iskrentsbg Posted February 18, 2017 ID:1102787 Share Posted February 18, 2017 Hello.From 1 month i'm infected with annoying russian adware which takes me to ad domains like for example "globalworldcityy.ru/otoxym" and "puklisi.ru".I tried to remove it with ADWCleaner,Avast,MalwareBytes,Eset Online scanner,zemana anti-malware and Sophos Virus removal tools but no one of these things helper.(I worked without instructions I have little expirience with that).Please help me.Thanks Link to post Share on other sites More sharing options...
iskrentsbg Posted February 19, 2017 Author ID:1102975 Share Posted February 19, 2017 Help? Link to post Share on other sites More sharing options...
iskrentsbg Posted February 21, 2017 Author ID:1103281 Share Posted February 21, 2017 I forgot the logs sorry p.s Still MalwareBytes couldn't remove it Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21.2.2017 г. Scan Time: 9:07 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.02.21.01 Rootkit Database: v2017.02.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 399128 Time Elapsed: 36 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35], PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\globalworldcityy, Delete-on-Reboot, [9afbb5f02b7dc3733b3e9a1f649c2fd1], Registry Values: 1 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}|Path, \globalworldcityy, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.StartPage, C:\Windows\System32\Tasks\globalworldcityy, Quarantined, [b6df00a52781c5718e84f0c99c6431cf], Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
iskrentsbg Posted February 21, 2017 Author ID:1103282 Share Posted February 21, 2017 dditional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017 Ran by User (21-02-2017 09:51:49) Running from C:\Users\User\Desktop\Malware Fighting tools Windows 10 Pro Version 1607 (X64) (2016-09-20 09:49:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-691218479-2863476526-4080224816-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-691218479-2863476526-4080224816-503 - Limited - Disabled) Guest (S-1-5-21-691218479-2863476526-4080224816-501 - Limited - Disabled) User (S-1-5-21-691218479-2863476526-4080224816-1001 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 24 HOURS (HKLM\...\Steam App 485580) (Version: - MysticGames) A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - ) A4 TECH PC Camera H (HKLM-x32\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.0 - Vimicro Corporation) A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - Vimicro) Absconding Zatwor (HKLM\...\Steam App 385200) (Version: - Zonitron Productions) Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated) Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) Alien: Isolation (HKLM\...\Steam App 214490) (Version: - Creative Assembly) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation) Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlerite (HKLM\...\Steam App 504370) (Version: - Stunlock Studios) BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.) Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.) Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games) Break Into Zatwor (HKLM\...\Steam App 395980) (Version: - Zonitron Productions) Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform) Charles 4.0 (HKLM\...\{E0A65A42-FEA8-4BF1-AB8E-B28821357268}) (Version: 4.0.0.19 - XK72 Ltd) Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine) Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - ) Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC) Counter-Strike CSS Edition 1.6 (HKLM-x32\...\Counter-Strike CSS Edition 1.6) (Version: - ) Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.35.1.6 - Valve Software) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Crack NewBlue ColorFast 3.0 build 121113 (HKLM-x32\...\Crack NewBlue ColorFast 3.0 build 121113_is1) (Version: - ) Crack NewBlue Creative Effects V3.0 Build 121113 (HKLM-x32\...\Crack NewBlue Creative Effects V3.0 Build 121113_is1) (Version: - ) Crack NewBlue Transitions Pack v3.0 build 121113 (HKLM-x32\...\Crack NewBlue Transitions Pack v3.0 build 121113_is1) (Version: - ) Crack NewBlue Video Essentials Tools V3.0 Build 121113I (x86) (HKLM-x32\...\Crack NewBlue Video Essentials Tools V3.0 Build ~EFB930F3_is1) (Version: - ) Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar) Discord (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DISTRAINT (HKLM\...\Steam App 395170) (Version: - Jesse Makkonen) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden Enter the Gungeon (HKLM\...\Steam App 311690) (Version: - Dodge Roll) FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision) Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version: - Zonitron Productions) FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse) Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version: - Panoramik Inc) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - ) GenArts Sapphire Plug-ins 6.13 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - ) GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version: - ) Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version: - insayn) K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - ) Last Survivor (HKLM\...\Steam App 463620) (Version: - Original Games) League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains) Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.) Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Mike Crash's Vegas Filters Uninstall (HKLM-x32\...\Mike Crash Vegas Filters) (Version: - ) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Minecraft: Story Mode - A Telltale Games Series - Episode 1 (HKLM\...\Steam App 560040) (Version: - Telltale Games) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) Minion Masters (HKLM\...\Steam App 489520) (Version: - BetaDwarf) Monsti (HKLM\...\Steam App 526790) (Version: - Unika Games) Mozilla Firefox 48.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 bg)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version: - ) NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version: - ) NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version: - ) NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue) NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version: - ) NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version: - ) NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue) NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version: - ) NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue) NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Overgrowth (HKLM\...\Steam App 25000) (Version: - Wolfire) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Pixel Puzzles Ultimate (HKLM\...\Steam App 351030) (Version: - Decaying Logic) Plantera (HKLM\...\Steam App 421040) (Version: - VaragtP) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.5.7.57 - Razer Inc.) RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.) Receiver (HKLM\...\Steam App 234190) (Version: - Wolfire Games) Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC) ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - ) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) SpeechLab (HKLM-x32\...\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}) (Version: 1.0.0 - BACL) Spermination (HKLM\...\Steam App 363460) (Version: - Phr00t's Software) SPINGUN (HKLM\...\Steam App 548230) (Version: - Fermenter Games) Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamline (HKLM\...\Steam App 252850) (Version: - Proletariat Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Witness (HKLM\...\Steam App 210970) (Version: - Thekla, Inc.) Trapcode Suite v13.0.3 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.3 - Red Giant, LLC) Trove (HKLM\...\Steam App 304050) (Version: - Trion Worlds) TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.4.1f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS) Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation) VS Update core components (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden vs_update3notification (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden WayOut (HKLM\...\Steam App 551110) (Version: - Konstructors) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden Windscribe version 1.59 build 10 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.59 build 10 - Windscribe) Winexy (HKLM\...