Harmazi
-
Posts
28 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Harmazi
-
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Nope, thank you for your help! -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Yeah that problem started close to the time all the other problems started. I feel like my PC is pretty mint as of now. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Uhm I believe everything is working at this point, but I know I used to have issues with spiking disk usage. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Yes, it is working. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Fixlog.txt -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Fixlog.txt -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
I can't launch Task Manager, it crashes. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
FRST has been "fixing" this whole time. I can't close it or end it through task manager. What should I do? -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Hotspot Shield must've been on here from a while ago, the Keylogger and Chromium were also from me. I'll remove all that. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01 Ran by RNOwe (administrator) on RICKYS-DESKTOP (15-08-2017 19:14:33) Running from C:\Users\Ricky\Desktop\FRST Loaded Profiles: RNOwe & Ricky (Available Profiles: RNOwe & Ricky) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Comodo) C:\Users\Ricky\Documents\Comodo Dragon\Comodo\Dragon\dragon_updater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe (Malwarebytes) C:\Users\Ricky\Documents\Anti-Malware\MBAMService.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Windows\System32\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Malwarebytes) C:\Users\Ricky\Documents\Anti-Malware\mbamtray.exe (Gaijin Entertainment) C:\Users\Ricky\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5750\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net.exe () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MouseDriver] => c:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-02-17] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Users\Ricky\Documents\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\USERS\RICKY\DOCUMENTS\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-07-14] (AimerSoft) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1974432 2016-08-08] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [6877072 2016-11-08] () HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [225816 2017-02-21] (BlueStack Systems, Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [uTorrent] => C:\Users\Ricky\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe [2146496 2017-07-31] (BitTorrent Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-20] () HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [Discord] => C:\Users\Ricky\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [6877072 2016-11-08] () HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [MyComGames] => C:\Users\Ricky\AppData\Local\MyComGames\MyComGames.exe [5572304 2017-08-11] (MY.COM B.V.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [Gaijin.Net Agent] => C:\Users\Ricky\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2010056 2017-06-28] (Gaijin Entertainment) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [svcvmx] => "C:\Users\Ricky\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-01-01] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Tenda Wireless Utility.lnk [2015-10-15] ShortcutTarget: Tenda Wireless Utility.lnk -> C:\Program Files (x86)\Tenda\Common\RaUI.exe () Startup: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-14] () Startup: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-05-06] ShortcutTarget: Twitch.lnk -> C:\Users\RNOwe\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File) Startup: C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-10-29] ShortcutTarget: Curse.lnk -> C:\Users\Ricky\AppData\Roaming\Curse Client\Bin\Curse.exe (Twitch Interactive, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{79c83538-9892-4c46-9698-1fac0cb27002}: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{ee75ae4a-11d9-4dde-8b10-58c507b7fd62}: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{f71949d0-ec85-40d2-8ebf-5cff71dbd6e9}: [DhcpNameServer] 192.168.10.1 ManualProxies: Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2190132408-2257626196-1181361939-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-24] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-24] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-19] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-19] (Oracle Corporation) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1447711760225 Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File FireFox: ======== FF ProfilePath: C:\Users\RNOwe\AppData\Roaming\Mozilla\Firefox\Profiles\E6LWdtcx.default [2017-08-14] FF Extension: (Avira Browser Safety) - C:\Users\RNOwe\AppData\Roaming\Mozilla\Firefox\Profiles\E6LWdtcx.default\Extensions\abs@avira.com [2015-10-14] [not signed] FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi\ [] FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-07-30] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-14] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-14] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1001: @nsroblox.roblox.com/launcher -> C:\Users\RNOwe\AppData\Local\Roblox\Versions\version-da823d17eb7346c9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\RNOwe\AppData\Local\Roblox\Versions\version-da823d17eb7346c9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1003: @my.com/Games -> C:\Users\Ricky\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-20] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default [2017-08-15] CHR Extension: (Google Slides) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-16] CHR Extension: (Google Docs) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-16] CHR Extension: (Google Drive) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16] CHR Extension: (YouTube) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16] CHR Extension: (Honey) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-14] CHR Extension: (Google Search) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16] CHR Extension: (Google Sheets) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-16] CHR Extension: (Avira Browser Safety) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08] CHR Extension: (Google Docs Offline) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21] CHR Extension: (Gmail) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-16] CHR Extension: (Chrome Media Router) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) PCW (Start=4 -> Start=0) <==== restored successfully S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-03-15] () S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-21] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-21] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-21] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation) R2 DragonUpdater; C:\Users\Ricky\Documents\Comodo Dragon\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo) S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-20] (EasyAntiCheat Ltd) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.) S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed] S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [722216 2017-07-20] (Reto-Moto ApS) S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.) R2 MBAMService; C:\Users\Ricky\Documents\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [456640 2016-10-25] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [456640 2016-10-25] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-10-25] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project) S3 Origin Client Service; C:\Users\Ricky\Documents\Origin\OriginClientService.exe [2169696 2017-07-21] (Electronic Arts) S2 Origin Web Helper Service; C:\Users\Ricky\Documents\Origin\OriginWebHelperService.exe [3149664 2017-07-21] (Electronic Arts) R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-09-04] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-09-04] () R2 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.) R2 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [212256 2009-12-10] (Ralink Technology, Corp.) S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-10-28] (Razer Inc.) S4 SAudionicSV; C:\WINDOWS\SysWOW64\sysaudionicsvc.exe [1816576 2015-04-07] () [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889888 2017-08-01] (Microsoft Corporation) S4 SysEventSVC; C:\WINDOWS\SysWOW64\syseventfiltersvc.exe [2012672 2015-04-07] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S2 WeiseTunnel; C:\Windows\sysconmon\WeiseTunnel.exe [4775424 2015-03-15] (InfoWeise) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X] S2 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-16] (Rivet Networks, LLC.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-21] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-21] (Bluestack System Inc. ) R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [543184 2017-02-17] (Intel Corporation) R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-08-14] () R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-02-17] (REALiX(tm)) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-02] (Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-02] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-02] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-15] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-02] (Malwarebytes) R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.) R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-05-16] (CACE Technologies, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-10-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-10-25] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-03-16] (NVIDIA Corporation) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-12-04] (Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-15 18:02 - 2017-08-15 18:02 - 000001167 _____ C:\Users\RNOwe\Desktop\JRT.txt 2017-08-15 17:49 - 2017-08-15 17:56 - 001790024 _____ (Malwarebytes) C:\Users\Ricky\Desktop\JRT.exe 2017-08-15 17:46 - 2017-08-15 17:55 - 000000000 ____D C:\AdwCleaner 2017-08-15 17:45 - 2017-08-15 17:45 - 008185288 _____ (Malwarebytes) C:\Users\Ricky\Desktop\AdwCleaner.exe 2017-08-15 09:07 - 2017-08-15 09:07 - 000407277 _____ C:\Users\RNOwe\Desktop\VT_ResidentialPropaneSupplyAgreementFILLABLE1.pdf 2017-08-15 07:06 - 2017-08-15 07:06 - 000002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2017-08-15 07:06 - 2017-08-15 07:06 - 000002249 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2017-08-15 07:02 - 2017-08-15 07:02 - 000000000 ____D C:\Users\RNOwe\AppData\Local\ASHelper 2017-08-14 22:38 - 2017-08-14 22:38 - 000000000 _____ C:\autoexec.bat 2017-08-14 20:04 - 2017-08-15 19:06 - 000000000 ____D C:\Users\Ricky\Desktop\FRST 2017-08-14 20:03 - 2017-08-15 19:14 - 000000000 ____D C:\FRST 2017-08-14 15:36 - 2017-08-15 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-08-14 15:36 - 2017-08-14 19:31 - 000194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\757D2D9F.sys 2017-08-14 15:22 - 2017-08-14 19:34 - 000000000 ____D C:\Users\Ricky\Desktop\mbar 2017-08-14 14:34 - 2017-08-14 14:34 - 000000000 ____D C:\Users\Ricky\AppData\Local\ASHelper 2017-08-14 14:01 - 2017-08-14 14:01 - 000007299 _____ C:\WINDOWS\CleanMem Uninstall Log.txt 2017-08-14 12:04 - 2017-08-14 12:04 - 000011439 _____ C:\Users\RNOwe\Desktop\CalendarLabs.pdf 2017-08-13 09:49 - 2017-08-15 17:50 - 027262976 _____ C:\WINDOWS\system32\config\SYSTEM 2017-08-13 09:49 - 2017-08-14 20:28 - 026738688 _____ C:\WINDOWS\system32\config\HARDWARE 2017-08-10 20:09 - 2017-08-12 19:38 - 002030536 _____ (Bleeping Computer, LLC) C:\Users\Ricky\Desktop\rkill.exe 2017-08-10 16:01 - 2017-08-01 13:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2017-08-10 16:01 - 2017-08-01 13:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-08-10 16:01 - 2017-08-01 13:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-08-10 16:01 - 2017-08-01 13:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2017-08-10 16:01 - 2017-08-01 12:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll 2017-08-10 16:01 - 2017-08-01 12:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll 2017-08-10 16:01 - 2017-08-01 12:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2017-08-10 16:01 - 2017-08-01 12:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-08-10 16:01 - 2017-08-01 12:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-08-10 16:01 - 2017-08-01 12:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll 2017-08-10 16:01 - 2017-08-01 12:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-08-10 16:01 - 2017-08-01 12:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-08-10 16:01 - 2017-08-01 12:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-08-10 16:01 - 2017-08-01 12:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-08-10 16:01 - 2017-08-01 12:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-08-10 16:01 - 2017-08-01 12:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2017-08-10 16:01 - 2017-08-01 12:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2017-08-10 16:01 - 2017-08-01 12:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2017-08-10 16:01 - 2017-08-01 12:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2017-08-10 16:01 - 2017-08-01 12:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2017-08-10 16:01 - 2017-07-12 01:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2017-08-10 16:01 - 2017-07-12 01:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-08-10 16:01 - 2017-07-12 01:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2017-08-10 16:01 - 2017-07-12 01:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-08-10 16:01 - 2017-03-04 02:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2017-08-10 16:00 - 2017-08-01 15:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-08-10 16:00 - 2017-08-01 15:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2017-08-10 16:00 - 2017-08-01 15:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-08-10 16:00 - 2017-08-01 15:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-08-10 16:00 - 2017-08-01 15:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-08-10 16:00 - 2017-08-01 15:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-08-10 16:00 - 2017-08-01 15:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-08-10 16:00 - 2017-08-01 15:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-08-10 16:00 - 2017-08-01 15:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-08-10 16:00 - 2017-08-01 14:58 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-08-10 16:00 - 2017-08-01 14:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-08-10 16:00 - 2017-08-01 14:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-08-10 16:00 - 2017-08-01 14:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-08-10 16:00 - 2017-08-01 14:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll 2017-08-10 16:00 - 2017-08-01 14:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll 2017-08-10 16:00 - 2017-08-01 14:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-08-10 16:00 - 2017-08-01 14:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-08-10 16:00 - 2017-08-01 14:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-08-10 16:00 - 2017-08-01 14:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-08-10 16:00 - 2017-08-01 14:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-08-10 16:00 - 2017-08-01 14:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll 2017-08-10 16:00 - 2017-08-01 14:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-08-10 16:00 - 2017-08-01 14:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2017-08-10 16:00 - 2017-08-01 14:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2017-08-10 16:00 - 2017-08-01 14:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-08-10 16:00 - 2017-08-01 14:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-08-10 16:00 - 2017-08-01 14:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-08-10 16:00 - 2017-08-01 14:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2017-08-10 16:00 - 2017-08-01 14:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-08-10 16:00 - 2017-08-01 14:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2017-08-10 16:00 - 2017-08-01 14:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-08-10 16:00 - 2017-08-01 14:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2017-08-10 16:00 - 2017-08-01 13:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-08-10 16:00 - 2017-08-01 13:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-08-10 16:00 - 2017-08-01 13:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2017-08-10 16:00 - 2017-08-01 13:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-08-10 16:00 - 2017-08-01 13:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-08-10 16:00 - 2017-08-01 13:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-08-10 16:00 - 2017-08-01 13:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-08-10 16:00 - 2017-08-01 13:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-08-10 16:00 - 2017-08-01 13:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-08-10 16:00 - 2017-08-01 13:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-08-10 16:00 - 2017-08-01 13:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-08-10 16:00 - 2017-08-01 13:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-08-10 16:00 - 2017-08-01 13:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-08-10 16:00 - 2017-08-01 13:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-08-10 16:00 - 2017-08-01 13:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-08-10 16:00 - 2017-08-01 12:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll 2017-08-10 16:00 - 2017-08-01 12:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-08-10 16:00 - 2017-08-01 12:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll 2017-08-10 16:00 - 2017-08-01 12:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2017-08-10 16:00 - 2017-08-01 12:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-08-10 16:00 - 2017-08-01 12:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-08-10 16:00 - 2017-08-01 12:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-08-10 16:00 - 2017-08-01 12:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2017-08-10 16:00 - 2017-08-01 12:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2017-08-10 16:00 - 2017-08-01 12:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll 2017-08-10 16:00 - 2017-08-01 12:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2017-08-10 16:00 - 2017-08-01 12:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-08-10 16:00 - 2017-08-01 12:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-08-10 16:00 - 2017-08-01 12:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2017-08-10 16:00 - 2017-08-01 12:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2017-08-10 16:00 - 2017-08-01 12:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-08-10 16:00 - 2017-08-01 12:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2017-08-10 16:00 - 2017-08-01 12:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-08-10 16:00 - 2017-08-01 12:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2017-08-10 16:00 - 2017-08-01 12:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll 2017-08-10 16:00 - 2017-08-01 12:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-08-10 16:00 - 2017-08-01 12:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-08-10 16:00 - 2017-08-01 12:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-08-10 16:00 - 2017-08-01 12:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-08-10 16:00 - 2017-08-01 12:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll 2017-08-10 16:00 - 2017-07-12 02:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-08-10 16:00 - 2017-07-12 02:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-08-10 16:00 - 2017-07-12 02:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-08-10 16:00 - 2017-07-12 02:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-08-10 16:00 - 2017-07-12 02:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-08-10 16:00 - 2017-07-12 02:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-08-10 16:00 - 2017-07-12 02:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-08-10 16:00 - 2017-07-12 02:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2017-08-10 16:00 - 2017-07-12 01:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-08-10 16:00 - 2017-07-12 01:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2017-08-10 16:00 - 2017-07-12 01:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-08-10 16:00 - 2017-07-12 01:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2017-08-10 16:00 - 2017-07-12 01:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-08-10 16:00 - 2017-07-12 01:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll 2017-08-10 16:00 - 2017-07-12 01:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2017-08-10 16:00 - 2017-07-12 01:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll 2017-08-10 16:00 - 2017-07-12 01:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2017-08-10 16:00 - 2017-07-12 01:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll 2017-08-10 16:00 - 2017-07-12 01:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll 2017-08-10 16:00 - 2017-07-12 01:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll 2017-08-10 16:00 - 2017-07-12 01:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys 2017-08-10 16:00 - 2017-07-12 01:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-08-10 16:00 - 2017-07-12 01:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-08-10 16:00 - 2017-07-12 01:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-08-10 16:00 - 2017-07-12 01:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-08-10 16:00 - 2017-07-12 01:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-08-10 16:00 - 2017-07-12 01:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-08-10 16:00 - 2017-07-12 01:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-08-10 16:00 - 2017-07-12 01:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-08-10 16:00 - 2017-07-12 01:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-08-10 16:00 - 2017-07-12 01:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll 2017-08-10 16:00 - 2017-07-12 01:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2017-08-10 16:00 - 2017-07-12 01:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe 2017-08-10 16:00 - 2017-07-12 01:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-08-10 16:00 - 2017-07-12 01:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-08-10 16:00 - 2017-07-12 01:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe 2017-08-10 16:00 - 2017-07-12 01:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2017-08-10 16:00 - 2017-07-12 01:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-08-10 16:00 - 2017-07-12 01:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-08-10 16:00 - 2017-07-12 01:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-08-10 16:00 - 2017-07-12 01:03 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-08-10 16:00 - 2017-07-12 01:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2017-08-10 16:00 - 2017-07-12 01:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2017-08-10 16:00 - 2017-07-12 00:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-08-10 16:00 - 2017-07-12 00:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-08-10 16:00 - 2017-07-11 22:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-08-10 16:00 - 2016-09-07 01:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-08-10 15:59 - 2017-08-01 15:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-08-10 15:59 - 2017-08-01 15:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-08-10 15:59 - 2017-08-01 15:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-08-10 15:59 - 2017-08-01 15:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2017-08-10 15:59 - 2017-08-01 15:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-08-10 15:59 - 2017-08-01 15:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-08-10 15:59 - 2017-08-01 15:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2017-08-10 15:59 - 2017-08-01 15:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2017-08-10 15:59 - 2017-08-01 15:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-08-10 15:59 - 2017-08-01 15:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-08-10 15:59 - 2017-08-01 15:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-08-10 15:59 - 2017-08-01 15:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-08-10 15:59 - 2017-08-01 15:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-08-10 15:59 - 2017-08-01 15:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-08-10 15:59 - 2017-08-01 14:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-08-10 15:59 - 2017-08-01 14:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-08-10 15:59 - 2017-08-01 14:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-08-10 15:59 - 2017-08-01 14:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-08-10 15:59 - 2017-08-01 14:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-08-10 15:59 - 2017-08-01 14:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll 2017-08-10 15:59 - 2017-08-01 14:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2017-08-10 15:59 - 2017-08-01 14:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll 2017-08-10 15:59 - 2017-08-01 14:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-08-10 15:59 - 2017-08-01 14:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-08-10 15:59 - 2017-08-01 14:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-08-10 15:59 - 2017-08-01 14:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-08-10 15:59 - 2017-08-01 14:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-08-10 15:59 - 2017-08-01 14:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-08-10 15:59 - 2017-08-01 14:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll 2017-08-10 15:59 - 2017-08-01 14:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-08-10 15:59 - 2017-08-01 14:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-08-10 15:59 - 2017-08-01 14:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-08-10 15:59 - 2017-08-01 14:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-08-10 15:59 - 2017-08-01 14:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-08-10 15:59 - 2017-08-01 14:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-08-10 15:59 - 2017-08-01 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2017-08-10 15:59 - 2017-08-01 14:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2017-08-10 15:59 - 2017-08-01 14:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-08-10 15:59 - 2017-08-01 14:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-08-10 15:59 - 2017-08-01 14:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2017-08-10 15:59 - 2017-08-01 14:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2017-08-10 15:59 - 2017-08-01 14:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-08-10 15:59 - 2017-08-01 14:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2017-08-10 15:59 - 2017-08-01 14:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-08-10 15:59 - 2017-08-01 14:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll 2017-08-10 15:59 - 2017-08-01 14:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-08-10 15:59 - 2017-08-01 14:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2017-08-10 15:59 - 2017-08-01 14:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2017-08-10 15:59 - 2017-08-01 14:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-08-10 15:59 - 2017-08-01 14:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2017-08-10 15:59 - 2017-08-01 14:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-08-10 15:59 - 2017-08-01 14:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-08-10 15:59 - 2017-08-01 14:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-08-10 15:59 - 2017-08-01 14:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-08-10 15:59 - 2017-08-01 14:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2017-08-10 15:59 - 2017-08-01 14:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2017-08-10 15:59 - 2017-08-01 14:26 - 001949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll 2017-08-10 15:59 - 2017-08-01 14:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-08-10 15:59 - 2017-08-01 14:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll 2017-08-10 15:59 - 2017-08-01 14:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-08-10 15:59 - 2017-08-01 14:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-08-10 15:59 - 2017-08-01 14:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2017-08-10 15:59 - 2017-08-01 14:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-08-10 15:59 - 2017-08-01 14:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2017-08-10 15:59 - 2017-08-01 12:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-08-10 15:59 - 2017-08-01 12:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-08-10 15:59 - 2017-08-01 12:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-08-10 15:59 - 2017-08-01 12:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-08-10 15:59 - 2017-08-01 12:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-08-10 15:59 - 2017-08-01 12:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-08-10 15:59 - 2017-08-01 12:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-08-10 15:59 - 2017-07-12 02:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-08-10 15:59 - 2017-07-12 02:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-08-10 15:59 - 2017-07-12 02:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-08-10 15:59 - 2017-07-12 02:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-08-10 15:59 - 2017-07-12 02:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-08-10 15:59 - 2017-07-12 02:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2017-08-10 15:59 - 2017-07-12 02:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-08-10 15:59 - 2017-07-12 02:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys 2017-08-10 15:59 - 2017-07-12 01:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-08-10 15:59 - 2017-07-12 01:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-08-10 15:59 - 2017-07-12 01:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-08-10 15:59 - 2017-07-12 01:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2017-08-10 15:59 - 2017-07-12 01:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll 2017-08-10 15:59 - 2017-07-12 01:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2017-08-10 15:59 - 2017-07-12 01:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll 2017-08-10 15:59 - 2017-07-12 01:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll 2017-08-10 15:59 - 2017-07-12 01:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2017-08-10 15:59 - 2017-07-12 01:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-08-10 15:59 - 2017-07-12 01:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll 2017-08-10 15:59 - 2017-07-12 01:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll 2017-08-10 15:59 - 2017-07-12 01:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2017-08-10 15:59 - 2017-07-12 01:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2017-08-10 15:59 - 2017-07-12 01:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-08-10 15:59 - 2017-07-12 01:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-08-10 15:59 - 2017-07-12 01:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-08-10 15:59 - 2017-07-12 01:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-08-10 15:59 - 2017-07-12 01:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-08-10 15:59 - 2017-07-12 01:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2017-08-10 15:59 - 2017-07-12 01:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-08-10 15:59 - 2017-07-12 01:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-08-10 15:59 - 2017-07-12 01:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-08-10 15:59 - 2017-07-12 01:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-08-10 15:59 - 2017-07-12 01:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-08-10 15:59 - 2017-07-12 00:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-08-10 15:59 - 2017-07-12 00:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-08-10 15:59 - 2017-07-12 00:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-08-10 15:59 - 2017-07-12 00:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-08-10 15:59 - 2017-07-12 00:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-08-10 15:59 - 2017-03-04 02:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2017-08-10 15:59 - 2017-03-04 02:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll 2017-08-10 15:59 - 2017-03-04 02:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2017-08-10 15:59 - 2017-03-04 02:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-08-10 15:59 - 2017-03-04 02:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2017-08-10 15:59 - 2016-08-02 04:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-08-10 15:58 - 2017-08-01 15:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2017-08-10 15:58 - 2017-08-01 15:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-08-10 15:58 - 2017-08-01 15:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-08-10 15:58 - 2017-08-01 15:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-08-10 15:58 - 2017-08-01 15:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-08-10 15:58 - 2017-08-01 15:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-08-10 15:58 - 2017-08-01 15:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2017-08-10 15:58 - 2017-08-01 14:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll 2017-08-10 15:58 - 2017-08-01 14:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2017-08-10 15:58 - 2017-08-01 14:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-08-10 15:58 - 2017-08-01 14:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-08-10 15:58 - 2017-08-01 14:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-08-10 15:58 - 2017-08-01 14:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-08-10 15:58 - 2017-08-01 14:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2017-08-10 15:58 - 2017-08-01 14:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-08-10 15:58 - 2017-08-01 14:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-08-10 15:58 - 2017-08-01 14:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-08-10 15:58 - 2017-08-01 14:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll 2017-08-10 15:58 - 2017-08-01 14:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2017-08-10 15:58 - 2017-08-01 14:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2017-08-10 15:58 - 2017-08-01 14:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll 2017-08-10 15:58 - 2017-08-01 14:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-08-10 15:58 - 2017-07-12 02:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll 2017-08-10 15:58 - 2017-07-12 01:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-08-10 15:58 - 2017-07-12 01:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll 2017-08-10 15:58 - 2017-07-12 01:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-08-10 15:58 - 2017-07-12 01:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-08-10 15:58 - 2017-07-12 01:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-08-10 15:58 - 2017-07-12 01:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2017-08-10 15:58 - 2017-07-12 01:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-08-10 15:58 - 2017-07-12 01:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-08-10 15:58 - 2017-07-12 01:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll 2017-08-10 15:58 - 2017-07-12 01:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2017-08-10 15:58 - 2017-07-12 01:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe 2017-08-10 15:58 - 2017-07-12 01:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe 2017-08-10 15:58 - 2017-07-12 01:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-08-10 15:58 - 2017-07-12 00:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-08-10 06:54 - 2017-08-10 06:57 - 000172474 _____ C:\Users\RNOwe\Desktop\Amazon1.pdf 2017-08-10 06:23 - 2017-08-10 06:23 - 000062991 _____ C:\Users\RNOwe\Desktop\blueflame.pdf 2017-08-05 22:29 - 2017-08-14 22:33 - 000003312 _____ C:\Users\RNOwe\Desktop\Rkill.txt 2017-08-05 22:21 - 2017-08-05 22:21 - 001806879 _____ C:\Users\RNOwe\Documents\AvgInstallLog.cab 2017-08-05 22:17 - 2017-08-05 22:17 - 000000000 ____D C:\Users\Ricky\AppData\Local\Avg 2017-08-05 22:13 - 2017-08-05 22:40 - 000000000 ____D C:\ProgramData\Avg 2017-08-05 22:13 - 2017-08-05 22:39 - 000000000 ____D C:\Users\RNOwe\AppData\Local\AvgSetupLog 2017-08-05 22:13 - 2017-08-05 22:13 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Avg 2017-08-05 20:34 - 2017-08-05 20:34 - 000000000 ____D C:\ProgramData\AVAST Software 2017-08-05 20:06 - 2017-08-05 20:06 - 001192400 _____ C:\WINDOWS\isRS-000.tmp 2017-08-05 20:03 - 2017-08-05 20:06 - 065033984 _____ (Malwarebytes ) C:\Users\Ricky\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-05 19:58 - 2017-08-05 19:58 - 000001507 _____ C:\Users\Ricky\Desktop\HWiNFO32.lnk 2017-08-05 18:28 - 2017-08-05 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 2017-08-05 18:28 - 2017-08-05 18:28 - 000000000 ____D C:\Program Files (x86)\HWiNFO32 2017-08-05 18:23 - 2017-08-05 18:23 - 000000000 ____D C:\ProgramData\Intel 2017-08-05 18:00 - 2017-08-05 18:00 - 000002685 _____ C:\Users\Public\Desktop\Intel(R) Extreme Tuning Utility.lnk 2017-08-05 18:00 - 2017-08-05 18:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel 2017-08-05 18:00 - 2017-08-05 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2017-08-05 18:00 - 2017-08-05 18:00 - 000000000 ____D C:\Program Files (x86)\Intel 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2017-08-02 23:22 - 2017-08-02 23:22 - 000000222 _____ C:\Users\Ricky\Desktop\Call of Duty Black Ops II - Zombies.url 2017-08-02 17:14 - 2017-08-11 22:15 - 000000222 _____ C:\Users\Ricky\Desktop\Call of Duty Black Ops II - Multiplayer.url 2017-08-02 14:31 - 2017-08-02 14:31 - 000000000 ____D C:\Users\Ricky\AppData\Local\iTunes 2017-08-02 13:51 - 2017-08-02 13:51 - 000002020 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-08-02 13:51 - 2017-08-02 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-08-02 13:50 - 2017-08-02 13:51 - 000000000 ____D C:\Users\Ricky\Documents\iTunes 2017-08-02 13:50 - 2017-08-02 13:50 - 000000000 ____D C:\Program Files\iPod 2017-08-02 13:47 - 2017-08-02 13:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-08-02 13:47 - 2017-08-02 13:47 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2017-08-02 12:17 - 2017-08-02 12:17 - 000000222 _____ C:\Users\Ricky\Desktop\Call of Duty Black Ops II.url 2017-08-01 17:33 - 2017-08-01 17:33 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\EasyAntiCheat 2017-07-31 23:37 - 2017-07-31 23:58 - 064619276 _____ C:\Users\Ricky\Desktop\541541-BO2-U3.rar 2017-07-31 17:34 - 2017-07-31 17:34 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\KeepVid 2017-07-30 22:29 - 2017-08-01 23:59 - 000000000 ____D C:\ProgramData\xml_param 2017-07-30 22:25 - 2017-07-30 22:25 - 000000000 ____D C:\Users\RNOwe\AppData\Roaming\KeepVid 2017-07-30 22:25 - 2017-07-30 22:25 - 000000000 ____D C:\Users\Ricky\AppData\Local\Aimersoft 2017-07-30 22:25 - 2017-07-30 22:25 - 000000000 ____D C:\ProgramData\Aimersoft 2017-07-30 22:23 - 2017-07-30 22:23 - 000001390 _____ C:\Users\Public\Desktop\KeepVid Pro.lnk 2017-07-30 22:23 - 2017-07-30 22:23 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Aimersoft 2017-07-30 22:23 - 