A2}] => D:\SteamLibrary\SteamApps\common\Metro 2033 Redux\metro.exe FirewallRules: [{2AEF8A73-35BD-472B-8887-00CFB7B253CB}] => D:\SteamLibrary\SteamApps\common\Metro Last Light Redux\metro.exe FirewallRules: [{99AEEB93-2AA6-4FBE-BBB2-77681D35F597}] => D:\SteamLibrary\SteamApps\common\Metro Last Light Redux\metro.exe FirewallRules: [{93AE3523-F2C7-4A5D-AA4B-7D1948DE3213}] => D:\SteamLibrary\SteamApps\common\Napoleon Total War\Napoleon.exe FirewallRules: [{1B617083-DE3A-495F-B265-FAC030A93CE0}] => D:\SteamLibrary\SteamApps\common\Napoleon Total War\Napoleon.exe FirewallRules: [{79FD77DD-AF45-4CE1-A58F-9BD3318D445F}] => D:\SteamLibrary\SteamApps\common\Trine\_enchanted_edition_\trine1_launcher.exe FirewallRules: [{8BC693B2-9383-435E-AA02-AC7288673E75}] => D:\SteamLibrary\SteamApps\common\Trine\_enchanted_edition_\trine1_launcher.exe FirewallRules: [{340D6425-A934-4860-A937-423A2ECB50C6}] => D:\SteamLibrary\SteamApps\common\Trine 2\trine2_launcher.exe FirewallRules: [{1CE18A13-FC0D-427E-9AB8-E7CA754AB67F}] => D:\SteamLibrary\SteamApps\common\Trine 2\trine2_launcher.exe FirewallRules: [{A8B0467C-242C-4553-8EB8-3CBF29AB8118}] => D:\SteamLibrary\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe FirewallRules: [{525A6FAA-0FAA-4205-AF95-7258937D5858}] => D:\SteamLibrary\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe FirewallRules: [{F143866F-3B4D-4D7E-A119-4D4DF624A3BB}] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{8D4F072E-F6AD-4D52-9403-904593926BB9}] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{3100EC02-05FA-4E8B-A5C4-774D5BC6553E}] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{EF37F590-669E-4EB6-91A3-60CFFB183449}] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{75128E4C-02E6-4585-855F-3325506D6588}] => D:\SteamLibrary\SteamApps\common\Total War SHOGUN 2\Shogun2.exe FirewallRules: [{C5E6F87D-9E65-4CE0-8D6B-38B50B63761F}] => D:\SteamLibrary\SteamApps\common\Total War SHOGUN 2\Shogun2.exe FirewallRules: [UDP Query User{CFF4C964-C2D9-4D25-AB22-DDE4F1952FA7}D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe FirewallRules: [TCP Query User{CC9FAF41-D95E-4195-94AC-99928EAA5B97}D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => D:\steamlibrary\steamapps\common\total war rome ii\rome2.exe FirewallRules: [{284B33ED-C328-429D-BBD4-712B7BB64B89}] => C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D173D784-DA0E-4258-B93F-5254C3AD9A0D}] => C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{8F5D1DEA-5A94-49CC-90AC-719DEB9884DA}] => C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CF042589-7327-49BA-B10E-7D1AE1FD2EE3}] => C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8A6CAD04-AE31-42BF-BEE9-BAFD66745F73}] => C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{09CE1D2E-B1D3-4374-8C08-2A7812B7BCC9}] => C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{2451E197-4685-476E-A74B-4B87DCDD95E3}] => D:\SteamLibrary\SteamApps\common\Overlord\Config.exe FirewallRules: [{E9140CAC-8A3C-4C5D-A972-13790FB5A923}] => D:\SteamLibrary\SteamApps\common\Overlord\Config.exe FirewallRules: [{1A010197-7903-498D-A999-32D3C70E4243}] => D:\SteamLibrary\SteamApps\common\Overlord\Overlord.exe FirewallRules: [{EE74F6E6-0990-4279-9801-2AC289AE7F36}] => D:\SteamLibrary\SteamApps\common\Overlord\Overlord.exe FirewallRules: [{783E271D-5170-4D29-AF1B-516CAD6F4C3B}] => D:\SteamLibrary\SteamApps\common\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe FirewallRules: [{59876A38-F1E1-4CE2-9543-FDDE16A71542}] => D:\SteamLibrary\SteamApps\common\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe FirewallRules: [{CAF0CAC4-F3A2-4CCF-8399-8563BF785E8F}] => D:\SteamLibrary\SteamApps\common\Medieval II Total War\medieval2.exe FirewallRules: [{5BA58B50-097C-4FCE-8EF3-EDA81BCB0500}] => D:\SteamLibrary\SteamApps\common\Medieval II Total War\medieval2.exe FirewallRules: [{98EC5549-9EA8-4A55-BE92-56B0EF75284C}] => D:\SteamLibrary\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe FirewallRules: [{4E40C492-77ED-4602-BDE5-01CAA6D73F2F}] => D:\SteamLibrary\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe FirewallRules: [{FC4E46D0-8518-4ED3-8201-5E31F1607F74}] => D:\SteamLibrary\SteamApps\common\Thief Deadly Shadows\System\runme.exe FirewallRules: [{05504412-866C-44C1-A21B-6E4389C3F259}] => D:\SteamLibrary\SteamApps\common\Thief Deadly Shadows\System\runme.exe FirewallRules: [{40194DAE-3AAA-43A3-9F1B-E979AE74C0CA}] => D:\SteamLibrary\SteamApps\common\Rome Total War Alexander\testappa.exe FirewallRules: [{2F701B78-76C2-477F-A476-A73FA6C9701B}] => D:\SteamLibrary\SteamApps\common\Rome Total War Alexander\testappa.exe FirewallRules: [{9E1E1B15-C017-46C9-861B-061FF2EB16FC}] => D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe FirewallRules: [{0690A625-8A87-4FC6-B971-E08B06804568}] => D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe FirewallRules: [{271AC793-462B-44E6-8FCA-7D60C28A2B9B}] => D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe FirewallRules: [{C9E49AFF-7C1F-4692-8198-84FF2815C479}] => D:\SteamLibrary\SteamApps\common\Rome Total War Gold\RomeTW.exe FirewallRules: [{DA4711AD-20F6-4047-8A31-D5AB25B80480}] => D:\SteamLibrary\SteamApps\common\RAGE\Rage64.exe FirewallRules: [{EE7A9B53-041E-4DB9-9547-B594E0BB3DFF}] => D:\SteamLibrary\SteamApps\common\RAGE\Rage64.exe FirewallRules: [{9B44446D-84A5-4D53-952E-87CE18E4D82E}] => D:\SteamLibrary\SteamApps\common\RAGE\Rage.exe FirewallRules: [{FCA15C62-BC58-4034-BB6A-CE7674960413}] => D:\SteamLibrary\SteamApps\common\RAGE\Rage.exe FirewallRules: [{078F329A-FD65-40FB-A9AB-F97EEE8280F2}] => D:\SteamLibrary\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe FirewallRules: [{90B9F9D7-8FE3-47A5-9635-7EA711E9AE62}] => D:\SteamLibrary\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe FirewallRules: [{46C4A785-C2DB-421C-B91F-303AD5264C62}] => D:\SteamLibrary\SteamApps\common\Command and Conquer Red Alert 3\runme.exe FirewallRules: [{8C195DC5-3D14-4F8F-AFD4-8BE05DA6ADFF}] => D:\SteamLibrary\SteamApps\common\Command and Conquer Red Alert 3\runme.exe FirewallRules: [{B67E2E58-5D02-4632-B107-48171B738F09}] => D:\SteamLibrary\SteamApps\common\Titan Quest\Titan Quest.exe FirewallRules: [{68D98F81-6EEC-4142-AB50-3536BB301635}] => D:\SteamLibrary\SteamApps\common\Titan Quest\Titan Quest.exe FirewallRules: [{0ACA6679-BA04-4ADE-AB09-B30778E0B6FD}] => D:\SteamLibrary\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{303A88EF-21C6-47EE-ADAF-FE64B817B022}] => D:\SteamLibrary\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{5299B4B3-332C-4BD9-8398-9A1FF1C838D0}] => D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe FirewallRules: [{AFDA5891-E733-4BC4-A66B-C3A6A968722E}] => D:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe FirewallRules: [{3F0AF1B5-ACB8-469F-991A-D84011F24BC8}] => D:\SteamLibrary\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe FirewallRules: [{74A084B0-05CC-4526-B18D-E049D831BCE2}] => D:\SteamLibrary\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe FirewallRules: [{601E349E-B4B5-4C84-BAC8-5CC89F170F41}] => D:\SteamLibrary\SteamApps\common\Dragon Age Origins\DAOriginsLauncher.exe FirewallRules: [{B2BEB05B-15D6-41A3-BAEC-7DCBC8931901}] => D:\SteamLibrary\SteamApps\common\Dragon Age Origins\DAOriginsLauncher.exe FirewallRules: [{F155CF1C-E34A-40A0-8BE7-5677341345DA}] => D:\SteamLibrary\SteamApps\common\Dragon Age Origins\bin_ship\DAOrigins.exe FirewallRules: [{6E075213-3FB6-4CC4-A1C3-363C6FEF2DD4}] => D:\SteamLibrary\SteamApps\common\Dragon Age Origins\bin_ship\DAOrigins.exe FirewallRules: [{8E500A90-7D4A-4232-94E6-B4CFD7448E63}] => D:\SteamLibrary\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{38967795-1CEA-49F2-B7FC-21C840BA2E91}] => D:\SteamLibrary\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [UDP Query User{E6CF1453-47E7-4066-A4EB-560FEE1E1DAA}C:\program files (x86)\mediamonkey\mediamonkey.exe] => C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [TCP Query User{5D5F11F1-E67E-4233-B5E4-90842C7DA65F}C:\program files (x86)\mediamonkey\mediamonkey.exe] => C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{3FCB6172-F83C-4831-B048-AA1A79F81E48}] => D:\SteamLibrary\SteamApps\common\Torchlight II\ModLauncher.exe FirewallRules: [{2C84B74E-74B1-46F7-8FEA-E828374F176C}] => D:\SteamLibrary\SteamApps\common\Torchlight II\ModLauncher.exe FirewallRules: [{3C866C1A-0F5D-4DC8-BFA7-DBE7B552147F}] => D:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{18E06C3F-76EA-4C78-9CF9-9DFED4B44D5D}] => D:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{DB8FE9CF-DD4F-45F9-8EDE-82FBF1B3F161}] => D:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{0A063F2A-BBC9-4810-8D94-7FD46408AB5C}] => D:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe FirewallRules: [{DEA4023C-066A-49C5-B3C4-BCD4952CC82E}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0E5F3957-4DC9-4DA5-81B3-6CD16DBD29CF}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2F7E6543-45D3-4BA3-BFD2-1C55AACF1675}] => C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{21E6CF4E-EA1A-4688-9D66-5450F822ADD4}] => C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{6B9190FC-53B0-4D07-970C-9807E6335D0A}D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe FirewallRules: [UDP Query User{7B1A2C4C-5357-4368-AC97-A93F53807BC8}D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe FirewallRules: [{71BA63E0-D5FB-4662-91DC-C6352A648514}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{927C09D2-8CCB-4EBA-B988-0F857BE20032}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{1CBBD490-7ACF-44C2-91D0-4834D9C3F640}] => D:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{3B53D2D0-3396-4BC6-974E-D976AE2AF486}] => D:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [TCP Query User{B6B44368-22F3-4C14-9A12-13F94F09D7D9}D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server\elitedangerous32.exe FirewallRules: [UDP Query User{06390E9F-1B1B-4128-B625-EAD938FDA7FA}D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server\elitedangerous32.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\public_test_server\elitedangerous32.exe FirewallRules: [TCP Query User{9606C113-3BB8-4945-8B4C-33C30DBC0499}D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe FirewallRules: [UDP Query User{ADF34D19-AFF1-4E46-87A0-6A3AAC5C6E17}D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => D:\steamlibrary\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe FirewallRules: [{05647F58-29B4-40B1-9B68-3FBB97EB9B17}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{10A0ACEB-55A6-49BB-8F13-F71FC98F177B}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{67E231BF-0F09-45C4-BD87-F9A9F3EC0A9E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5CD27C3A-BA52-4E40-A8EE-9DAA93A92AD9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{433008C1-EC42-432B-BDA5-E6D475186587}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe FirewallRules: [UDP Query User{F9446E0B-A8E5-4783-945E-9F11B5B41E2E}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe FirewallRules: [{C6C87D16-835C-44A9-835F-550AF9597E96}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{433E6B7D-8F11-4426-B448-887C116BCBA6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5612131C-BEDC-4985-AAF2-9A882B1F85E3}] => D:\SteamLibrary\SteamApps\common\Zenimax Online\zosSteamStarter.exe FirewallRules: [{B2391A45-905D-4168-8D26-1D897110FBA1}] => D:\SteamLibrary\SteamApps\common\Zenimax Online\zosSteamStarter.exe FirewallRules: [{0C4B3B36-7DF7-43B0-890A-21195863C180}] => D:\SteamLibrary\SteamApps\common\This War of Mine\Storyteller.exe FirewallRules: [{B9A3B570-47DC-4387-8AD2-F6C23DED0756}] => D:\SteamLibrary\SteamApps\common\This War of Mine\Storyteller.exe FirewallRules: [TCP Query User{5EA6F409-8D17-4393-BCB6-967937920F69}D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe FirewallRules: [UDP Query User{667794FE-F3B4-41FC-AA2C-7D9D8FEA6B50}D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => D:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe FirewallRules: [{2F539459-DD3D-4F27-A7F0-69B28B8EB9E2}] => D:\SteamLibrary\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe FirewallRules: [{3E582AF5-E0D7-464F-8F40-6674415BBE68}] => D:\SteamLibrary\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe FirewallRules: [{6E0F9968-8796-4B61-978E-9A4ED214AF8D}] => D:\SteamLibrary\SteamApps\common\Age Of Empires 3\bin\age3.exe FirewallRules: [{CC3E25EC-75EC-41E3-85A8-8C12D7DA0E03}] => D:\SteamLibrary\SteamApps\common\Age Of Empires 3\bin\age3.exe FirewallRules: [{463B4298-78DE-4BC9-8CC3-BCB6B0257E67}] => D:\SteamLibrary\SteamApps\common\Age Of Empires 3\bin\age3x.exe FirewallRules: [{738E34A4-FD93-493D-B7B2-F9B5F983E20A}] => D:\SteamLibrary\SteamApps\common\Age Of Empires 3\bin\age3x.exe FirewallRules: [{00E8CBF2-8484-4DE1-8119-B860201400DA}] => D:\SteamLibrary\SteamApps\common\Age Of Empires 3\bin\age3y.exe FirewallRules: [{83A92C2D-8327-4473-AE37-96256D9A77F6}] => D:\SteamLibrary\SteamApps\common\Age Of Empires 3\bin\age3y.exe FirewallRules: [TCP Query User{3A67B209-76AF-40D3-8162-3B7196246A71}D:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe] => D:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe FirewallRules: [UDP Query User{82AB34CC-6452-4027-A38B-696EA2DA142D}D:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe] => D:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe FirewallRules: [TCP Query User{951FEAAA-ADAE-4DC1-9C91-461504EACA02}D:\program files\cloud imperium games\patcher\cigpatcher.exe] => D:\program files\cloud imperium games\patcher\cigpatcher.exe FirewallRules: [UDP Query User{12551A5E-3FB5-4876-9040-04CBAAA57D5B}D:\program files\cloud imperium games\patcher\cigpatcher.exe] => D:\program files\cloud imperium games\patcher\cigpatcher.exe FirewallRules: [TCP Query User{776C2435-8D8C-4976-B4B7-94F0388996CA}D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe FirewallRules: [UDP Query User{5A9B1B01-3877-4483-98F3-104D501B9539}D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => D:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe FirewallRules: [{B0BCDB0E-F548-42BE-B53E-BF36D9D1DF75}] => D:\SteamLibrary\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe FirewallRules: [{F9E41D6E-0638-4422-B125-AE56F9D4EC85}] => D:\SteamLibrary\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe FirewallRules: [{6E0A028A-6374-4497-986D-0163155FE3B5}] => D:\SteamLibrary\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe FirewallRules: [{1C46F2A3-ADF7-4AD8-BBBD-EBF0E2AE7F0A}] => D:\SteamLibrary\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe FirewallRules: [{DB94169C-893B-4EEA-9F44-2E9027A5F6AE}] => C:\Program Files (x86)\Steam\SteamApps\common\Tropico 5\Tropico5Steam.exe FirewallRules: [{F671D301-0804-48AA-AA85-893F8B967E4F}] => C:\Program Files (x86)\Steam\SteamApps\common\Tropico 5\Tropico5Steam.exe FirewallRules: [{F3B8D7B4-0CF0-4DAC-A92C-D6EA7DD1808F}] => D:\SteamLibrary\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe FirewallRules: [{CFB9ECFE-710C-4EE2-8439-0477DAD408C0}] => D:\SteamLibrary\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe FirewallRules: [{DCA4BEDB-5855-4A81-8A07-4D94DF772158}] => D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{79D20DAA-3C4E-498D-A365-ABE9735D5B7B}] => D:\SteamLibrary\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{44B74D1E-6394-49A5-9372-C6BD01360E7C}] => D:\SteamLibrary\SteamApps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{F1A9F0A4-BE4A-44D6-A09E-FB579022C3B6}] => D:\SteamLibrary\SteamApps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{2DB3B961-FFB1-4EBC-8ADC-666A38E63749}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{22ADA38A-9E50-40F7-A6C9-8017143BA8A0}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{0D59FE63-8EDB-48E9-867A-56222E2CC6EB}] => D:\Origin Games\Titanfall2\Titanfall2.exe FirewallRules: [{80BF730C-13E5-4A0A-AFCE-F716E5451243}] => D:\Origin Games\Titanfall2\Titanfall2.exe FirewallRules: [{815C12DE-4E2E-42B6-874E-E8F5B21403F2}] => D:\Origin Games\Titanfall2\Titanfall2_trial.exe FirewallRules: [{50A9A2A6-DE0D-4877-8824-4EA0D2164560}] => D:\Origin Games\Titanfall2\Titanfall2_trial.exe FirewallRules: [{9D6F1880-A263-44A9-B3B0-B107A1053C8C}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E1F3B3ED-1A68-4C89-833F-A43A165F17D8}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{976D18FE-4A9F-4F56-8C4F-79F8C428DDEA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{BDAEC3A8-B46E-4465-A261-10B508D23BB2}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{1A963146-9EBD-4CBF-88C0-A2B6C2072FD7}D:\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe] => D:\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe FirewallRules: [UDP Query User{9F6DBCCA-B2E0-44AE-ABFA-92AA36F30558}D:\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe] => D:\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe FirewallRules: [TCP Query User{845FC0A2-2D34-4737-A7B4-B5AB33120061}D:\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe] => D:\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe FirewallRules: [UDP Query User{E2FF7ACF-67A2-4C43-AA4C-4DBAC352BC28}D:\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe] => D:\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe FirewallRules: [TCP Query User{980C8F45-0137-4BBF-BD7B-3A184D5F5C8D}D:\games\anno 1701 ad\anno1701.exe] => D:\games\anno 1701 ad\anno1701.exe FirewallRules: [UDP Query User{FAEFC6B9-89E1-4E1B-81AE-8DE136AD63D2}D:\games\anno 1701 ad\anno1701.exe] => D:\games\anno 1701 ad\anno1701.exe FirewallRules: [{6C072D12-86C5-4F83-B681-99A9E87E12AF}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E3A6A336-A9E4-4ABB-ADC7-B26D3647E85E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{573932DB-4976-414B-99F4-DC4E245D0E81}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{39CB87E5-1E7A-45BF-8675-2186E0590902}] => D:\SteamLibrary\SteamApps\common\Empire Total War\Empire.exe FirewallRules: [{DAF65AAF-A3CA-466E-998F-B471571FB0EC}] => D:\SteamLibrary\SteamApps\common\Empire Total War\Empire.exe FirewallRules: [{DDA7CF9D-763D-452D-8126-F393174FA6E2}] => D:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{48903D43-CBBE-4448-9FAE-6FFB03840272}] => D:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{E8AE7223-B797-44F0-9362-0CAA101D7717}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{ED1C0EB3-6FC5-4B81-AA68-B9A31E10FE06}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{328ABC41-20CC-4323-ADBF-5B3CF56BA4AA}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: 690LC Description: 690LC Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2017 07:20:09 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/12/2017 07:18:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (01/12/2017 07:18:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (01/11/2017 11:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37078 Error: (01/11/2017 11:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37078 Error: (01/11/2017 11:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/11/2017 11:39:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 36078 Error: (01/11/2017 11:39:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 36078 Error: (01/11/2017 11:39:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/11/2017 11:39:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 35078 System errors: ============= Error: (01/13/2017 11:35:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/13/2017 07:13:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/13/2017 06:28:02 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (01/13/2017 05:51:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/13/2017 05:51:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/13/2017 05:51:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/13/2017 08:29:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/12/2017 11:49:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/12/2017 10:50:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/12/2017 07:13:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-01-13 17:51:42.024 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. Date: 2017-01-13 17:51:10.