\Steam App 577740) (Version: - Heaven Brotherhood) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {033C4581-6095-4955-AE1D-18B48EA2D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {0650722C-556F-4689-9530-50B3A7FA162F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation) Task: {0E67BFAA-FC80-4A34-89B0-509C7B1036B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {2585EB47-A12D-4171-A9C1-5907CE2078E2} - System32\Tasks\TaskSched => Chrome.exe hxxp://gjdksleeeee.ru/eloxym Task: {357A5796-602D-4D35-9B60-514E140BBAFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.) Task: {468DC828-22D4-4C44-8EE2-26F9B960E9E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4CEB3BB4-8F2F-486A-A6B7-C84499DF5F71} - System32\Tasks\{5C066DAE-FB13-483C-BE23-A69C5C4EC109} => pcalua.exe -a "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]\SpeakText.exe" -d "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]" Task: {6170626D-3C5D-4C9F-B2E9-34F61090ADEB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {6221933B-222E-45E3-8E8E-3AD711C62F71} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2016-02-08] () Task: {7AB6445E-57CC-48BB-A5EA-7CCA84FB5E17} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] () Task: {7E3F2FA5-AF10-4AA2-A5D7-DF1867E0751E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.) Task: {801754FA-821A-4AEE-AF7D-A959F9534F84} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] () Task: {92333B72-C092-4CED-83F0-7946F94CD656} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {99868715-6BE5-4495-B53F-C3CFE389FBE8} - System32\Tasks\SafeZone scheduled Autoupdate 1474658096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {BD4B5B7F-5C97-4493-A05F-DEB77DAF04FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.) Task: {F6801EA8-9497-48D3-B5CA-A616D2A10CDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd) Task: {FB3E981A-AA84-4FF4-84DD-F8309D93B584} - System32\Tasks\{179AE184-A649-4CA8-A3D0-6C614864584D} => pcalua.exe -a "C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers\Social Club v1.1.5.8 Setup.exe" -d C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\User\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\771f8bd89de33137\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData --app-id=gfdkimpbcpahaombhbimeihdjnejgicl ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-19 21:10 - 2016-07-19 21:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-08-02 19:04 - 2016-07-24 01:38 - 00047208 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-06-30 05:23 - 2016-06-30 05:23 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll 2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-09-20 20:51 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 10:18 - 2016-12-21 04:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-02-07 22:51 - 2017-02-01 06:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 22:51 - 2017-02-01 06:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-10-30 10:26 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe 2016-08-02 19:04 - 2016-07-24 01:38 - 07647848 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe 2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2017-01-23 07:07 - 2017-01-23 07:08 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2017-02-18 07:42 - 2017-02-18 07:42 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-18 07:42 - 2017-02-18 07:42 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-18 07:42 - 2017-02-18 07:42 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-07 10:00 - 2017-02-07 10:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll 2016-06-27 12:22 - 2016-06-27 12:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-02-20 21:09 - 2017-02-20 21:09 - 05876224 _____ () C:\Program Files\AVAST Software\Avast\defs\17022002\algo.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-08-12 10:35 - 2016-08-12 10:35 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll 2016-07-12 18:53 - 2016-12-23 15:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-07-12 18:53 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 00638976 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL 2016-08-02 19:04 - 2016-04-26 22:04 - 01264128 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-13 10:53 - 2017-01-13 10:53 - 01082880 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-13 10:53 - 2017-01-13 10:53 - 03750400 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-13 10:53 - 2017-01-13 10:53 - 00914432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-13 10:53 - 2017-01-13 10:53 - 01127424 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\keyhook.dll 2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\SpeakTextCom.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-09-10 13:41 - 2016-08-01 13:20 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll 2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2017-01-12 08:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-21 09:48 - 2017-02-21 09:48 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\8042.tmp.node 2017-01-13 10:53 - 2017-01-13 10:53 - 02658304 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2016-12-14 12:27 - 2017-01-05 00:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ:1 [898] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 04:24 - 2016-12-03 08:56 - 00000116 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.100.1 - 198.41.0.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{DBDCB109-955C-4942-8527-AFA42960EAAA}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe FirewallRules: [TCP Query User{8CE20F01-1CCD-4410-86B0-C4CF7FEA37C6}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe FirewallRules: [{E011C6A1-7651-4FAD-8E09-99F7CEA118CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4BADF7BF-E48F-4A25-AB9F-5A14C5CC32E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{2C01EF1C-35D0-49D4-8CC5-55319149F0E0}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{D3D2C64C-6231-4D41-B3C0-4AC77359CF41}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe FirewallRules: [{47F4AEF8-48EE-4EB3-AC9C-03CA0B2D102B}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5951E8A7-DDDC-4B36-B326-2D087F9AC8E5}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe FirewallRules: [{4ED8F7F7-A7A5-4001-B42A-942424D97E81}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe FirewallRules: [{BBCD2C6D-E774-476B-90AE-69FBE65BA5C7}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E3341384-1A64-4E4F-9416-5D1BDA6D1B61}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe FirewallRules: [{427714CC-A96E-44D7-9E0D-1A39057908CC}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe FirewallRules: [UDP Query User{4D6D4A2D-2A13-4E51-A557-167F84D23718}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe FirewallRules: [TCP Query User{5F96416E-CDE2-48EC-ADC1-9733174C8067}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe FirewallRules: [UDP Query User{E1FEF267-D6E7-4419-9C1A-3F0CD63167C6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{5AC975BD-BEBB-4554-A782-B852B0DDF0A7}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{D07A55E2-534B-4A79-8E28-54AC84E14FF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{DB2F543D-4785-4122-8FFC-D448EE29778F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [UDP Query User{AB3946FD-4208-4E40-870F-42E1DCA1BA36}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe FirewallRules: [TCP Query User{98A40DD3-8AA4-4736-B9CF-CD9D98F012FF}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe FirewallRules: [UDP Query User{04005185-2EF0-489A-8FDE-F323FE07816D}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe FirewallRules: [TCP Query User{924ACA3C-A74E-4D08-9199-8B8F546148B2}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe FirewallRules: [{120C565E-B894-4C86-BF94-0B0B50185252}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{33A206E9-2C9D-417A-9DBF-1C94A4DE156D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{E4F6FF23-1439-492F-8A75-B97B11CECAD7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{98C53AF6-FF7D-48B4-8DF4-1B696CDB64CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2AB8580D-6BE2-45B9-B646-92B65C3C2374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{987D3D80-BA00-4C26-8003-3E93F727F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1865D1D6-89F6-4CBF-AF67-8A024D3E36DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9FED75D9-A3B1-474A-B0FC-BB05F83A15FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8A682E27-8475-4089-BB91-E8AC431B06E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{75A964A0-82AB-4766-8BB2-F53CFDF6E874}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{04595A0D-32AF-4023-953A-118169CA1F02}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [UDP Query User{89446BC2-5F21-4756-BF54-223F2B6BF3B6}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [TCP Query User{23F75D1A-A81E-4982-84CD-224F413EA478}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [{F607EE37-6B9B-4443-860C-91715CFBAA1E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{E12B1A35-4636-449D-987F-670928EA3D31}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{3801F88B-5471-4857-9768-26364727A9C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{15D60289-A385-4F45-9728-6B03FEB46E0E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{DE4C9ED2-C757-4710-A881-BEB4A7C62DA8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{303C1E4B-DA58-42E7-9404-785D806BE847}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{C6083222-6B6A-4432-8C02-42B0600CFE5C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{D475B9C9-FD81-445D-807D-69F396B0EB5E}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{A999C29A-E1DB-4E85-8AAF-43497101F34F}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{D0263CE3-8D4B-4A11-B90A-8A70C51504B2}] => (Allow) C:\Users\User\AppData\Local\Temp\is-N3OMN.tmp\download\MiniThunderPlatform.exe FirewallRules: [{7B18ED13-B200-4925-A189-70EEAEE2FCFE}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe FirewallRules: [{5AF9732A-0B32-48C8-8DBE-8298B12133F5}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe FirewallRules: [{47D684F7-14F2-4E50-A538-6A6BE2D92370}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe FirewallRules: [{D34F7BAF-5BF1-47AC-BA10-86190911031D}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe FirewallRules: [{D2D03F12-E0A2-4F9B-9BED-9E5BF0F54301}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{72F22AA6-8F9C-403B-8EC1-4D09622E19D6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe FirewallRules: [{ECE9D62E-798E-4739-A2EA-BE7A1C84A266}] => (Allow) D:\Niche.v0.0.7\Unity\Editor\Unity.exe FirewallRules: [{79F44869-7B74-4BB6-B246-B3AC7C9E4C8B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{3398C9EA-3672-4BF0-A2A7-E4CDAB272BFF}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{320FB54C-A1CC-4890-9A11-5E1961F2AB4F}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [TCP Query User{00DFE3AA-92B0-4DDE-9520-19914B62F214}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe FirewallRules: [UDP Query User{4888F1C6-830E-4C8F-99BB-A4E76C27815F}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe FirewallRules: [{2CD5D846-3D3E-4236-93BF-B2EB7B9EC2F6}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{51AF039C-0028-4E92-A518-6CBBA1DF424B}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [TCP Query User{80A09AA2-7818-4105-90F9-8D3D71103E2C}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{B9A135AA-423E-4FF6-B7C4-C293CA6F2499}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{92FB818C-BFFF-42E0-B7B8-C811146414A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe FirewallRules: [{B976F08A-E3AA-4E1C-914E-2D49F9B73CA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe FirewallRules: [{BCAB5365-6FF0-4DB9-9F5D-B0CD7599D378}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{A593528B-5B77-4665-AEE5-3D337248B40E}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{4DACDA58-61CA-4031-A428-11456B325C2F}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{BF25891A-45E1-493D-9BED-6E05518E7768}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3C89CEB6-22C5-4C81-8CFE-C1E1AD6AE5B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8916E4CD-B934-4730-B151-4FC22E837ED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8263EF20-9F8C-4FD7-8D76-06C28187B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{EC2A2203-C249-4370-86EA-59A8D5212EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C056DD5F-E720-41D4-938F-0278DF0D54DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0A9CA1CF-86C1-436E-B032-3E20DD07A098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE628170-CBB4-4C23-AB24-6BC0F1592C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{216B706A-C3A5-4E3C-8771-B360020B75C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{12AA05A6-3627-41DC-92F3-F08986F4F78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DF623493-0926-4AE0-A8D5-E217FFBE6447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8B30BFEF-3F88-44C9-AC1A-4DC546FDB195}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe FirewallRules: [{7CE6A016-CF4E-4D29-992E-B8EE4599E4CD}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe FirewallRules: [{27940FC2-9FE7-4A8F-84AF-A06E85A83F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7D34E463-080F-443F-9FA9-4ACCA24206BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B95C3AAA-3F4E-4E1D-A208-29C3545565B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B906CCF4-80D5-4CD4-9603-9FF84100A699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{326FE78E-F351-4C87-A16C-381780157764}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe FirewallRules: [{64676190-BE73-4980-AEAF-42199748B6CE}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe FirewallRules: [{5EC935AB-5534-428B-8FBF-0BC47240D9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{62872165-6851-4022-AFCF-7E906D667396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D75EA28D-AD7A-4E85-892A-891C46FFF86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{640BE1DE-2ADD-4C8E-864E-7E7D3D10B91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{19FFB3D8-2F76-41DF-AB01-50467813A802}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe FirewallRules: [UDP Query User{2972D3A0-A9B9-4CBF-95A1-2A666A72F68A}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe FirewallRules: [TCP Query User{0CD8E2FF-4545-4B4B-8D66-7BF1F74AC9DF}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe FirewallRules: [UDP Query User{46032CDC-75CF-4692-8C8A-36957C521A57}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe FirewallRules: [{9C7EE8F1-B35E-4863-8B1A-3ED8454EA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{99EA8F68-80AA-4055-A01C-43699DAA91E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{03D95A6A-685F-466C-98C0-D986B12D4B88}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe FirewallRules: [{BCF1B717-B045-4C3F-8CAE-DBD5A8AA7C67}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe FirewallRules: [{60A19530-8208-47E7-94BC-6F6A9D93FBE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5C9D1EAB-ADDF-4A75-A396-83C4C4BF9E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{782ABA6B-6DC4-4152-9236-ADD9B5BD74D9}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{365F048E-AB85-4013-BB14-692C1637B372}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [{C6FD957D-E4A9-4549-A970-1838E36A729E}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe FirewallRules: [{EA88F506-853D-4912-BF70-D45FF5AB6FF8}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe FirewallRules: [{EEF4523A-396C-44FA-B5BE-15CCF763FA30}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe FirewallRules: [{F4B21E1A-C35B-4D80-ABFD-CFBA43203F1C}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe FirewallRules: [{60252435-A527-434F-9DF2-B27FFF5CD23F}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe FirewallRules: [{EBB9C111-D496-49D6-BEF3-E3001E8BE4FF}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe FirewallRules: [{B3C0745B-4228-47F5-89B7-2210665BE324}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe FirewallRules: [{9F2FBEB0-EB57-4BA3-95C7-AB58E43AC4D7}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe FirewallRules: [{CDF9E0F7-31C2-4ED7-A3E2-E5F9F5FAE255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0D5D52F3-CDC6-41A4-BEC6-289583DD0DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{59724E98-D62D-4A59-825A-ADCEE2FD4903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{3AD44064-164F-44B2-A93E-34EF50531C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{B5F86C54-0C5E-498E-87B6-DB1B058B0725}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe FirewallRules: [UDP Query User{D4FA88F0-E58E-4FBE-9105-BBF8271204C3}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe FirewallRules: [TCP Query User{FF8E5D2B-1326-48FC-8E2E-AC8A39249884}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{6BC8A1B4-1DA4-4D44-A479-2B0ACCB116A2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [{423011CF-44C8-49E6-B8F3-DC43A28BCC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC7506D9-F22D-45DC-BEE9-815333852564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9E4A0B77-D02D-4AE7-AB3A-C0BDAA87C3E1}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe FirewallRules: [{41A8E798-0F8E-45D1-8432-93BCC53F010C}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe FirewallRules: [{58B807C3-12A1-4F88-86D3-401E0E5D893B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{38E77F40-5823-4948-A0BD-75E1A0329F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{912FB4D6-6906-4841-B32F-8B210D5932EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F3556B14-A9C5-4149-B0E5-B86D8D4FBC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{36C6FAE7-A1B4-467D-8DA6-2D3E84AEFDBE}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe FirewallRules: [{203530C5-6FE9-48D2-813C-2D07BA401471}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe FirewallRules: [{F7E08E27-5A8A-4F36-B3B8-41A77142B6D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{35B84057-4BE5-4F37-8017-38C5C92F176D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{90FF37EE-6DE0-4BCB-A38A-0527EBFB9934}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A6667DFF-1DC3-461D-921F-839E982B6711}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{827B06E0-3EED-460F-9A45-13CA94E3CD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{00C3DA68-1FAD-4CE7-8293-715F55F7D764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1117CAD7-9760-494E-9B86-CEF11A2B7499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F639E9C8-3166-4DFD-843E-3EDF757AB1A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{630A32F3-91D6-407A-A39C-76F0B21DA9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DB36951C-9C64-4581-8421-DE80AE6068D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{24D02B91-4A4F-4A67-9620-105BF2723A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{78D553BB-4727-4E3A-A2FA-38755C8A105E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{03AA0DB2-CD73-4DCB-BD67-CC434CC9E11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4DD0252A-5C13-4172-BC0A-58303FD5826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F46B26E6-231B-4527-AA28-53420113F5A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6C46B344-FE98-44AD-9225-6E2A5B30A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{835C5F12-A684-4118-BB4B-66127C15448E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A3767BB1-C791-45D3-9485-E93CB7B6FA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7EE37BB7-48F4-4915-B83B-5FAC8A0FC556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A8D5EE1B-3999-4A11-9806-1A0A38E46794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{725B656F-96A7-4C74-B4F3-6780E1F0D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9C97DF80-850C-4F31-B2CE-D94657968D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D6284FE9-50A1-4B2B-A10E-27B0ACD30DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{465CF54E-D5DE-4A56-A05B-B0240DD44CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5DFB7ED5-9F6A-4CD4-9ACC-EC6DBBAE8A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe FirewallRules: [{76427E99-8ADD-4DAA-81C4-417B7B8D5803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe FirewallRules: [{621937BD-D981-4C95-80FF-96A1D859EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe FirewallRules: [{49D86B97-9DDB-474C-BDF6-46AAA7A22AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe FirewallRules: [{CB826F54-CF36-47CF-9771-5468BD358D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{43B14C39-2595-47AD-A846-7C4639322005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BFE472BA-4B51-4E1B-B9F2-B5E45EC83B62}] => (Allow) C:\Users\User\AppData\Local\Amigo\Application\amigo.exe FirewallRules: [{88EDA688-0FB6-4A62-9531-D90EB7EC8304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{56238A4E-6EC3-4A06-864D-8D4CCE1A8D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C4045F01-3122-4AD9-89C0-8EC145FB05B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B817A402-3E58-4F00-A835-D22606A17D37}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{662193E9-A68A-4D55-9307-3C996B63617D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F4E404A0-EDC9-4DDD-BF47-7EBD0D1BF49C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C2438BBE-39A7-4563-BFA8-E2A7C232EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC29D20A-6294-4468-9F60-9D63F50FAAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4A8C0776-7287-4D0A-8B3D-4E374F50C99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{70B16ACD-0BDA-4D0A-92E7-4F844B81CEAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B7AAD675-94C9-402E-A31E-F4F8C3DB6AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7DCC45EF-FD28-4192-9DB1-4120267D3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7F24F3A0-91C3-47D8-A09D-B90624B51889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D29D4F65-F763-44CA-B4A0-7951FB1AC9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4F7B7C1E-9B81-4B26-9222-6308D447D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1F2AA15F-AC41-41D4-B26C-4BE7879BF73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B94FEEFC-8B36-4D6F-AEA2-B79160809F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FFA76159-E71D-4B66-B531-528E772AABB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{294C5491-44EF-4C32-833F-7A47B92D3E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F0049852-166A-430B-ABDC-E31AFEE48208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1633295D-608E-4823-B8C9-F3F64304DF2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{88EB08EA-20FE-40A8-B4DA-5478DE1C6070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D820E99A-5447-4D30-968F-564DC7788283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6868A4E1-9064-48FD-AFD5-18A89C12D027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{88CBAD27-EEF2-412D-B520-45BCBE9D5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FB9D0FCD-6EF0-41B1-A98E-B8BF9DE8DB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B335EB47-7C62-4F86-81EB-21EB578CD69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8F83D012-4B18-494C-B2DB-50F9B236F603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{89BF9A08-A450-452E-BFC1-E47CABA9C2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{22B41573-BC17-4BED-92B5-03B166A8FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A2DC8C65-2FEC-48BF-8EDC-F7610D09E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6098D482-AA02-4D27-8FCA-8E53529DE329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{44835A16-B98F-4E9C-B20C-D55D7FDDC723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CC61F07D-9938-4F86-8ECA-F52EBB314826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{761EB03A-7B83-4798-B117-270023D645FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E084600A-41D5-45C3-BA83-184C1DFD8244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC7664F2-15A6-4A5E-BA30-FD0101986538}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B38C225E-2605-4465-BE47-9581E1B3FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9CA93BEE-A804-4351-A83A-380CC15BEC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DBF2A0C7-4384-46D0-8A46-6EA75B99C6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0DFB5ACB-2F92-4B26-8A00-27BC796CC478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{026A940B-BB99-43FE-8F1F-F47903A19317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{432B677C-3DEE-4839-83B8-CBAC272C2A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe FirewallRules: [{94F1BDAC-7A35-44D0-AE9B-06E15F391CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe FirewallRules: [{3540031F-3367-4235-80B0-93077A812E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe FirewallRules: [{4C645D74-AA82-466E-8520-320BFBACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe FirewallRules: [{DBAE94C8-EE3F-4DDA-AC0F-C6935A69383C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe FirewallRules: [{143EDC98-D87C-428B-AB79-47A302A09757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe FirewallRules: [TCP Query User{FDE537CA-E52A-4D25-9F6B-FD6EC755942D}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe FirewallRules: [UDP Query User{039A8AAB-ABDC-4800-9763-7F90019E56D7}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe FirewallRules: [{92D2975F-0BB2-4FE1-A936-629F32C7AED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DACFF985-FF59-4A3E-BF2B-780C9D6A6055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9E75A87A-5A4E-4ED8-A03A-6B54CC46A85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5D1A7149-2EF4-4685-9815-677DAD18901B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8312F4C7-5536-4089-BD16-91DEF34305D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B3D074A5-F6D4-4935-96B9-F689C845C60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BA7BB3DA-A40E-4456-9516-C89FCD92E199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E0262FA2-2B8A-4222-BF9B-257FA27BA6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6989BDFA-687B-48EA-AA8A-A5200A2B353A}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe FirewallRules: [{083C1360-085E-4525-817F-F90C2C557CC1}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe FirewallRules: [{C6CA2DD7-326B-49DE-B6AC-3D87DF664902}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe FirewallRules: [{DBFBDD33-482A-491F-9188-19DEF84EA576}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe FirewallRules: [{E6557E5E-B934-420A-B65D-9934B5ADA2C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{89579B47-3D96-45FD-AB2D-17494569E478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7ED65494-7B82-44B0-B3E6-E6EF4734579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DF4B0940-FD83-41E2-9BAE-7F11AFC61529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E3631F91-5BEC-4F92-8EBB-5F2547A82356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{038EE9D5-17A0-4150-ACF2-428EAAC45D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{07A81033-B7A7-4C54-8D9D-5C02EB2155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{68FCFBAA-6ABC-4857-A106-AACCD03632D0}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{CB83078D-B89E-492D-8324-57F82B85F7B3}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [TCP Query User{A9EEBBF2-08B1-4E34-A9B7-92A11616D326}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe FirewallRules: [UDP Query User{8696CAE3-BC47-48D9-B41F-575582000442}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe FirewallRules: [{C85A76F9-3277-471A-A52B-AC30A11E2683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CF172423-3DB3-4FAF-84A1-53D28E503B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{23ACCB44-F3FF-4692-BAD4-74C883712C44}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{46D86578-0ADF-4724-9522-89069D5A4D16}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{9A1727CD-78DD-4CE3-89C6-712472CF6F96}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe FirewallRules: [{3CCFD425-FF43-44F6-A851-E06AE52C09F7}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe FirewallRules: [{6C96897F-08C9-4621-B756-D5F539FD5E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D34C83E2-7DFE-43D5-8623-2FC92E639A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{109F9CB0-6C76-4035-8711-5953365A529B}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe FirewallRules: [{759715BE-4C86-4840-9835-AA7B293C3665}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe FirewallRules: [{F518E36F-8DC9-42F3-B4EA-4C3922756AA3}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe FirewallRules: [{A996469D-C3DE-4BD2-BEBE-74AC2CCD95B7}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe FirewallRules: [{5EB33C3D-10D8-41BE-A53A-346FB28A9CD1}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe FirewallRules: [{D9903764-0E03-46DE-9E39-7A5F808FFF0D}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe FirewallRules: [{953B1213-B3E1-4A8B-92F0-410BDE9C56E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4C1F8611-EF12-4C66-8FEE-65E178BCC9A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F8589C90-AA03-4ECC-8144-1E37D929ECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{328AFA16-6784-4DB7-BD14-0ED2D494AA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2FA06BD2-3501-4D2A-8E5B-7310232281AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1FD13A20-E497-4505-874F-C3DCB875719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AC754828-832E-4D2A-8223-3E0A14610618}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe FirewallRules: [{CBBE9FC0-9003-4178-943F-55402DA95729}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe ==================== Restore Points ========================= 12-02-2017 10:02:40 Windows Update 15-02-2017 14:43:17 Windows Update 19-02-2017 14:53:59 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/21/2017 09:46:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (02/21/2017 09:46:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/21/2017 09:00:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vegas130.exe, version: 13.0.0.453, time stamp: 0x55720ce9 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f Exception code: 0xc0000374 Fault offset: 0x00000000000f8283 Faulting process id: 0x29dc Faulting application start time: 0x01d28c36350db08e Faulting application path: C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 92c30872-2ac3-497c-83d7-78e2b6c68df8 Faulting package full name: Faulting package-relative application ID: Error: (02/21/2017 08:54:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 08:53:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 08:38:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 08:37:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 07:58:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (02/21/2017 07:56:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/21/2017 07:56:22 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. System errors: ============= Error: (02/21/2017 09:49:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital). Error: (02/21/2017 09:46:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2017 09:45:35 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (02/21/2017 09:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2017 09:00:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2017 07:57:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 11:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 10:53:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 05:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 01:14:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-02-21 07:53:18.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-20 20:00:46.354 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-20 19:14:10.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-20 19:13:57.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-20 11:06:22.707 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-18 20:39:14.809 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-18 20:39:09.901 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-15 21:36:50.680 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-15 21:36:03.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-14 12:46:38.849 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz Percentage of memory in use: 36% Total physical RAM: 8127.55 MB Available physical RAM: 5144.28 MB Total Virtual: 18367.55 MB Available Virtual: 14500.03 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:243.65 GB) (Free:35.98 GB) NTFS Drive d: () (Fixed) (Total:687.37 GB) (Free:66.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B4E1C60) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
iskrentsbg Posted February 21, 2017 Author ID:1103283 Share Posted February 21, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017 Ran by User (administrator) on DESKTOP-EF75065 (21-02-2017 09:49:54) Running from C:\Users\User\Desktop\Malware Fighting tools Loaded Profiles: User (Available Profiles: User) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe () C:\Program Files (x86)\Windscribe\WindscribeService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Vimicro) C:\Windows\vmsnap3.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe () C:\Windows\Domino.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe () C:\Program Files (x86)\Windscribe\Windscribe.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Българска асоциация за компютърна лингвистика) C:\Program Files (x86)\BACL\SpeechLab\TTSProfileDlg.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-29] (Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.exe [49152 2006-07-18] (Vimicro) HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [49152 2006-07-04] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-08-19] (Razer Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-23] (AVAST Software) HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1368816 2016-07-04] (Bogdan Sharkov) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] () HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [iCall] => D:\James\iCall\iCall.exe HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1367432 2017-02-10] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-23] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk [2016-09-20] ShortcutTarget: Configure Bulgarian Speech.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe () GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 198.41.0.4 Tcpip\..\Interfaces\{89a31647-e35c-41e6-954a-95b1caae8c97}: [DhcpNameServer] 192.168.100.1 198.41.0.4 Internet Explorer: ================== HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-691218479-2863476526-4080224816-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: uq6to8j3.default FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default [2017-01-21] FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-23] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-23] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-21] <==== ATTENTION CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-11-17] CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27] CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27] CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27] CHR Extension: (Повиквания в Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-30] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-19] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14] CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27] CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16] CHR Extension: (Video Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-02-18] CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-18] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01] CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28] CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28] CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28] CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-02-01] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-28] CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28] CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-01] CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-28] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-23] (AVAST Software) S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed] R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-29] (Realtek Semiconductor) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-08-01] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] () R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmdag.sys [32699928 2017-02-13] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmpag.sys [525848 2017-02-13] (Advanced Micro Devices, Inc.