2017-07-30 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid 2017-07-30 22:22 - 2017-08-02 14:32 - 000000000 ____D C:\ProgramData\KeepVid Pro 2017-07-30 22:22 - 2017-07-30 22:22 - 000000000 ____D C:\ProgramData\KeepVid Application Common Data 2017-07-30 22:22 - 2017-07-30 22:22 - 000000000 ____D C:\ProgramData\KeepVid 2017-07-30 22:22 - 2017-07-30 22:22 - 000000000 ____D C:\Program Files (x86)\KeepVid 2017-07-30 22:09 - 2017-07-30 22:24 - 036409223 _____ C:\Users\Ricky\Desktop\KeepVID PRO v4.10.1.7z 2017-07-29 08:00 - 2017-07-29 08:00 - 000051625 _____ C:\WINDOWS\uninstaller.dat 2017-07-26 12:48 - 2017-07-26 12:48 - 000000000 ____D C:\Users\RNOwe\AppData\LocalLow\uTorrent 2017-07-26 12:31 - 2017-07-26 12:31 - 000064038 _____ C:\Users\RNOwe\Desktop\daycare contract.pdf 2017-07-20 06:48 - 2017-07-25 07:27 - 000000000 ____D C:\Users\RNOwe\Desktop\Ricky camp 2017-07-20 06:43 - 2017-07-20 06:43 - 000000000 ____D C:\Users\RNOwe\AppData\Local\UNP 2017-07-19 07:34 - 2017-07-19 07:59 - 000000000 ____D C:\Users\RNOwe\Desktop\mad libs 2017-07-19 07:31 - 2017-07-19 07:31 - 000001414 _____ C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-15 19:08 - 2016-01-12 08:10 - 000000000 ____D C:\Users\Ricky\AppData\Local\Battle.net 2017-08-15 18:56 - 2016-01-12 08:08 - 000000000 ____D C:\Program Files (x86)\Battle.net 2017-08-15 18:00 - 2017-02-19 22:59 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-15 17:58 - 2015-10-14 23:24 - 004255708 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-15 17:55 - 2017-02-20 18:58 - 000000000 ____D C:\Users\Ricky\AppData\Local\MyComGames 2017-08-15 17:55 - 2016-02-11 21:39 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Curse Client 2017-08-15 17:52 - 2017-01-02 21:03 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-08-15 17:52 - 2016-11-13 16:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-08-15 17:51 - 2016-08-07 16:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-08-15 17:50 - 2016-07-16 02:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-08-15 17:10 - 2015-10-15 15:50 - 000000000 ____D C:\Program Files (x86)\Steam 2017-08-15 17:05 - 2016-11-26 16:24 - 000000000 ____D C:\Users\Ricky\AppData\LocalLow\Mozilla 2017-08-15 16:21 - 2016-08-07 15:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-08-15 13:04 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-08-15 11:48 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-15 11:46 - 2016-03-13 08:15 - 000000000 ____D C:\Users\Ricky\AppData\Local\CrashDumps 2017-08-15 09:07 - 2016-08-02 16:44 - 000000000 ____D C:\Users\RNOwe\Desktop\Nonni's Songs 2017-08-15 09:04 - 2016-08-17 08:17 - 000000000 ____D C:\Users\RNOwe\Desktop\daycare 2017-08-15 07:06 - 2016-11-08 21:05 - 000000000 ____D C:\Program Files (x86)\Google 2017-08-15 06:59 - 2016-08-07 15:59 - 000000000 ____D C:\Users\RNOwe 2017-08-15 06:59 - 2016-08-07 15:59 - 000000000 ____D C:\Users\Ricky 2017-08-14 21:12 - 2017-01-02 21:03 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-08-14 21:12 - 2017-01-02 21:03 - 000000000 ____D C:\Users\Ricky\Documents\Anti-Malware 2017-08-14 18:29 - 2016-01-12 16:46 - 000000000 ____D C:\Program Files (x86)\World of Warcraft 2017-08-14 18:19 - 2017-06-02 22:09 - 000000222 _____ C:\Users\Ricky\Desktop\Rust.url 2017-08-14 13:44 - 2016-03-19 03:20 - 000000000 ____D C:\Users\RNOwe\AppData\Local\CrashDumps 2017-08-14 13:31 - 2015-11-17 21:07 - 000000000 ____D C:\Users\Ricky\AppData\Local\Adobe 2017-08-14 13:30 - 2017-02-17 20:12 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-08-14 13:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-08-14 13:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-08-14 13:27 - 2015-11-18 14:32 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Adobe 2017-08-14 12:43 - 2015-10-14 23:34 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-14 03:35 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF 2017-08-13 17:38 - 2016-08-07 15:52 - 000412760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-08-13 17:36 - 2016-07-16 10:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Provisioning 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\bcastdvr 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Common Files\System 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-08-13 10:55 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-08-13 09:52 - 2015-10-17 21:23 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-08-12 20:20 - 2016-03-19 22:12 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\discord 2017-08-12 07:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-08-10 09:59 - 2016-08-09 12:01 - 000000000 ____D C:\Program Files (x86)\Hearthstone 2017-08-10 06:13 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2017-08-09 19:23 - 2015-10-15 15:47 - 000002473 _____ C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-08 22:46 - 2015-10-15 00:23 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-08-08 22:33 - 2015-10-15 00:23 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-08-06 07:40 - 2015-10-15 19:36 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Skype 2017-08-05 20:06 - 2017-01-02 21:03 - 000002122 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-05 20:06 - 2017-01-02 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-05 17:58 - 2015-10-14 23:42 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-03 10:07 - 2016-07-16 07:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-08-03 10:05 - 2016-03-22 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-08-02 22:51 - 2017-03-20 06:42 - 000000000 ____D C:\Users\RNOwe\.MemuHyperv 2017-08-02 22:49 - 2017-03-22 17:44 - 000000000 ____D C:\Users\RNOwe\Downloads\MEmu Download 2017-08-02 13:50 - 2016-08-01 20:55 - 000000000 ____D C:\Program Files\Common Files\Apple 2017-08-02 13:47 - 2016-08-01 20:57 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-08-01 17:46 - 2015-10-16 15:47 - 000797224 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2017-08-01 17:37 - 2015-10-17 07:44 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\uTorrent 2017-08-01 16:24 - 2015-10-15 20:24 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-08-01 13:10 - 2016-08-11 12:40 - 000000000 ____D C:\Users\Ricky\AppData\Local\Discord 2017-07-31 12:51 - 2015-10-15 15:43 - 000000000 ____D C:\Users\Ricky\AppData\Local\Packages 2017-07-31 11:14 - 2017-02-18 04:19 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-07-31 11:14 - 2017-02-18 04:19 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-07-28 23:39 - 2016-12-09 07:14 - 000000000 ____D C:\Users\Ricky\Documents\DayZ 2017-07-28 23:38 - 2016-12-09 07:14 - 000000000 ____D C:\Users\Ricky\AppData\Local\DayZ 2017-07-26 23:56 - 2015-10-26 07:03 - 000000000 ____D C:\Users\RNOwe\AppData\Roaming\uTorrent 2017-07-24 17:56 - 2015-11-24 16:35 - 000000000 ____D C:\Users\Ricky\AppData\Local\ArmA 2 OA 2017-07-24 10:20 - 2016-03-26 05:11 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2017-07-24 10:20 - 2016-03-26 05:11 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2017-07-24 10:13 - 2016-03-25 09:06 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Origin 2017-07-24 10:09 - 2016-03-24 19:34 - 000000000 ____D C:\ProgramData\Origin 2017-07-24 10:02 - 2017-06-04 00:21 - 000000000 ____D C:\Users\Ricky\Desktop\Wow music 2017-07-21 21:24 - 2016-03-25 09:00 - 000000000 ____D C:\Users\Ricky\Documents\Origin 2017-07-20 22:05 - 2017-03-20 06:43 - 000000000 ____D C:\Users\RNOwe\AppData\Roaming\NVIDIA 2017-07-20 13:09 - 2016-09-09 06:25 - 000000000 ____D C:\Users\Ricky\AppData\Local\Arma 3 Launcher 2017-07-20 07:06 - 2015-10-14 23:34 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Packages 2017-07-17 17:32 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache 2017-07-17 16:29 - 2016-11-25 20:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-07-17 16:29 - 2016-09-09 14:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2016-09-12 15:21 - 2016-09-12 15:21 - 305520897 _____ () C:\Users\RNOwe\AppData\Local\ACCCx3_8_0_310.zip.aamdownload 2016-09-12 15:21 - 2016-09-12 15:21 - 000003413 _____ () C:\Users\RNOwe\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd 2016-01-01 02:45 - 2016-01-01 02:45 - 000000000 _____ () C:\Users\RNOwe\AppData\Local\Driver_LOM_8161Present.flag 2016-08-12 04:18 - 2017-03-05 07:13 - 000007600 _____ () C:\Users\RNOwe\AppData\Local\Resmon.ResmonCfg 2017-02-18 04:19 - 2017-02-18 04:19 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2017-01-02 20:44 - 2017-02-16 22:42 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2017-01-02 20:44 - 2017-02-16 17:27 - 000000515 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Some files in TEMP: ==================== 2016-12-04 18:26 - 2016-12-04 18:42 - 000000068 _____ () C:\Users\RNOwe\AppData\Local\Temp\ade310c59b2001f825baf3fb617e4f7b.dll 2016-09-12 15:21 - 2015-03-05 09:54 - 002212008 _____ (Adobe Systems Incorporated) C:\Users\RNOwe\AppData\Local\Temp\AdobeApplicationManager.exe 2016-08-08 11:29 - 2016-08-08 11:29 - 000000000 ____D () C:\Users\RNOwe\AppData\Local\Temp\avgnt.exe 2016-12-04 18:26 - 2016-12-04 18:26 - 000000512 _____ () C:\Users\RNOwe\AppData\Local\Temp\f9a1b5d54284183a1d5112742cb85097.dll 2017-07-31 23:20 - 2017-07-31 23:20 - 000745507 _____ (MP3 Players) C:\Users\RNOwe\AppData\Local\Temp\fox.exe 2017-07-11 18:22 - 2017-02-10 10:54 - 000037376 _____ (Microsoft) C:\Users\RNOwe\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe 2017-07-11 18:22 - 2017-02-10 10:54 - 000020480 _____ (Microsoft) C:\Users\RNOwe\AppData\Local\Temp\HiRezLauncherControls.dll 2017-07-31 23:33 - 2017-07-31 23:33 - 000102400 _____ (ancient JK) C:\Users\RNOwe\AppData\Local\Temp\max.exe 2017-02-21 03:29 - 2016-12-29 08:43 - 000747464 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\nvSCPAPI.dll 2017-02-21 03:29 - 2016-12-29 08:43 - 000860776 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\nvSCPAPI64.dll 2017-04-06 11:52 - 2016-12-29 08:43 - 000351680 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\nvStInst.exe 2016-09-09 21:32 - 2016-11-17 09:45 - 001135552 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\NvTelemetry.dll 2016-09-09 21:32 - 2016-11-17 09:45 - 000217024 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\NvTelemetryAPI32.dll 2016-09-09 21:32 - 2016-11-17 09:45 - 000268736 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\NvTelemetryAPI64.dll 2017-03-20 06:43 - 2017-08-02 22:51 - 000492544 _____ () C:\Users\RNOwe\AppData\Local\Temp\s3.exe 2017-07-31 23:20 - 2017-07-31 23:20 - 004185841 _____ () C:\Users\RNOwe\AppData\Local\Temp\SetupInstallStart.exe 2016-08-02 22:12 - 2016-08-02 22:12 - 000000000 ____D () C:\Users\Temp\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-27 17:31 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01 Ran by RNOwe (15-08-2017 19:15:13) Running from C:\Users\Ricky\Desktop\FRST Windows 10 Pro Version 1607 (X64) (2016-08-07 20:34:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2190132408-2257626196-1181361939-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2190132408-2257626196-1181361939-503 - Limited - Disabled) Guest (S-1-5-21-2190132408-2257626196-1181361939-501 - Limited - Disabled) mrsam (S-1-5-21-2190132408-2257626196-1181361939-1004 - Limited - Enabled) natey (S-1-5-21-2190132408-2257626196-1181361939-1008 - Limited - Disabled) Ricky (S-1-5-21-2190132408-2257626196-1181361939-1003 - Limited - Enabled) => C:\Users\Ricky RNOwe (S-1-5-21-2190132408-2257626196-1181361939-1001 - Administrator - Enabled) => C:\Users\RNOwe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) 7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.92 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) ASTRO Command Center (HKLM-x32\...\{691A89DA-3E44-4F88-9637-4D7B17CC7181}) (Version: 1.0.76 - Astro Gaming) AutoHotkey 1.1.24.03 (HKLM\...\AutoHotkey) (Version: 1.1.24.03 - Lexikos) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle Islands: Commanders (HKLM\...\Steam App 445720) (Version: - DR Studios) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts) Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.62791 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) BF3 Settings Editor (HKLM\...\{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}) (Version: 2.3 - Realmware) Blackwake (HKLM\...\Steam App 420290) (Version: - Mastfire Studios Pty Ltd) Blender (HKLM\...\{2BBF253B-4DC9-49DA-AE78-5991452AC317}) (Version: 2.78.2 - Blender Foundation) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.100.6363 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games) Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version: - Treyarch) Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version: - Treyarch) Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version: - Treyarch) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Chromium (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Chromium) (Version: 51.0.2683.0 - Chromium) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 45.9.12.393 - Comodo) Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.) Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Dirty Bomb (HKLM\...\Steam App 333930) (Version: - Splash Damage®) Discord (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit) Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley) Epic Games Launcher (HKLM-x32\...\{56C7F9B4-77A1-48C3-AE0A-E402992F1F9B}) (Version: 1.1.94.