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 17:41:07.185 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. Date: 2017-01-13 17:41:07.005 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. Date: 2017-01-10 18:44:47.137 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. Date: 2017-01-09 22:18:03.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-08 01:11:51.393 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. Date: 2017-01-08 01:11:51.230 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. Date: 2017-01-08 00:08:20.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-08 00:01:28.348 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\advapi.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz Percentage of memory in use: 32% Total physical RAM: 16319.34 MB Available physical RAM: 11078.48 MB Total Virtual: 18751.34 MB Available Virtual: 11786.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:118.46 GB) (Free:15.04 GB) NTFS Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:523.23 GB) NTFS Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:141.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B23A47E0) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 9E0A2B8E) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: EAE41293) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
- January 14, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

FSRT,txt contents: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017 Ran by essam (administrator) on ESSAM-PC (14-01-2017 07:09:18) Running from D:\ Loaded Profiles: essam (Available Profiles: essam) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Windows\appinf.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (inMethod) C:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe (inMethod) C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Mad Catz) C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe (GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe (GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-10-31] (Razer Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM-x32\...\Run: [X-55 Rhino] => C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe [86528 2015-03-17] (Mad Catz) HKLM\...\Disallowed\Certificates: 181E2AE5727DE60F52EF26D90BC6919481601793 (Avast Antivirus) <==== ATTENTION HKLM\...\Disallowed\Certificates: 2FA3FB2570A7A859026C59A1C723E7EF9F9AF13D (Trend Micro) <==== ATTENTION HKLM\...\Disallowed\Certificates: 4B953F30F1DE4DFEF894B136DAA155CEAFC243A0 (Baidu Online Network Technology) <==== ATTENTION HKLM\...\Disallowed\Certificates: 65AFAA515036C38C9EC28248C453FB0F6B1E7094 (ESET) <==== ATTENTION HKLM\...\Disallowed\Certificates: 8138B44330354E413DC52AF1DBFCA8BA1C0F6C0A (ThreatTrack Security) <==== ATTENTION HKLM\...\Disallowed\Certificates: 82F19360B15655A94E875A5B5F7844E2932FC2A6 (Bitdefender SRL) <==== ATTENTION HKLM\...\Disallowed\Certificates: 883224FAB9D5BC431563A00AF10A79AA78087584 (Panda Security S.L) <==== ATTENTION HKLM\...\Disallowed\Certificates: 89B89723B7106A1926036B1469D2497B85841849 (Lavasoft Limited) <==== ATTENTION HKLM\...\Disallowed\Certificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\...\Disallowed\Certificates: B1E5407220D2E41A2045A5B183AE83F54E3C9643 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\...\Disallowed\Certificates: BD22822F42C0B3F61AA0F30360EFB2A15068893B (ESS Distribution) <==== ATTENTION HKLM\...\Disallowed\Certificates: C1437F2BC6F11F4806EAD857982457BF7828CE15 (Malwarebytes Corporation) <==== ATTENTION HKLM\...\Disallowed\Certificates: D37F61D57CB0481F3D77EDAC7DE72196C4314E2C (McAfee) <==== ATTENTION HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Run: [AirVideoServerHD] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2105144 2015-10-30] (inMethod) HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-10-01] (Adobe Systems Incorporated) HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation) HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3971648 2016-12-20] (GOG.com) HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1863352165-33519677-2338508-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-01-10] (Electronic Arts) HKLM\...\AppCertDlls: [windows_service_for_control_application_23139093481232] -> \Windows\advapi.dll ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{d249eea7-e100-42bf-95bd-44de93f1699d}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{e3b955c8-bbf7-4f99-8e71-c36f3e19db55}: [DhcpNameServer] 94.200.200.200 91.74.74.74 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://s3.eu-central-1.amazonaws.com/nwaaff/V00_BgexHP.html BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1863352165-33519677-2338508-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\essam\AppData\Roaming\Mozilla\Firefox\Profiles\yuet3aoj.default [2017-01-14] FF Homepage: Mozilla\Firefox\Profiles\yuet3aoj.default -> hxxp://google.com/ FF Extension: (Firebug) - C:\Users\essam\AppData\Roaming\Mozilla\Firefox\Profiles\yuet3aoj.