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-23] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-23] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-23] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-23] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-23] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices) S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-10] (ELECOM) S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-10] (ELECOM) S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42184 2015-02-03] (Anchorfree Inc.) S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.) S3 vvftav303; C:\WINDOWS\system32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-26] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-26] (Zemana Ltd.) S3 ZSMC0303; C:\WINDOWS\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-21 09:47 - 2017-02-21 09:47 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignefef41194696fd6e 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndf4ac25f12e3024d 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign768d43647244ab66 2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-20 19:07 - 2017-02-20 19:07 - 00000222 _____ C:\Users\User\Desktop\Last Survivor.url 2017-02-20 11:10 - 2017-02-20 11:10 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN 2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings 2017-02-20 11:05 - 2017-02-20 11:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\AMD 2017-02-20 11:02 - 2017-02-20 11:02 - 34980000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170213_64bit.exe 2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c8a9d4eedf6ef7f 2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign55b33519653644d7 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda721cd187df812e 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbc772f732524804e 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5e7e968daba52c09 2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc25247caae1bdb34 2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8c85c7abbfb4329a 2017-02-18 13:57 - 2017-02-18 13:57 - 00351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign26ec685e02fca897 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign21c2d6389996e986 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1274dbcc845009c8 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbfd57de5041bf42d 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5000216ff848b5ff 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c67bf6492556570 2017-02-16 11:45 - 2017-02-16 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna2e887b47527c44d 2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5a321afbfa278a0f 2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2f93566971e86c30 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9c1f673b3cde819e 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign85eb0e50dca07ba1 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1662e630b5faedcf 2017-02-15 09:38 - 2017-02-15 09:38 - 00000222 _____ C:\Users\User\Desktop\Receiver.url 2017-02-15 09:38 - 2017-02-15 09:38 - 00000221 _____ C:\Users\User\Desktop\Overgrowth.url 2017-02-15 09:26 - 2017-02-15 09:26 - 00000221 _____ C:\Users\User\Desktop\World of Goo.url 2017-02-14 22:48 - 2017-02-15 09:24 - 00000222 _____ C:\Users\User\Desktop\The Witness.url 2017-02-14 22:40 - 2017-02-14 22:40 - 00000222 _____ C:\Users\User\Desktop\Stardew Valley.url 2017-02-14 22:23 - 2017-02-14 22:39 - 00000000 ____D C:\Users\User\Downloads\The Witness - HI2U 2017-02-14 20:09 - 2017-02-14 20:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc86765212109eec5 2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign958d8a35021e9629 2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1908629696da59f2 2017-02-13 22:24 - 2017-02-13 23:12 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ 2017-02-13 14:32 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00924696 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin 2017-02-13 14:32 - 2017-02-13 14:32 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin 2017-02-13 14:32 - 2017-02-13 14:32 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man 2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign857deb0bdb73acb8 2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign419e7ed1de275020 2017-02-13 13:10 - 2017-02-13 13:10 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign605236e60ce9aaf4 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignff63bc284cbd90cf 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c95620aa64e4fdd 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign30f42fb39380d4db 2017-02-12 22:23 - 2017-02-06 21:18 - 00000681 _____ C:\Users\User\Desktop\Nicks.txt 2017-02-12 22:23 - 2017-02-06 13:23 - 00763365 _____ C:\Users\User\Desktop\Bot3.91.jar 2017-02-12 22:23 - 2017-01-19 20:20 - 00026936 _____ C:\Users\User\Desktop\S5Proxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00007803 _____ C:\Users\User\Desktop\SSLProxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00002770 _____ C:\Users\User\Desktop\S4Proxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00000000 _____ C:\Users\User\Desktop\Alts.txt 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign80b7e0bbbacd2a06 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4270bfa142f5acb4 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign27e4e8f0c55f07f5 2017-02-11 18:55 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\ezBlueCC.aep Logs 2017-02-11 18:53 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\Adobe After Effects Auto-Save 2017-02-11 18:22 - 2017-02-11 18:22 - 00000222 _____ C:\Users\User\Desktop\Alien Isolation.url 2017-02-10 09:21 - 2017-02-10 09:21 - 00127368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll 2017-02-10 09:21 - 2017-02-10 09:21 - 00108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll 2017-02-09 19:54 - 2017-02-09 19:54 - 00000000 ____D C:\Users\User\AppData\Local\RadeonSettings 2017-02-09 13:31 - 2017-02-20 11:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml 2017-02-09 13:30 - 2017-02-09 13:30 - 34425000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170208_64bit.exe 2017-02-09 13:12 - 2017-02-09 13:19 - 00012572 _____ C:\Users\User\Documents\config.yml 2017-02-09 10:34 - 2017-02-09 11:39 - 00000000 ____D C:\Program Files (x86)\Gyazo 2017-02-09 10:34 - 2017-02-09 10:34 - 00003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily 2017-02-09 10:34 - 2017-02-09 10:34 - 00003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine 2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk 2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk 2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Gyazo 2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo 2017-02-08 20:54 - 2017-02-08 21:08 - 00000000 ____D C:\Users\User\Downloads\MAGIX Vegas Pro v14.0.0 Build 161 Multilingual Incl Patch [Androgalaxy] 2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3d12282ab427bec8 2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign39239f78e02ca690 2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign74eee52f224163ee 2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbd85422d21ec8249 2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb0c2129923b984ce 2017-02-06 22:27 - 2017-02-06 22:27 - 00000222 _____ C:\Users\User\Desktop\Winexy.url 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6ca18dacb411151 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0cdddfd4925af2e0 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign05a481d55b765b7a 2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncbf821141236de50 2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5b8ac7667ca308c7 2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a8db63a16d3873c 2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3a12c5d343562aa8 2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign88c394360d62b8f4 2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4d492f4d4cf17716 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignacf42cedff92350e 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign920bc04b317f3c5c 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign41acb30f43380c4f 2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf20ed834c64bce5a 2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign78852940e8698bfe 2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign980e1cdbc4ad1924 2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign856a6ec98db30213 2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf452e097946deb14 2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign208dc8b221361bd5 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignec3bc5d70bf4401b 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9e28fbe3fe233ff2 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2887591d55266b17 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf6b44f2e4cabd0f4 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignab87d13b5f08e818 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign19ca0aef7dcdb624 2017-02-03 10:32 - 2017-02-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-02-03 08:56 - 2017-02-13 14:32 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe 2017-02-03 08:56 - 2017-02-13 14:32 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe 2017-02-03 08:56 - 2017-02-13 14:32 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00170008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2017-02-03 08:56 - 2017-02-03 08:56 - 00248728 _____ C:\WINDOWS\SysWOW64\SETA5CD.tmp 2017-02-03 08:55 - 2017-02-13 14:32 - 09881624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 07928856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 02504728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 02186264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00536600 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00892440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00716824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll 2017-02-03 08:54 - 2017-02-13 14:31 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2017-02-03 08:53 - 2017-02-13 14:31 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2017-02-03 08:52 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2017-02-03 08:52 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2017-02-03 08:51 - 2017-02-13 14:31 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2017-02-03 08:51 - 2017-02-13 14:31 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2017-02-03 02:24 - 2017-02-13 14:32 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2017-02-03 02:24 - 2017-02-13 14:32 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb 2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json 2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbf476638c5dc2fb2 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb43b7346a26da930 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0681dd8df1c9c9f4 2017-02-01 23:06 - 2017-02-01 23:11 - 00000527 _____ C:\Users\User\Desktop\New Text Document (3).txt 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Fiends of Imprisonment.url 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Break Into Zatwor.url 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Absconding Zatwor.url 2017-02-01 19:17 - 2017-02-01 19:17 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\Program Files\CPUID 2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7af2337b62eca833 2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a79f6746ae3a888 2017-02-01 17:28 - 2017-02-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard 2017-02-01 17:27 - 2017-02-20 11:10 - 00000000 ____D C:\Program Files (x86)\AMD 2017-02-01 17:25 - 2017-02-09 13:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-02-01 17:25 - 2016-12-15 21:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-02-01 17:25 - 2016-12-15 21:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-02-01 17:25 - 2016-12-15 21:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-02-01 17:25 - 2016-12-15 21:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\ATI 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ATI 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\ProgramData\ATI 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc1b4321d69503d89 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb64107e48a10520e 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0ca5cf2df4cd7b05 2017-02-01 14:03 - 2017-02-09 13:34 - 00000000 ____D C:\WINDOWS\LastGood 2017-01-31 15:26 - 2017-02-01 14:13 - 00000000 ____D C:\Users\User\AppData\Local\AMD 2017-01-31 15:24 - 2017-01-31 15:24 - 00000000 ____D C:\WINDOWS\system32\яяяяяяяяerStore 2017-01-31 15:23 - 2017-02-21 09:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-01-31 15:23 - 2017-02-20 11:02 - 00000000 ____D C:\AMD 2017-01-31 15:23 - 2017-02-01 17:28 - 00000000 ____D C:\Program Files\AMD 2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ff7b4e41c5008c7 2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ac6517316836db7 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne67f0245aa8e982d 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda8c29a69208b22d 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign47ea9b80be2f317d 2017-01-30 21:04 - 2017-01-30 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43cb80db0f33b781 2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9183e6f170dfbfad 2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1ac2641ef8248637 2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg.bak 2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg 2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb37f7d541af60a3f 2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign003627890c2564f3 2017-01-30 13:39 - 2017-01-30 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++ 2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbcd33d395956c38e 2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8ca3b849d96dd188 2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa23bfac505a06e8 2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3bc1033ae442c0f0 2017-01-29 20:01 - 2017-01-29 20:01 - 04039535 _____ C:\Users\User\Documents\ezBlueCC.aep 2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna9c1c409d0138a6d 2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3ab36616700399dc 2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9362115c96600750 2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign556ef54085dadc11 2017-01-29 14:41 - 2017-01-29 14:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb3fd7c8b529bf327 2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9539e6bc494fa519 2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5f511921f3a57edb 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne7ac829965aebc49 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb8864999a988e18a 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb76ded90fad24975 2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncd9cd9bd1d66a919 2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign183c617a5be2fd95 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndefb682f86df1e11 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb216085f45055496 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8898d78a46fbfb65 2017-01-25 21:35 - 2017-02-04 13:40 - 00000000 _____ C:\Users\User\Desktop\New Text Document (2).txt 2017-01-25 12:49 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 12:49 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-25 01:29 - 2017-02-13 14:32 - 01262616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2017-01-25 01:29 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2017-01-25 01:29 - 2017-02-13 14:32 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2017-01-25 01:29 - 2017-02-03 08:56 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SETA51C.tmp 2017-01-25 01:29 - 2017-02-03 08:55 - 01355672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETA18E.tmp 2017-01-25 01:29 - 2017-02-03 08:55 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETA72C.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 01351192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET472F.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 01015832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5028.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00909336 _____ (AMD) C:\WINDOWS\system32\SET84E.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00305176 _____ (AMD) C:\WINDOWS\system32\SET5D6.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00258072 _____ C:\WINDOWS\SysWOW64\SET4E3C.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00038424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET4BE5.tmp 2017-01-25 01:29 - 2016-12-29 08:23 - 00029072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET512C.tmp 2017-01-25 01:29 - 2016-12-29 08:21 - 01355664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET4D31.tmp 2017-01-25 01:29 - 2016-12-29 08:21 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5648.tmp 2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndd4d997659f04a51 2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign14960739aefee3df 2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5d86ad4db91613f4 2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3209b14e9177834e 2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0b12dcaad71907ca 2017-01-23 18:27 - 2017-01-24 21:28 - 05403221 _____ C:\Users\User\Desktop\Австралия – Природни зони.pptx 2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncec8b6d6eacebce7 2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4fa2e7d167b1ab01 2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1afa1f635f90e65c ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-21 09:50 - 2016-09-26 17:52 - 00064874 _____ C:\WINDOWS\ZAM.krnl.trace 2017-02-21 09:50 - 2016-09-26 17:52 - 00033760 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-02-21 09:49 - 2016-09-25 21:52 - 00000000 ____D C:\FRST 2017-02-21 09:49 - 2016-09-25 21:21 - 00000000 ____D C:\Users\User\Desktop\Malware Fighting tools 2017-02-21 09:48 - 2016-09-24 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-21 09:48 - 2016-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-21 09:46 - 2016-09-21 16:49 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-02-21 09:46 - 2016-09-20 06:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-21 09:46 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-21 09:45 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PLA 2017-02-21 09:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-21 09:20 - 2016-07-12 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2017-02-21 09:00 - 2016-08-31 17:25 - 00000000 ____D C:\ProgramData\rgt 2017-02-21 08:57 - 2016-07-12 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft 2017-02-21 08:15 - 2016-07-15 19:31 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla 2017-02-20 23:01 - 2016-09-20 06:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-20 22:10 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-02-20 22:09 - 2016-11-18 21:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net 2017-02-20 19:07 - 