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EVE Online (HKLM\...\Steam App 8500) (Version: - CCP) Farming Simulator 17 (HKLM\...\Steam App 447020) (Version: - Giants Software) FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse) Fishing Planet (HKLM\...\Steam App 380600) (Version: - Fishing Planet LLC) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) Fraps (HKLM-x32\...\Fraps) (Version: - ) Genital Jousting (HKLM\...\Steam App 469820) (Version: - Free Lives) Google Chrome (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Google Chrome) (Version: 61.0.3163.39 - Google Inc.) Google Earth Pro (HKLM-x32\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden GRID 2 (HKLM\...\Steam App 44350) (Version: - Codemasters Racing) Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios) Hotspot Shield 4.18.3 (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\HotspotShield) (Version: 4.18.3 - AnchorFree Inc.) HWiNFO32 Version 5.22 (HKLM-x32\...\HWiNFO32_is1) (Version: 5.22 - Martin Malík - REALiX) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) InstallShieldHiRezCurrent (HKLM-x32\...\{9433FC1C-7405-433C-A26D-81076293BBCE}) (Version: 3.0.0.0 - Hi-Rez Studios) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel Extreme Tuning Utility (HKLM-x32\...\{2b6ed4de-d92a-4e61-aa4f-5196a0ecee21}) (Version: 6.3.0.56 - Intel Corporation) Intel Extreme Tuning Utility (HKLM-x32\...\{AD9EAA1C-2EF5-4243-ACE5-7AB77047291D}) (Version: 6.3.0.56 - Intel Corporation) Hidden iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) KeepVid Pro(Build 4.10.1.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 4.10.1.0 - KeepVid Studio) Killer Bandwidth Control Filter Driver (HKLM\...\{24BA7D32-B740-47A3-BE0E-2F4863A05D13}) (Version: 1.1.56.1120 - Rivet Networks) Hidden Killer E220x Drivers (HKLM\...\{921ABFC0-9681-487D-9379-89C1712EFEBF}) (Version: 1.1.56.1120 - Rivet Networks) Hidden Killer Network Manager (HKLM\...\{E21E50A4-4A55-4A7E-B1AA-16F8F9E255C8}) (Version: 1.1.56.1120 - Rivet Networks) Hidden Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation) Line of Sight (HKLM\...\Steam App 436520) (Version: - BlackSpot Entertainment) LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.) Mad Max (HKLM\...\Steam App 234140) (Version: - Avalanche Studios) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts) MEmu (HKLM-x32\...\MEmu) (Version: 2.9.6.1 - Microvirt) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mitos.is: The Game (HKLM\...\Steam App 389570) (Version: - Freakinware Studios) Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) My.com Game Center (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\MyComGames) (Version: 3.195 - My.com B.V.) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation) NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation) NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - ) Orcs Must Die! 2 (HKLM\...\Steam App 201790) (Version: - Robot Entertainment) Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version: - Robot Entertainment) Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.) Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Planetary Annihilation (HKLM\...\Steam App 233250) (Version: - Uber Entertainment) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.2-r111395-release - Plays.tv, LLC) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) ROBLOX Player for Ricky (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for RNOwe (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio for Ricky (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0330 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Spintires (HKLM\...\Steam App 263280) (Version: - Oovee® Game Studios) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Tenda Wireless LAN Card (HKLM-x32\...\{C26CF23B-8EAC-401C-96F8-1064EC7CE039}) (Version: 1.5.6.0 - Tenda) Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic) theHunter (HKLM\...\Steam App 253710) (Version: - Expansive Worlds) Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc) Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal) Transcripted (HKLM\...\Steam App 215450) (Version: - Alkemi) Trimmer Tycoon (HKLM\...\Steam App 505750) (Version: - Improx Games) Unity (HKLM-x32\...\Unity) (Version: 5.5.2f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Smartly Dressed Games) Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Warface (HKLM-x32\...\Steam App 291480) (Version: - Crytek) Warface My.Com (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Warface My.Com) (Version: 1.27 - My.com B.V.) Warframe TennoGen (HKLM\...\Steam App 396050) (Version: - ) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) World of Tanks (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Worm.is: The Game (HKLM\...\Steam App 466910) (Version: - Freakinware Studios) ZookaWare (HKLM-x32\...\ZookaWare) (Version: 5.0.1 - ZookaWare) Аrdamаx Kеylogger 4.4.2 (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Аrdamаx Kеylogger 4.4.2) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\RNOwe\AppData\Local\Roblox\Versions\version-da823d17eb7346c9\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{cd518d10-13b7-487e-b121-e772c4aeada3}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-01] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] () ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-02-27] (Power Software Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Ricky\Documents\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-01] (Igor Pavlov) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-02-27] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-03-16] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-01] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Ricky\Documents\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-02-27] (Power Software Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E84F185-5BA7-4C63-ABB9-B795ADDB55D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {0F298098-657E-4943-99E3-A5C50C4B7972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009Core => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.) <==== ATTENTION Task: {1A5DD9C5-F5A9-443E-91C2-25DD2BFA1318} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-03] (Microsoft Corporation) Task: {1F306747-FD55-445D-A736-2FDFFB76AB48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.) Task: {23FC0D6D-4B41-4FC7-8EEB-5A3CF855291A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation) Task: {2F137121-08AE-41F6-BA4F-8B2E892F5168} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {36ED4651-8B99-49AB-8348-DDA83008159C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {390113BA-0C5E-453E-812B-51F46552A43C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] () Task: {45F654AE-5823-41D8-BC24-A8A60676A61A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation) Task: {507A6059-487B-43D4-ACB0-84B9FD79B708} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation) Task: {652EF281-F0A4-4EF1-9528-16BDE6415A0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009UA => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.) <==== ATTENTION Task: {6B5798D1-1532-4342-AC68-506A1CFDA2DF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-03] (Microsoft Corporation) Task: {6F61B115-0EF7-46E8-B337-4262B877A9A2} - System32\Tasks\Zookaware Scheduled Update Check => C:\Program Files (x86)\ZookaWare\ZookaWare.exe [2017-03-05] (ZookaWare) Task: {775A8DC6-C222-4416-A995-9FCBBF29622A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003UA1d257eac5ebce53 => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {804CF9AB-72A7-434D-8FCC-3EB063C3CE6C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation) Task: {9C50F60E-60A7-4889-BE08-4B5EA849D719} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation) Task: {ABFD2B65-2DA8-465C-B75A-ED20D620BD3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.) Task: {BE2CBEC8-DC29-4806-AEE7-2CD180C9705D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {C0C62CA9-07B5-46C9-8166-3ACBAFFFDF8D} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] () Task: {C818E9FC-2FE7-4924-BD04-D392E332A4B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-03] (Microsoft Corporation) Task: {CAE370AB-797F-4163-8B90-6C4ACF4BB76D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003UA => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {D0ED94BF-FA07-40B9-AD16-9340585F9438} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation) Task: {DB9DD61F-72C9-40FE-8B5B-7FB35DF1436C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {E0D786EF-B7B2-4B34-B18E-D9AE26AA73F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003Core => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {E3665C04-382E-4BF7-B184-EB24E38BC5AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation) Task: {E3FACFDA-D6E7-4EF8-BDD9-2903BE144AD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003Core1d257eac59727ba => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {F8084281-26F1-4F9D-AD62-1EFD309C4788} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {F8C6A7C7-8A74-46D1-B606-DDFC0297C1C8} - System32\Tasks\ZookaWare registration reminder => C:\Program Files (x86)\ZookaWare\ZookawareUpdater.exe [2017-03-05] () Task: {F9BE8308-5E55-4C78-9E81-19956EDCB9D9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation) Task: {FF4ADCA3-D486-4406-BD67-8F3C8D9A1143} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003Core.job => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003UA.job => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009Core.job => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009UA.job => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Аrdаmаx Keylogger 4.4.2\Аrdаmаx Keylogger 4.4.2.lnk -> C:\Users\RNOwe\Documents\CCP\CCP.exe (No File) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-12 11:59 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-03-26 07:36 - 2016-09-04 23:02 - 000076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2016-08-07 20:13 - 2016-08-07 20:13 - 000959168 _____ () C:\Users\Ricky\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-07-05 06:43 - 2017-01-29 09:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2015-04-15 16:13 - 2015-04-15 16:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-03-14 21:42 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 21:42 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 21:42 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-08-10 15:59 - 2017-03-04 02:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-08-10 15:59 - 2017-08-01 14:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-08-10 15:59 - 2017-08-01 14:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-07-17 17:04 - 2017-07-17 17:06 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-07-17 17:04 - 2017-07-17 17:06 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-07-17 17:04 - 2017-07-17 17:06 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-07-17 17:04 - 2017-07-17 17:06 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll 2017-02-19 23:31 - 2016-10-25 16:19 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-02-19 23:31 - 2016-10-25 16:19 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2017-02-19 23:32 - 2016-10-25 16:19 - 000418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2016-09-15 16:21 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 21:41 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-08-09 19:23 - 2017-08-09 01:48 - 004022616 _____ () C:\Users\Ricky\AppData\Local\Google\Chrome\Application\61.0.3163.39\libglesv2.dll 2017-08-09 19:23 - 2017-08-09 01:48 - 000100184 _____ () C:\Users\Ricky\AppData\Local\Google\Chrome\Application\61.0.3163.39\libegl.dll 2017-07-21 19:54 - 2017-07-21 19:54 - 001528296 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe 2015-11-24 16:48 - 2015-11-24 16:48 - 000028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-24 16:46 - 2015-11-24 16:46 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-24 16:48 - 2015-11-24 16:48 - 000041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-24 16:46 - 2015-11-24 16:46 - 000354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-24 16:48 - 2015-11-24 16:48 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 001980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-07 16:57 - 2015-12-07 16:57 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 001862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 000516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 004060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2017-02-19 23:31 - 2016-10-25 16:19 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-07-21 19:55 - 2017-07-21 19:56 - 055782888 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\libcef.dll 2017-07-21 19:56 - 2017-07-21 19:56 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\ortp.dll 2017-07-21 19:56 - 2017-07-21 19:56 - 000133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\libEGL.dll 2017-07-21 19:56 - 2017-07-21 19:56 - 003384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\libGLESv2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Ricky:Heroes & Generals [38] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\sharepoint.com -> hxxps://livevsc-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-09-18 12:50 - 2017-08-14 13:45 - 000000838 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RNOwe\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ricky\Desktop\wallpaper.jpg DNS Servers: 192.168.10.