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-12] FF Extension: (Video DownloadHelper) - C:\Users\essam\AppData\Roaming\Mozilla\Firefox\Profiles\yuet3aoj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-01] FF Extension: (Adblock Plus) - C:\Users\essam\AppData\Roaming\Mozilla\Firefox\Profiles\yuet3aoj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-19] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-13] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems) FF Plugin HKU\S-1-5-21-1863352165-33519677-2338508-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-11-03] () Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\essam\AppData\Local\Google\Chrome\User Data\Default [2017-01-08] CHR Extension: (Adobe Acrobat) - C:\Users\essam\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\essam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-12] CHR Extension: (Chrome Media Router) - C:\Users\essam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated) R2 AppInf; C:\Windows\appinf.exe [242688 2016-06-22] () [File not signed] <==== ATTENTION R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-07-29] () S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-06-20] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation) S3 DAUpdaterSvc; D:\SteamLibrary\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-06-21] (BioWare) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-12-20] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-11] (GOG.com) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-10] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-10] (Electronic Arts) R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] () S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.) R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation) S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-06-21] (BitRaider) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2015-12-15] () S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-13] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation) R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-29] (Realtek ) R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.) S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider) R3 Said2215; C:\WINDOWS\System32\drivers\Said2215.sys [25280 2014-03-06] (Saitek) R3 Saida215; C:\WINDOWS\System32\drivers\Saida215.sys [25280 2014-03-06] (Saitek) R3 SaiG2215; C:\WINDOWS\System32\drivers\SaiG2215.sys [179904 2014-03-06] (Saitek) R3 SaiGa215; C:\WINDOWS\System32\drivers\SaiGa215.sys [179904 2014-03-06] (Saitek) R3 SaiK2215; C:\WINDOWS\system32\DRIVERS\SaiK2215.sys [179904 2014-03-06] (Saitek) R3 SaiKa215; C:\WINDOWS\system32\DRIVERS\SaiKa215.sys [179904 2014-03-06] (Saitek) R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [24040 2014-03-06] (Saitek) R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51560 2014-03-06] (Saitek) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-14 07:08 - 2017-01-14 07:09 - 00000000 ____D C:\FRST 2017-01-14 07:07 - 2017-01-14 07:07 - 02419200 _____ (Farbar) C:\Users\essam\Downloads\FRST64.exe 2017-01-13 23:27 - 2017-01-13 23:29 - 00013852 _____ C:\Users\essam\Desktop\CheckResults.txt 2017-01-10 23:48 - 2016-12-21 12:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2017-01-10 23:48 - 2016-12-21 12:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2017-01-10 23:48 - 2016-12-21 12:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-01-10 23:48 - 2016-12-21 11:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2017-01-10 23:48 - 2016-12-21 11:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-01-10 23:48 - 2016-12-21 11:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-01-10 23:48 - 2016-12-21 11:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2017-01-10 23:48 - 2016-12-21 11:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-01-10 23:48 - 2016-12-21 11:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-01-10 23:48 - 2016-12-21 11:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-01-10 23:48 - 2016-12-21 11:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-01-10 23:48 - 2016-12-21 11:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-01-10 23:48 - 2016-12-21 11:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2017-01-10 23:48 - 2016-12-21 11:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-01-10 23:48 - 2016-12-21 11:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-01-10 23:48 - 2016-12-21 11:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-01-10 23:48 - 2016-12-21 11:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2017-01-10 23:48 - 2016-12-21 11:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll 2017-01-10 23:48 - 2016-12-21 11:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2017-01-10 23:48 - 2016-12-21 11:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2017-01-10 23:48 - 2016-12-21 11:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2017-01-10 23:48 - 2016-12-21 11:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-01-10 23:48 - 2016-12-21 11:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-01-10 23:48 - 2016-12-21 11:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-01-10 23:48 - 2016-12-21 11:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-01-10 23:48 - 2016-12-21 11:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll 2017-01-10 23:48 - 2016-12-21 11:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-01-10 23:48 - 2016-12-21 11:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-01-10 23:48 - 2016-12-21 11:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-01-10 23:48 - 2016-12-21 11:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2017-01-10 23:48 - 2016-12-21 11:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2017-01-10 23:48 - 2016-12-21 11:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-01-10 23:48 - 2016-12-21 11:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2017-01-10 23:48 - 2016-12-21 10:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-01-10 23:48 - 2016-12-21 10:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-01-10 23:48 - 2016-12-21 10:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-01-10 23:48 - 2016-12-21 10:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll 2017-01-10 23:48 - 2016-12-21 10:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2017-01-10 23:48 - 2016-12-21 10:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-01-10 23:48 - 2016-12-21 10:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-01-10 23:48 - 2016-12-21 10:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-01-10 23:48 - 2016-12-21 10:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2017-01-10 23:48 - 2016-12-21 10:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-01-10 23:48 - 2016-12-21 10:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-01-10 23:48 - 2016-12-21 10:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-01-10 23:48 - 2016-12-21 10:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-01-10 