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: d447ab7d0fb975b032ce5d423855b98e => 2 MSCONFIG\Services: Killer Service V2 => 2 MSCONFIG\Services: SysEventSVC => 2 HKLM\...\StartupApproved\StartupFolder: => "Tenda Wireless Utility.lnk" HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk" HKLM\...\StartupApproved\Run: => "MouseDriver" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "TCTray" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "avgnt" HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Gyazo" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Razer Comms" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "NETGEARGenie" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "Gyazo" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "TSMApplication" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "CCP Start" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "hsscp.EXE" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{4B419972-F12D-4F5F-BEE0-0E5E82CA5B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [{9F695E89-DA5D-4A93-8F51-4BFD29EE3C1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [UDP Query User{278EB8EC-2E76-4321-94B7-3B82C33DEA48}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{FFF5A6BB-29D0-474F-8FD4-11421C346DD4}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [{1072DCD5-45E1-40C0-B592-E3C0973DF070}] => (Allow) C:\Users\Ricky\Documents\iTunes\iTunes.exe FirewallRules: [{E6C0CD72-CEBC-45B2-8A24-DF102E1E5C12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1586B2F1-D3C7-428C-B276-207C90728CE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2EDE6151-13DA-409D-A9B6-BA02E2822820}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5CE289D3-92C2-4285-85D3-E6F779FB8BD7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BE57651E-D2C5-4300-AD92-AE4EE3AD19F8}] => (Allow) C:\Users\Ricky\Documents\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe FirewallRules: [{5E1F2BA5-9F6C-4B58-A57B-4BC0384616EA}] => (Allow) C:\Users\Ricky\Documents\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe FirewallRules: [UDP Query User{DF87889A-0B42-4800-AB7D-B9021C41E1BC}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe FirewallRules: [TCP Query User{43AC2DA1-06CB-4501-B26B-09EB6F94EF98}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe FirewallRules: [UDP Query User{D24A005E-744E-49A0-99D8-A89DE5FF8399}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [TCP Query User{7BC1C8B0-5B8C-495A-9E66-488B515F729D}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [UDP Query User{E65C11D2-2FEA-476D-A733-C76AB434D0D0}C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{50295637-82FF-4DED-BC2B-31100A547462}C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{EE2BBC5B-D61A-4024-9CC2-9EEC5B583DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe FirewallRules: [{4B22406E-3A9F-4E0A-8867-389962DC6A83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe FirewallRules: [{21860F47-9D92-4963-968D-48BE49C8FA17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{C651FE7B-308C-49E1-AA36-995F26B8D334}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{402D2688-4EF1-4E7C-AAE5-1151723F4BB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{FF5FAF32-EBE6-4ED0-8904-48878DB7B42C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{6FEA0810-3F62-4AF3-A3CD-2F1027F697EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{F3C3C217-627B-473C-BAA2-BDE6EF5F1754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{8828CC3E-615D-4D81-B7BF-853B99754F13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{9DC25832-F5D1-455B-958D-2EFF8DB25534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A4706896-9FD2-4B82-9D71-11B7B13159AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{191656F0-27D6-4CBF-96D4-B91A461EB2BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{C8002DA7-5248-4F08-B82A-ECF442468C55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{5338B817-2258-4A37-AED4-F43D7F53CE3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{A2EE1303-CF60-42A3-A413-9DCF9A3B4D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\NWZLauncher.exe FirewallRules: [{3B203766-8C28-4EE0-BC70-DB0E88A0AC12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\NWZLauncher.exe FirewallRules: [{85F1557D-167F-4CCE-97EA-B8154D2826B1}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{FD1C50F3-8F7E-476D-9F76-40771A6D33A1}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{2AA4B4B9-BCD7-4FB5-9B96-B4890B80FBAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe FirewallRules: [{A948DDDF-3D7A-4FDB-8B0C-B0D9F3A4383D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe FirewallRules: [{088B6A6A-078A-4308-A37B-A564148AFD95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\transcripted\Transcripted.exe FirewallRules: [{A7D622A5-297B-4C3D-9322-AFD7BB0429E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\transcripted\Transcripted.exe FirewallRules: [UDP Query User{17D773E1-C03D-42EB-9F12-7339CA16656E}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe FirewallRules: [TCP Query User{041CFE60-626A-4A61-810D-81B90C3324C9}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe FirewallRules: [UDP Query User{CD0A946D-FFC5-4FDA-A057-1ACDADF551C1}C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe FirewallRules: [TCP Query User{96F8ADA0-FB75-45F8-A654-757BD91ADC07}C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe FirewallRules: [{F67F9218-A98F-4CB6-86CD-2EAA0DF5AAE3}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{A9497FD1-7721-41CA-BCE1-2CCE56C05A6B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{DCDDAC5E-07D2-49DA-8630-AB67888650CB}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{2C85326B-E3AF-4321-968A-AF052F67BB1C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{F77B9CB5-3C61-4F83-9C85-D1C7F341E193}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{1A211706-EC4E-4C1A-86B8-CF0E8FB76C8F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [UDP Query User{05AF401E-E547-43DC-A159-A35311964757}C:\users\ricky\documents\world_of_tanks\worldoftanks.exe] => (Block) C:\users\ricky\documents\world_of_tanks\worldoftanks.exe FirewallRules: [TCP Query User{FEBA19C9-670F-4073-AC68-94AA1A638C0F}C:\users\ricky\documents\world_of_tanks\worldoftanks.exe] => (Block) C:\users\ricky\documents\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{FC5614DE-1F94-4EBF-9734-BFD5E51F7282}C:\users\ricky\documents\world_of_tanks\wotlauncher.exe] => (Block) C:\users\ricky\documents\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{ABAE1D11-3CEC-4525-84A9-20B19EAABF5B}C:\users\ricky\documents\world_of_tanks\wotlauncher.exe] => (Block) C:\users\ricky\documents\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{6AB3C81C-E9D8-4018-B056-E351E7237868}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [TCP Query User{551E1B94-F141-4619-B7B3-B599CDB05355}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [{9DA0435A-428D-4395-B6EE-A5FFEDBD61BE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{7DA74F98-63D2-4E4B-A82D-047EBB7B16F3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{E2FA142B-662E-4F2E-9019-4C0E701F0EEC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{A9BFB056-6B1B-4F7C-A97B-F58C18362FA9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{2D2C4887-5B66-44EC-8846-7FD801D5EBB4}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{80BF560D-E049-4501-8D08-0D6D4D7B4B28}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [UDP Query User{C07A418D-AFF1-4132-9845-D1DF38A98416}C:\users\ricky\documents\call of duty black ops 2\t6mp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6mp.exe FirewallRules: [TCP Query User{9E35817D-CEEE-4612-92FB-85DF522CCBDF}C:\users\ricky\documents\call of duty black ops 2\t6mp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6mp.exe FirewallRules: [UDP Query User{6A3DC30F-BDD1-4349-BB90-15C6DED7A81C}C:\users\ricky\documents\call of duty black ops 2\t6sp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6sp.exe FirewallRules: [TCP Query User{13FD4320-2346-4F20-9B6A-8447105AAA51}C:\users\ricky\documents\call of duty black ops 2\t6sp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6sp.exe FirewallRules: [UDP Query User{4AB6FE87-A906-43B7-9A25-5F69BAD1D38E}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe FirewallRules: [TCP Query User{65CFD4AD-A237-450E-A7BC-E3A30A1EE699}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe FirewallRules: [UDP Query User{283B760E-C9A5-463F-B44A-307AC7777050}C:\program files (x86)\call of duty black ops 2\t6mp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6mp.exe FirewallRules: [TCP Query User{55965F1D-48B9-4429-8525-71485FD767F7}C:\program files (x86)\call of duty black ops 2\t6mp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6mp.exe FirewallRules: [{F50C635E-8DB3-4274-A88C-509FC94E51AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe FirewallRules: [{ACD7B3A1-CDD2-4A0F-8FB7-094394EA9767}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe FirewallRules: [{374F655E-8A50-4B2F-B592-B955D2B4C53B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{F794ABF8-0048-462A-AC59-DFE004E40F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{3741D57A-777B-4167-B881-EE9EF05D176F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe FirewallRules: [{879B879D-F048-43A9-A2D4-6087C6C4FE9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe FirewallRules: [{6018E65D-45D3-4B14-B3F7-E1DAF4ED03C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{310F5807-81A7-4C89-BB6A-6C61AFD71ADC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{10BC2B0B-F791-4F7A-9D05-BA14BDC68552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe FirewallRules: [{0A205701-F806-403F-8B39-0ED6C314BEFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe FirewallRules: [{5D955816-11F1-4625-BD1C-5E8519B1C1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{D436535B-BC94-4F39-91CD-61D5436075D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{0707370F-ACEE-4056-9A6E-D0F3814A4037}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe FirewallRules: [{A155A6F2-E751-4287-B6AA-13DF0F02CFE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe FirewallRules: [{55344891-96CD-4502-A115-B8FE215699F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe FirewallRules: [{2749E06B-3C2B-4256-A016-F4FAC7D4AD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe FirewallRules: [{E656AF8D-CACB-48B5-933F-963F75EE310C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [{91B3D9CB-5AA1-4A24-BC12-24A134AD9DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [UDP Query User{9587A206-06C2-4652-9680-062693CD67DA}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [TCP Query User{9DD76789-5349-40E9-9D35-EF63F94AB85C}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{D90E2E05-0B7A-47F1-A60A-97AFDA75B27D}C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{639B386B-4015-483B-BC97-46DD4B60B3C6}C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{85DBC87F-7CC0-4E89-B7B0-BF6F64EA6E6A}C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{85BCDE2B-DD00-4AE0-9516-B5EC684C0F8F}C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{89B478E8-9FF3-43BC-9C0C-87AE3EFD56EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{0ACD3AF5-D737-48F3-8EA6-F678483D9A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{92CC0B09-E453-474C-8D60-D5C385173363}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{8CD8A797-5216-4A6F-9142-CC251A211C18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{93D57CBA-3441-44C7-92B6-68339FBBDDF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{7224ACE9-5936-409F-8246-6BBF9F27BC0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{B9893510-BD90-431D-BBDD-D23561CCAB5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{15F67547-30DF-4715-8E28-92326190DEE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{101EB6B2-CB4C-4519-B536-0565A65EF8C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{048FED05-E9CC-4001-A3C0-1CC54F43BE23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A615F3BE-222B-4D80-9786-09BDC2F64CE9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3BED3AAE-5DD3-4B3C-8A0C-70BDED49E666}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2A077053-A1C3-4B27-BCB5-B863DE7DD0DC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{669876D6-DC2E-4675-93F7-538C59B328E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{0FD67088-C1E5-4FCC-AFF2-5FA3A877FC3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{B47C3DCA-6E0F-46DD-91F7-F2EF601855AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{17AC0DA6-3C07-42AB-9C99-DA4F585CEF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{AC70147D-07B4-4C81-8EC1-118792BE899A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{9C539E29-EE45-43EA-A923-B66BD11C2A81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{9417B853-6F80-4DDB-A776-C3FE1175AEAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{4FEE3453-7226-48DA-970E-FE9B36F1B9C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [TCP Query