23:48 - 2016-12-21 10:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2017-01-10 23:48 - 2016-12-21 10:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-01-10 23:48 - 2016-12-21 10:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-01-10 23:48 - 2016-12-21 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-01-10 23:48 - 2016-12-21 10:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2017-01-10 23:48 - 2016-12-21 10:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-01-10 23:48 - 2016-12-21 09:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2017-01-10 23:48 - 2016-12-21 09:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2017-01-10 23:48 - 2016-12-21 09:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-01-10 23:48 - 2016-12-21 09:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-01-10 23:48 - 2016-12-21 09:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-01-10 23:48 - 2016-12-21 09:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-01-10 23:48 - 2016-12-21 09:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-01-10 23:48 - 2016-12-21 09:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-01-10 23:48 - 2016-12-21 09:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-01-10 23:48 - 2016-12-21 08:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2017-01-10 23:48 - 2016-12-21 08:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-01-10 23:48 - 2016-12-21 08:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2017-01-10 23:48 - 2016-12-21 08:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-01-10 23:48 - 2016-12-21 08:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-01-10 23:48 - 2016-12-21 08:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2017-01-10 23:48 - 2016-12-21 08:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll 2017-01-10 23:48 - 2016-12-21 08:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-01-10 23:48 - 2016-12-21 08:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-01-10 23:48 - 2016-12-21 08:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-01-10 23:48 - 2016-12-21 08:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2017-01-10 23:48 - 2016-12-21 08:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-01-10 23:48 - 2016-12-21 08:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2017-01-10 23:48 - 2016-12-21 08:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-01-10 23:48 - 2016-12-21 08:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-01-10 23:48 - 2016-12-21 08:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-01-10 23:48 - 2016-12-21 08:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2017-01-10 23:48 - 2016-12-21 08:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-01-10 23:48 - 2016-12-21 08:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-01-10 23:48 - 2016-12-21 08:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2017-01-10 23:48 - 2016-12-21 08:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-01-10 23:48 - 2016-12-21 08:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-01-10 23:48 - 2016-12-21 08:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-01-10 23:48 - 2016-12-21 08:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-01-10 23:48 - 2016-12-14 09:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-01-10 23:48 - 2016-12-14 09:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-01-10 23:48 - 2016-12-14 09:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-01-10 23:48 - 2016-12-14 09:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-01-10 23:48 - 2016-12-14 09:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2017-01-10 23:48 - 2016-12-14 09:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe 2017-01-10 23:48 - 2016-12-14 09:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe 2017-01-10 23:48 - 2016-12-14 09:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-01-10 23:48 - 2016-12-14 09:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2017-01-10 23:48 - 2016-12-14 09:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-01-10 23:48 - 2016-12-14 09:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-01-10 23:48 - 2016-12-14 09:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2017-01-10 23:48 - 2016-12-14 09:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2017-01-10 23:48 - 2016-12-14 09:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2017-01-10 23:48 - 2016-12-14 09:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2017-01-10 23:48 - 2016-12-14 09:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2017-01-10 23:48 - 2016-12-14 09:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2017-01-10 23:48 - 2016-12-14 09:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2017-01-10 23:48 - 2016-12-14 09:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2017-01-10 23:48 - 2016-12-14 08:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-01-10 23:48 - 2016-12-14 08:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-01-10 23:48 - 2016-12-14 08:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-01-10 23:48 - 2016-12-14 08:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll 2017-01-10 23:48 - 2016-12-14 08:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2017-01-10 23:48 - 2016-12-14 08:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2017-01-10 23:48 - 2016-12-14 08:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-10 23:48 - 2016-12-14 08:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2017-01-10 23:48 - 2016-12-14 08:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-01-10 23:48 - 2016-12-14 08:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-01-10 23:48 - 2016-12-14 08:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2017-01-10 23:48 - 2016-12-14 08:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2017-01-10 23:48 - 2016-12-14 08:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2017-01-10 23:48 - 2016-12-14 08:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-01-10 23:48 - 2016-12-14 08:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll 2017-01-10 23:48 - 2016-12-14 08:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-01-10 23:48 - 2016-12-14 08:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-01-10 23:48 - 2016-12-14 08:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2017-01-10 23:48 - 2016-12-14 08:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll 2017-01-10 23:48 - 2016-12-14 08:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-01-10 23:48 - 2016-12-14 08:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2017-01-10 23:48 - 2016-12-14 08:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-01-10 23:48 - 2016-12-14 08:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-01-10 23:48 - 2016-12-14 08:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-01-10 23:48 - 2016-12-14 08:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-01-10 23:48 - 2016-12-14 08:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2017-01-10 23:48 - 2016-12-14 08:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll 2017-01-10 23:48 - 2016-12-14 08:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-01-10 23:48 - 2016-12-14 08:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-01-10 23:48 - 2016-12-14 08:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-01-10 23:48 - 2016-12-14 08:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2017-01-10 23:48 - 2016-12-14 08:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2017-01-10 23:48 - 2016-12-14 08:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-01-10 23:48 - 2016-12-14 08:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2017-01-10 23:48 - 2016-12-14 08:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-01-10 23:48 - 2016-12-14 08:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2017-01-10 23:48 - 2016-12-14 08:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-01-10 23:48 - 2016-12-14 08:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-01-10 23:48 - 2016-12-14 08:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-01-10 23:48 - 2016-12-14 08:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-01-10 23:48 - 2016-11-02 16:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-01-10 23:48 - 2016-11-02 15:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-01-10 23:48 - 2016-11-02 14:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-01-10 23:48 - 2016-11-02 14:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-01-10 23:48 - 2016-11-02 14:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-01-10 23:48 - 2016-08-02 08:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-01-10 23:47 - 2016-12-21 11:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-01-10 23:47 - 2016-12-21 11:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2017-01-10 23:47 - 2016-12-21 11:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2017-01-10 23:47 - 2016-12-21 11:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2017-01-10 23:47 - 2016-12-21 11:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-01-10 23:47 - 2016-12-21 11:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2017-01-10 23:47 - 2016-12-21 10:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-01-10 23:47 - 2016-12-21 08:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-01-10 23:47 - 2016-12-21 08:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-01-10 23:47 - 2016-12-21 08:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-01-10 23:47 - 2016-12-21 08:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2017-01-10 23:47 - 2016-12-14 09:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-01-10 23:47 - 2016-12-14 09:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-01-10 23:47 - 2016-12-14 09:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-01-10 23:47 - 2016-12-14 08:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-01-10 23:47 - 2016-12-14 08:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2017-01-10 23:47 - 2016-12-14 08:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-10 23:47 - 2016-12-14 08:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2017-01-10 23:47 - 2016-12-14 08:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-01-10 23:47 - 2016-12-14 08:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-01-08 01:07 - 2017-01-14 07:09 - 00000000 ____D C:\Temp 2017-01-07 23:51 - 2017-01-07 23:57 - 00000000 ____D C:\WINDOWS\pss 2017-01-07 23:38 - 2017-01-07 23:38 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits 2017-01-07 23:37 - 2017-01-07 23:38 - 00379392 _____ C:\Users\essam\Downloads\subinacl.msi 2017-01-06 23:25 - 2017-01-06 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-06 23:25 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-01-06 23:22 - 2017-01-06 23:22 - 00000000 ____D C:\MATS 2017-01-06 22:55 - 2017-01-06 22:55 - 54199488 _____ (Malwarebytes ) C:\Users\essam\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2017-01-05 23:26 - 2017-01-05 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2017-01-01 01:56 - 2017-01-07 23:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-12-23 10:37 - 2016-12-23 10:37 - 00001516 _____ C:\Users\essam\Desktop\Empire.exe - Shortcut.lnk 2016-12-23 09:53 - 2016-12-23 09:53 - 00000000 ____D C:\ProgramData\The Creative Assembly 2016-12-15 15:09 - 2016-12-11 22:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-12-15 15:07 - 2016-12-12 07:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2016-12-15 15:07 - 2016-12-12 07:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2016-12-15 11:07 - 2016-12-15 11:07 - 00001130 _____ C:\Users\essam\Desktop\Anno1701.exe - Shortcut.lnk 2016-12-15 10:48 - 2016-12-15 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1404 Gold Edition [GOG.com] ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-14 07:07 - 2014-12-14 18:21 - 00000000 ____D C:\Users\essam\AppData\Roaming\Origin 2017-01-14 06:52 - 2016-09-23 16:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-13 23:16 - 2014-05-19 23:39 - 00000000 ____D C:\Program Files (x86)\Steam 2017-01-13 22:08 - 2016-09-23 16:10 - 00000000 ____D C:\Users\essam 2017-01-13 21:57 - 2016-11-18 07:11 - 00000000 ____D C:\Users\essam\AppData\LocalLow\Mozilla 2017-01-13 17:52 - 2014-12-14 18:20 - 00000000 ____D C:\ProgramData\Origin 2017-01-13 17:52 - 2014-06-21 21:26 - 00000000 ___RD C:\Users\essam\Creative Cloud Files 2017-01-13 17:51 - 2016-09-23 16:08 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-13 17:51 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-13 17:51 - 2016-07-16 15:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-13 17:51 - 2014-05-20 01:24 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-13 17:45 - 2015-08-07 13:21 - 02884216 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-13 17:41 - 2016-09-23 16:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-13 