User{BE95F898-FB40-4289-B924-B59A529ECE5D}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{82DD18EE-5FD3-4388-8946-1DB867377907}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{E294AF0C-2BC2-413D-B9F1-FB303E435C65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{47703713-1778-4D49-88EF-E44FA6E5043A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{E77016E0-E87F-4014-BF05-90130CC15526}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{20DC8649-3148-41F7-97D0-5918D2BDF698}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FCBD983B-2FF7-439E-A2A7-3A63463E15EA}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E997B90A-9E79-42F1-99ED-C28B27DB1C95}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{93BB59AB-00FC-4662-89C1-2248ADC52221}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2B8F8E70-6AAB-4886-B767-791E08BFF859}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{37E8BC28-08D6-4983-B625-145B7E4CDF7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{3173BC4F-089D-4DA3-A30D-ACF682112AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [TCP Query User{93E6D3B1-289A-48B3-9179-E1C515A15F1E}C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{6051078A-4F9E-40FD-8C8E-53EB64D9D8EB}C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{36087D6F-FDE7-4876-973A-68BD25D4C7F0}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B72CD667-AA80-419D-A1CB-D66EE232DF78}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8AAFC0CC-15A1-47A8-A9ED-778A9DA43ACB}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B5441746-2250-40FA-B81C-A858CDBB5DB9}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{910E8D96-5DDE-43B4-B28D-A081A4196DD2}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FD5854CF-851F-4321-A51F-270B3C2878D4}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D7E1A967-6C07-4D9C-A9CE-F0B826CD837D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe FirewallRules: [{B0D2EF3A-5563-492A-836E-57277E1B81F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe FirewallRules: [{71E0E33D-5DA5-4B2E-8794-51AC7C5AB853}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{FDEEC283-14F0-45AB-B6DC-081F1BA6A1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{26522798-9E64-42B0-A581-D71421B35F3A}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [{8AE1C3E8-49C0-4F3E-BA64-EED5BEDA84DC}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [TCP Query User{7A4A1F3D-ABEB-4188-A309-5C05934731CE}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [UDP Query User{45E7B6FA-7E27-42CC-9A29-549980AE4FBA}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [{0A6E1069-177D-4327-9CA2-593EAC4D1EC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe FirewallRules: [{99E9663E-7E97-4CC4-86A4-EB83382393AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe FirewallRules: [{4ACCD3FE-C7E1-46EC-975E-82C2D6C1EE0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{EB07303F-C074-4727-8066-CCF47B5E5307}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{6648C707-2FC6-4265-A6C1-57B29D499F53}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{9B77B8D5-65F6-421A-99A2-22F08605178B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{AB88B3A4-23D2-4A9A-90A8-AF744C4F5238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{11B7C296-9F7B-4B0C-862D-14FC1A87803F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [TCP Query User{B6A2527D-E685-4620-B6B8-0F4AE7F081F5}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{EE5547BE-4B57-47AB-A70B-847ED890AEEE}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{B2CBBC71-9901-4D36-8F78-FAE7C01FF037}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{548FC9FB-5037-4A2F-84FA-38988A278924}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{3D836342-4D32-41F6-B30D-49D6ACFC7843}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{0EB75063-47E4-4043-A082-FCE3C56B23BE}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{EA0C3C6E-B8B5-4E72-9E5A-EE7093EEFC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe FirewallRules: [{09E3E236-78B8-4980-87B5-18499AF85252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe FirewallRules: [{460BB137-B7F7-4852-8902-4010760BFD4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe FirewallRules: [{0134E10E-A22D-41CD-9E6D-20E9963E80C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe FirewallRules: [{669ABE5B-A59D-4B7D-B93C-73929CB928F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{C79A6BEA-36E5-45EE-B433-D53C85DABB37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{4E75AA2C-0FD4-4B91-9080-97BCC8F790CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{90E6D8A3-63B8-4175-B1EF-81F862B4BDD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{7F6648E3-1C0B-434B-9BF5-45F075C11228}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{F413EEB9-FB8A-4E93-B242-09753698B603}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{9CA238FA-579C-4F21-987B-F620A1ED5478}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{39546C60-3C78-4097-8E7B-1C7557CFA1E8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{D6B0377A-CADB-47AF-BC42-3BFCC02D5BF3}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [{BB276DA7-DF8E-4D7C-AD18-4C8E3021EE56}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [TCP Query User{B1D7B726-5E74-4AC6-A8B9-BF57890023AB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{200D88AF-8CA8-4E30-828C-59797F0D8D01}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{7C659DA9-43A7-4B8D-9787-C4A9B2B72D10}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe FirewallRules: [UDP Query User{EE69F21E-BFBE-4C6C-B0FE-6EA32B1E25B6}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe FirewallRules: [{23C55921-0614-4EDA-866B-FBF7D97F2A30}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{C995ADCB-9C84-43AE-8BF3-044868AEF8BA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{4B4AE220-221E-4842-91B0-B32EFFC779E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{85DB76E3-6D48-4C83-821A-7C3781DC8E5B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F41C55ED-7C7E-47A0-AEBC-1CBDE91F8C7A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe FirewallRules: [{59C745CB-CC48-48A2-922C-07683E152426}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe FirewallRules: [{CF106E5F-469E-448D-B707-1D6B2317559A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\host.exe FirewallRules: [{21ED950B-F074-48B4-9434-E911EB25177C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\host.exe FirewallRules: [TCP Query User{7F555961-28DF-4074-ACB4-473F5049BF21}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe FirewallRules: [UDP Query User{7B6A0B57-3B40-4522-AAB9-7A843902492F}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe FirewallRules: [{D323A57A-927A-483A-BA06-7D58A8B0AC80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{56A1A8FF-3FCE-4524-BF54-1F05EFD4A57F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{BDA82224-AC3F-4A47-B259-E8B3368D5BC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7E83903B-CD15-45BF-B505-D21107B3F2FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C263E5B4-7A87-4604-AEB1-CEB41CD75120}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [UDP Query User{64C5EDA0-BBD3-447E-B87A-398D96F7728B}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [{BA62C80D-5CDC-4358-8123-BBFE1454465C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{A72B78B4-82E5-4FC6-8910-2CEE6FA8464D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{D92557F4-2763-41D7-BD74-53F7FD90EA99}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [UDP Query User{6825D234-25AE-4711-9F3F-8C75DBC1AE38}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [TCP Query User{2ACF454E-2C58-41B8-AC3F-367CE809D001}C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Block) C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe FirewallRules: [UDP Query User{BFBEB69E-0D41-4A71-9EDB-293F4547C9E6}C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Block) C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe FirewallRules: [{10DC5C69-EC6B-4C68-8F0A-9514D3FCB383}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{70D63754-D6D6-436E-B842-3C34D9488E91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{BCE81F83-C941-4304-8B4C-A531D29D26B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{7DBF133D-7058-4FE9-884E-3BFE1F1825EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{816EAD20-ADB1-444B-9757-9F1EDE39E195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{1FF81B75-4155-4F8C-AA24-F38D9C71339A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{674E2BD3-9452-4D02-B4C9-33FD651780BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{9978CCCC-4857-4810-A982-BA16DCACBF69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{5E38CEEB-814D-468D-8C23-580721521D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{0A29B430-9C18-4314-A2D0-D9C415773CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{8DC4D34D-9B2C-4223-B501-876B9D7FB028}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{934E9CD4-AA12-4D75-8042-B378B736A2FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{583E59CF-60C1-4573-9DCE-DEB0FF1E9957}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [TCP Query User{6CB4D09D-162A-4BCD-90EA-4EE82654973C}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{DF2C7AEE-C3C1-469C-B0F6-06E58A6D05AA}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [{7559ECA3-AFC4-4195-AA88-3C83E1466E77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E0C6BED7-A5C0-4C1E-8E92-4F1D636A74D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7BC0E86F-6B3D-4A65-ADF9-CAF3DF11A56E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5EBB9C53-1EEA-4BC1-B5A7-CBEEA3E51186}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E7A00AF0-CC41-452D-9897-3C6510D816BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trimmer Tycoon\trimmer.exe FirewallRules: [{DA6AF55E-BE6E-4037-80E0-5D8652765177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trimmer Tycoon\trimmer.exe FirewallRules: [{39490792-72BC-4270-A6FC-6E96732765C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commanders\Commanders.exe FirewallRules: [{D74C6E4E-5025-4538-930F-1C718E48C6D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commanders\Commanders.exe FirewallRules: [TCP Query User{E02AD135-EA46-4AA1-9BD2-83692E1F062B}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [UDP Query User{DCEDA09A-BDE7-48FE-9A41-B63375E3DB22}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [{5AEC32D0-560C-4BD4-8257-F8E183C5C5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [{F783E0CB-23AE-4940-AE6B-6DC82B1A196F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [TCP Query User{0BE3E017-3E3D-4355-9074-5D64DD7ECB54}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{EE696C5B-CA8E-4093-B495-8148A8CCC8D7}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [TCP Query User{C4E8A6BF-F1FF-4E28-8B19-0168774B6F65}C:\program files (x86)\razer\comms\razercomms.exe] => (Allow) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [UDP Query User{363A0237-9DF9-4510-88DA-938DB40EB0B7}C:\program files (x86)\razer\comms\razercomms.exe] => (Allow) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [{21490339-7A3F-4046-AF05-F3BCD4B4F78E}] => (Block) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [{611F0B44-F951-4840-A9AF-BC1ECF5A46F3}] => (Block) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [TCP Query User{317D7753-F449-4D87-8541-A7293E2B3114}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{CCF255F5-CF63-4098-895D-F411A0858454}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{40EA046D-3A66-477F-9F01-426D2DA70158}] => (Block) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{D88FA454-1446-4B30-BF7C-DD56A970CB6B}] => (Block) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{48778793-D2AF-47C6-A043-102C79801E0D}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [UDP Query User{61C78D30-BCC2-4414-914B-A312244B1856}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [{C69C5F78-F732-4C94-999E-5062C1A73F6B}] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [{1CFDC9CB-1108-496E-B703-700AC15196F9}] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [{26E0B7D7-1D2A-44D8-B0B6-514ADB6C108A}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{EB72E1AA-C307-46C6-9F51-E71C8ECD44B1}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{5FDB5149-2B95-49E0-A4AB-555ADC6E6ABC}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{85A7B87A-78CF-4A72-A9A8-2C94AACF2A40}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8F11F21-49D2-40E0-AADB-D6766FC6F1F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{B391396C-914F-43FD-96F7-B3E95420FF44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [TCP Query User{028CF6AB-51F4-4077-AB4B-71C8DDFAF6A9}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe FirewallRules: [UDP Query User{A332F8A1-7581-428B-9F75-DF39EA078F73}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe FirewallRules: [{99F2FBBB-A729-4C24-A8F7-C1ECA70C618C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{69D326D2-67A4-46CC-8B86-886362EC6DDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [TCP Query User{71AFA64B-B1F9-4739-81F7-0099C899391A}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [UDP Query User{70601413-E581-4F38-8624-0FB275995BFB}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{72EC30C4-AA72-49FB-8095-5099FF9F7A42}] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{F494C3B2-2E32-4A9C-85C5-B0CB90103AA6}] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{AA6DF14F-CFE3-4799-B099-7B0DE5FE6716}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe FirewallRules: [{1123D7DD-8AFD-4CDE-B1BA-41B3C93AA805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe FirewallRules: [{FC2F2393-4D47-4F12-8AA3-9EFE2DD5EB96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{DAB530D0-67CE-49D4-A87B-1F1509AA2FA9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7D918126-81FF-4FA5-A927-C1FFE0CFDDCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{FC174515-643A-4FD8-920C-FDEDA933E37A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{78A3747A-F7A3-4207-8F17-E553DA11F368}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [{8494703F-08DE-4D5C-815C-3133F238C012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [{A0144564-2C72-4299-AA16-36617182A8D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe FirewallRules: [{00E1E152-5A8D-442A-9658-ADA11D542235}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe FirewallRules: [TCP Query User{CBF0BF59-EA23-42D4-80FC-BEF7EB8B0C95}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe FirewallRules: [UDP Query User{7BB1EEF5-1F44-4F5E-9950-54D796DE8C7A}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe FirewallRules: [{76DFF09B-F906-45D6-A687-A897E25C06E6}] => (Allow) C:\Users\RNOwe\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{680D2499-A966-4F68-9368-5E50388DD919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe FirewallRules: [{884C3C05-E889-4A1F-AE3A-55AB14E0618A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe FirewallRules: [{D43FB36F-AED1-400D-B322-CF110364FCA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3F06DF06-4B0D-49E2-859A-9FF3266D76F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{453DB0F0-B696-4039-896F-33496C35425A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{DED03CBF-AEE5-4649-923A-A4B5BBA92D43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{42C350F8-BFC6-442A-AD72-0BF9D804951A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{02CEF2A8-27E5-4396-B3D1-196D699B2909}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{D1AB49EB-C5F2-448E-BE09-7D2BFAA38EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B1912D59-2A97-43EF-8B00-6F7C5AAEAB16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe FirewallRules: [{8C3C4F98-7887-4CA0-8D9F-17510CD1CE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe FirewallRules: [{095FB6C4-3633-4456-8258-B076EF2BB548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe FirewallRules: [{B890EFD1-9B8D-45D2-BB4A-A73994C15106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe FirewallRules: [{F6EFCA60-2E51-46B0-B968-885581F6FB13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe FirewallRules: [{15D40A83-B9E0-48A1-B680-A75D1C33B70B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe FirewallRules: [{A79CAA8E-6328-4902-AFAB-9605B9B3DE57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe FirewallRules: [{EB54D256-9EA3-4FCD-8F31-A487AAB897CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe FirewallRules: [{7CADC014-E0A2-4D4E-BA36-E71EBF439B81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe FirewallRules: [{A40EBC13-1184-4167-8B48-68A3A476EDEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe FirewallRules: [{3F826CED-5E0A-41EB-9462-A13EC19311F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{02F7C6BF-1351-428B-AF52-39064DD50453}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{BCD76230-E876-4C47-A817-CB4134FC5191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe FirewallRules: [{3FB12BB2-A9A5-4611-AAD5-2FDEE0EDBC5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe FirewallRules: [{73ED62E6-735B-4D20-B41E-8EE48A08F162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe FirewallRules: [{A7FC819B-ADD4-4E84-A1E7-135C3537D829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe FirewallRules: [{71865962-EAB1-425C-A387-CBD0D634BD24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe FirewallRules: [{C613DDD2-000B-4AB0-833C-ABAABEE5A790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe FirewallRules: [{BC410475-4BA9-46CF-BAF2-912D5D81A08B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe FirewallRules: [{702F3A43-E855-4AF9-8A0D-793183E9EB7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe FirewallRules: [{D5F50444-FA92-4833-BD1F-796D4B70F576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [{F98E1910-462E-4502-B5BF-28C3A6B80D27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [{E1343D41-4CFD-4BA0-AEED-AFDD1A82B34A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe FirewallRules: [{D263AF00-1894-4E54-A96B-9CAC0DAF7CFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe FirewallRules: [{929489A2-DA99-457D-B0F7-EDAAF4C49385}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe FirewallRules: [{5112993E-74E9-49FB-9B42-DFAA7A0C89D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe FirewallRules: [{2BA5E15D-67EE-4904-B238-DDB1BB5B955B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe FirewallRules: [{96C43D6B-3213-4632-95E4-4BF96DE65123}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe FirewallRules: [{940B9E40-71EA-477C-80C6-5E40EC92340C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{B697D07E-8D30-47C0-A635-E2F8AABBDC49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{3148406E-D6DE-4C30-B249-682C48FF33F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{050AB918-C34A-42A3-B7FD-38B95FDEF619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{C774635F-7A1F-4F13-9D45-DE8520C63B4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe FirewallRules: [{932423DB-FA50-4F2D-A997-389B42671517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe FirewallRules: [{1B847D71-EE3E-4989-B6A1-9251AB425D02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2476FEEF-6C28-4B07-8740-E8A7F12AE898}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F6184C57-4F99-4EBF-8999-2F8623728FB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F0C72769-C32A-4495-87C1-A50C15D8C672}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C3B6D401-F39C-47A9-90EA-EF2ED7B85F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe FirewallRules: [{8018063F-1430-4799-8F8A-AAA57F5C9AC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe FirewallRules: [{D4EB31CA-B8BB-4A9D-981E-B78F441B33F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{489BA6CD-0A96-4973-9D31-AE2F3969B077}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{52B173FA-152A-4B40-89CD-0A8A4FBEF5C7}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{F1B2694A-621F-4E0A-8EFF-7F794878C201}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{A81990E9-5BDA-4D05-9339-4430ECE087D9}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{4D1F4BB7-92DC-441C-8104-4C938CC3686B}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{76611174-4B42-41A6-915E-9421116719FD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{C45803D7-3BF6-4C43-9217-5D1B16BE876B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{10131643-984B-4F3E-8443-7F55D7C18BBC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [{65DE73CF-E7A3-4E11-B2B2-139B90A9419A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [TCP Query User{B9B0225C-9916-4B11-9F8B-CDA33B7A4E86}C:\users\ricky\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\ricky\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{711B7845-301B-4216-BFAB-75248C2482BF}C:\users\ricky\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\ricky\appdata\local\mycomgames\mycomgames.exe ==================== Restore Points ========================= 08-08-2017 22:30:31 Windows Update 12-08-2017 09:25:01 Windows Update 15-08-2017 17:57:09 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2017 05:59:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/15/2017 05:48:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICKYS-DESKTOP) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147467259 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/15/2017 12:43:31 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (08/15/2017 12:43:30 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 11:45:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 1.0.0.1, time stamp: 0x578999cf Faulting module name: Taskmgr.exe, version: 1.0.0.1, time stamp: 0x578999cf Exception code: 0xc0000005 Fault offset: 0x0000000000025076 Faulting process id: 0x3294 Faulting application start time: 0x01d315dd6fee885f Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: 4514770f-2e32-484e-859e-6acb9e3f2ff0 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/15/2017 06:00:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (08/15/2017 05:56:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (08/15/2017 05:55:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/15/2017 05:52:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (08/15/2017 05:52:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Hamachi2Svc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Hamachi2Svc service to connect. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BstHdLogRotatorSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the BstHdLogRotatorSvc service to connect. Error: (08/15/2017 05:52:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Razer Game Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2017-08-15 08:04:49.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-15 07:05:14.969 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-14 13:45:53.957 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-14 12:04:19.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-10 06:24:24.217 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-10 06:23:22.553 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-05 17:39:32.188 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-02 14:45:11.813 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-07-31 23:19:43.974 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-07-31 12:48:54.530 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz Percentage of memory in use: 50% Total physical RAM: 8142.92 MB Available physical RAM: 4000.26 MB Total Virtual: 11470.92 MB Available Virtual: 6749.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:40.25 GB) NTFS Drive d: (NATE'S) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B72A755) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 019801F3) Partition 1: (Active) - (Size=3.7 GB) - (Type=0B) ==================== End of Addition.txt ============================ -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 21:48:56 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: SpyHunter 4 Service ***** [ Folders ] ***** Deleted: C:\Program Files\Enigma Software Group Deleted: C:\Users\RNOwe\AppData\Roaming\Enigma Software Group Deleted: C:\sh4ldr Deleted: C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter Deleted: C:\ProgramData\Audyssey Labs ***** [ Files ] ***** Deleted: C:\END Deleted: C:\Windows\SysNative\drivers\EsgScanner.sys Deleted: C:\Users\RNOwe\Desktop\SpyHunter.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Driver Booster Scheduler Deleted: SpyHunter4Startup ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SOFTWARE\Soci2Sear Browser Enhancer Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [7132 B] - [2017/8/15 21:48:9] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 10 Pro x64 Ran by RNOwe (Administrator) on Tue 08/15/2017 at 17:56:46.13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\ProgramData\mntemp (File) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\d447ab7d0fb975b032ce5d423855b98e (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (RNOwe) (Task) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/15/2017 at 18:02:47.93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
log2.txt -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Alrighty, I'll send it as soon as it's done. It's a little under half way done as of now. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Yes, it's quarantining now. I wasn't sure if that was the only log I could get so I figured I'd go with it. I can send you the log after if there is one for me to. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
log.txt -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
It seems to have worked, many things are now able to start up. I appreciate your help. I'm running a scan through Malwarebytes now. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Alright I'll try this. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Sorry that took so long, took some tinkering. FRST.txt -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017 Ran by RNOwe (14-08-2017 20:05:28) Run:1 Running from C:\Users\Ricky\Desktop\FRST Loaded Profiles: RNOwe & Ricky (Available Profiles: RNOwe & Ricky) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 20:05:29 ==== -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
I can probably get a 8 gig -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
mbar-log-2017-08-14 (19-10-02).txt I still get the error after this scan -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Doing that now. -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
"The requested resource is in use." -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
mbar-log-2017-08-14 (17-59-35).txt -
"The requested resource is in use"
Harmazi replied to Harmazi's topic in Resolved Malware Removal Logs
Well It crashed and i've been waiting this whole time for it to finish a new scan, all three were checked. My bad. I'm running it now.