17:41 - 2016-09-23 16:07 - 06411520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-13 17:41 - 2014-05-21 18:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-13 17:40 - 2016-07-16 10:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-01-13 17:39 - 2016-07-16 15:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-13 17:39 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-13 17:39 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-13 17:39 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-13 17:39 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-13 17:39 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-01-13 17:05 - 2016-07-16 15:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-13 06:47 - 2016-07-16 15:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-13 06:46 - 2014-05-24 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-01-13 04:06 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-13 04:06 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-13 01:47 - 2016-09-23 16:19 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-01-12 19:20 - 2014-05-20 01:36 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-01-12 19:18 - 2014-05-20 01:36 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-01-11 22:27 - 2016-12-06 22:43 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-11 22:27 - 2015-08-07 14:24 - 00002355 _____ C:\Users\essam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-11 22:27 - 2014-05-21 06:15 - 00000000 __RDO C:\Users\essam\OneDrive 2017-01-10 18:44 - 2016-07-16 15:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-10 18:40 - 2016-12-10 04:47 - 00000000 ____D C:\Program Files (x86)\Origin 2017-01-08 00:44 - 2016-09-23 20:07 - 00000000 ___DC C:\WINDOWS\Panther 2017-01-08 00:44 - 2016-08-26 14:37 - 00000000 ____D C:\Users\essam\AppData\Roaming\MPC-HC 2017-01-08 00:44 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-01-08 00:44 - 2016-06-20 22:28 - 00000000 ____D C:\Users\essam\AppData\Roaming\TeamViewer 2017-01-08 00:03 - 2015-03-22 21:45 - 00000000 ____D C:\Program Files\SketchUp 2017-01-08 00:02 - 2015-01-16 09:26 - 00000000 ____D C:\Program Files (x86)\LOOT 2017-01-06 20:22 - 2016-06-14 00:40 - 00000000 ____D C:\Users\essam\AppData\Roaming\qBittorrent 2017-01-05 23:26 - 2016-06-14 00:40 - 00000000 ____D C:\Program Files (x86)\qBittorrent 2016-12-23 12:38 - 2016-07-16 15:47 - 00000000 __RSD C:\WINDOWS\assembly 2016-12-23 10:12 - 2016-09-23 16:10 - 00524288 ___SH C:\Users\essam\NTUSER.DAT{4dfd3d52-8186-11e6-8e7d-da6554b922c2}.TMContainer00000000000000000001.regtrans-ms 2016-12-23 10:12 - 2016-09-23 16:10 - 00065536 ___SH C:\Users\essam\NTUSER.DAT{4dfd3d52-8186-11e6-8e7d-da6554b922c2}.TM.blf 2016-12-23 10:12 - 2016-07-16 10:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot 2016-12-23 09:23 - 2014-09-26 10:11 - 00000000 ____D C:\Users\essam\AppData\Roaming\The Creative Assembly 2016-12-23 03:13 - 2016-07-16 15:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-23 03:13 - 2016-07-16 15:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-20 19:33 - 2016-09-30 09:29 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy 2016-12-17 00:43 - 2016-09-23 16:19 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-17 00:43 - 2016-09-23 16:19 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-15 22:34 - 2016-07-16 15:47 - 00000000 ____D C:\WINDOWS\rescache 2016-12-15 20:15 - 2016-11-30 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-15 20:15 - 2014-05-19 23:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-15 15:10 - 2016-09-23 16:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-12-15 15:10 - 2014-06-07 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-12-15 15:09 - 2016-03-18 13:45 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-12-15 05:44 - 2014-11-15 19:47 - 00002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2014-11-09 22:25 - 2014-11-24 20:22 - 0000132 _____ () C:\Users\essam\AppData\Roaming\Adobe PNG Format CC Prefs 2014-12-29 10:59 - 2016-12-14 14:19 - 0000033 _____ () C:\Users\essam\AppData\Roaming\AdobeWLCMCache.dat 2014-06-23 07:32 - 2016-12-24 10:46 - 0001456 _____ () C:\Users\essam\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-09-23 16:09 - 2016-09-23 16:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-07-17 18:55 - 2014-07-17 18:55 - 0000040 _____ () C:\ProgramData\ra3.ini Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\UpdateIdle.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-06 19:37 ==================== End of FRST.txt ============================
- January 14, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

Sorry, please see attched. CheckResults.txt
- January 14, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

Done. I have just emailed the CheckResults.txt file.
- January 13, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

Yes, I have already tried that. I also right-clicked the setup file and set permissions for the current user as well. Still I get the same error.
- January 13, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam replied to Usaam's topic in Malwarebytes for Windows Support Forum

Hi Aura, No, I dont seem to have any previous malwarebytes products installed. This is the first time. I am on Windows 10 and I do have Windows Defender active. I have tried disabling it but that didn't help. Also, I rebooted in safe mode with Windows Defender being inactive and tried to install malwarebytes and I still get the same error. Appreciate any help with this please.
- January 13, 2017
- 18 replies
Error on install - mbshlext.dll - Unable to register the DLL/OCX

Usaam posted a topic in Malwarebytes for Windows Support Forum

HI, I have just downloaded the trial version with the intention of pruchasing the full version after giving the software a go, however, I have run into a problem at install and dont know how to fix this. Just when the install is about to finish an error pops up: Error on install - mbshlext.dll - Unable to register the DLL/OCX: CreateProcess failed; code 31 A device attached to the system is not functioning Appreciate any help with this.
- January 7, 2017
- 18 replies

Sign In

Usaam

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Usaam

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Error on install - mbshlext.dll - Unable to register the DLL/OCX

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information