2016-07-12 20:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-02-20 18:30 - 2016-07-14 17:03 - 00000000 ____D C:\Users\User\Documents\OFX Presets 2017-02-20 17:10 - 2016-07-12 12:23 - 01649248 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-20 17:07 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-20 13:08 - 2016-07-29 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio 2017-02-20 11:04 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-18 22:26 - 2016-07-28 17:06 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables 2017-02-18 18:54 - 2016-08-01 21:01 - 00000022 _____ C:\Users\User\Desktop\RANKOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.txt 2017-02-18 18:49 - 2016-12-09 19:09 - 00000052 _____ C:\Users\User\Desktop\secret.txt 2017-02-18 16:59 - 2016-10-03 07:33 - 00000304 _____ C:\Users\User\Desktop\SFCFix.txt 2017-02-18 16:21 - 2016-09-25 21:18 - 00001622 _____ C:\Users\User\Desktop\Rkill.txt 2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\Users\User\AppData\Local\niemiro 2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\SFCFix 2017-02-18 14:00 - 2016-09-26 12:46 - 00000000 ____D C:\AdwCleaner 2017-02-18 07:42 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-17 13:00 - 2016-08-22 22:19 - 00000402 _____ C:\Users\User\Desktop\aaaaaaaaa.txt 2017-02-16 10:04 - 2016-11-10 17:53 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-16 10:04 - 2016-07-12 12:21 - 00002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-16 10:04 - 2016-07-12 12:21 - 00000000 ___RD C:\Users\User\OneDrive 2017-02-14 22:59 - 2016-07-12 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent 2017-02-13 14:32 - 2016-12-29 08:24 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2017-02-13 12:51 - 2016-10-01 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\discord 2017-02-12 11:17 - 2016-07-12 12:39 - 00000000 ____D C:\ProgramData\Skype 2017-02-12 10:06 - 2017-01-09 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC 2017-02-12 10:06 - 2016-11-14 13:53 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2017-02-12 10:06 - 2016-09-23 15:07 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-11 16:39 - 2016-09-30 19:08 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2015 2017-02-10 13:43 - 2016-07-13 09:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony 2017-02-07 22:51 - 2017-01-06 22:38 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 22:51 - 2017-01-06 22:38 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-07 09:46 - 2016-12-01 08:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-02-03 10:32 - 2017-01-18 12:54 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-02-03 08:56 - 2016-12-29 08:23 - 00922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll 2017-02-02 21:32 - 2016-07-12 12:39 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-01 21:40 - 2016-07-28 16:59 - 00000000 ____D C:\Users\User\Documents\My Games 2017-02-01 14:11 - 2016-07-26 09:08 - 00000774 _____ C:\Users\User\Desktop\nativelog.txt 2017-01-31 13:29 - 2016-07-12 12:55 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles 2017-01-30 18:56 - 2016-12-22 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\VEGAS 2017-01-30 12:50 - 2016-07-12 12:19 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2017-01-28 13:15 - 2016-07-13 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games 2017-01-25 16:03 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-22 23:01 - 2016-08-01 14:44 - 00001879 _____ C:\Users\User\Desktop\SOCKS_proxies.txt ==================== Files in the root of some directories ======= 2016-07-23 20:21 - 2016-07-23 20:21 - 20982175 _____ () C:\Users\User\AppData\Roaming\xulrunner.zip 2016-08-04 18:16 - 2016-08-04 18:16 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-07-23 20:50 - 2016-08-03 17:43 - 0007628 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2016-07-12 20:40 - 2016-07-12 20:40 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml 2017-02-09 13:31 - 2017-02-20 11:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-10 18:22 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
iskrentsbg Posted February 25, 2017 Author ID:1104278 Share Posted February 25, 2017 Hello.From 1 month i'm infected with annoying russian adware which takes me to ad domains like for example "globalworldcityy.ru/otoxym" and "puklisi.ru".I tried to remove it with ADWCleaner,Avast,MalwareBytes,Eset Online scanner,zemana anti-malware and Sophos Virus removal tools but no one of these things helper.(I worked without instructions I have little expirience with that).Please help me.Thanks Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21.2.2017 г. Scan Time: 9:07 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.02.21.01 Rootkit Database: v2017.02.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 399128 Time Elapsed: 36 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35], PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\globalworldcityy, Delete-on-Reboot, [9afbb5f02b7dc3733b3e9a1f649c2fd1], Registry Values: 1 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}|Path, \globalworldcityy, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.StartPage, C:\Windows\System32\Tasks\globalworldcityy, Quarantined, [b6df00a52781c5718e84f0c99c6431cf], Physical Sectors: 0 (No malicious items detected) (end) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017 Ran by User (21-02-2017 09:51:49) Running from C:\Users\User\Desktop\Malware Fighting tools Windows 10 Pro Version 1607 (X64) (2016-09-20 09:49:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-691218479-2863476526-4080224816-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-691218479-2863476526-4080224816-503 - Limited - Disabled) Guest (S-1-5-21-691218479-2863476526-4080224816-501 - Limited - Disabled) User (S-1-5-21-691218479-2863476526-4080224816-1001 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 24 HOURS (HKLM\...\Steam App 485580) (Version: - MysticGames) A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - ) A4 TECH PC Camera H (HKLM-x32\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.0 - Vimicro Corporation) A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - Vimicro) Absconding Zatwor (HKLM\...\Steam App 385200) (Version: - Zonitron Productions) Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated) Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) Alien: Isolation (HKLM\...\Steam App 214490) (Version: - Creative Assembly) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation) Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlerite (HKLM\...\Steam App 504370) (Version: - Stunlock Studios) BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.) Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.) Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games) Break Into Zatwor (HKLM\...\Steam App 395980) (Version: - Zonitron Productions) Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform) Charles 4.0 (HKLM\...\{E0A65A42-FEA8-4BF1-AB8E-B28821357268}) (Version: 4.0.0.19 - XK72 Ltd) Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine) Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - ) Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC) Counter-Strike CSS Edition 1.6 (HKLM-x32\...\Counter-Strike CSS Edition 1.6) (Version: - ) Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.35.1.6 - Valve Software) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Crack NewBlue ColorFast 3.0 build 121113 (HKLM-x32\...\Crack NewBlue ColorFast 3.0 build 121113_is1) (Version: - ) Crack NewBlue Creative Effects V3.0 Build 121113 (HKLM-x32\...\Crack NewBlue Creative Effects V3.0 Build 121113_is1) (Version: - ) Crack NewBlue Transitions Pack v3.0 build 121113 (HKLM-x32\...\Crack NewBlue Transitions Pack v3.0 build 121113_is1) (Version: - ) Crack NewBlue Video Essentials Tools V3.0 Build 121113I (x86) (HKLM-x32\...\Crack NewBlue Video Essentials Tools V3.0 Build ~EFB930F3_is1) (Version: - ) Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar) Discord (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DISTRAINT (HKLM\...\Steam App 395170) (Version: - Jesse Makkonen) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden Enter the Gungeon (HKLM\...\Steam App 311690) (Version: - Dodge Roll) FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision) Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version: - Zonitron Productions) FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse) Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version: - Panoramik Inc) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - ) GenArts Sapphire Plug-ins 6.13 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - ) GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version: - ) Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version: - insayn) K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - ) Last Survivor (HKLM\...\Steam App 463620) (Version: - Original Games) League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains) Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.) Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Mike Crash's Vegas Filters Uninstall (HKLM-x32\...\Mike Crash Vegas Filters) (Version: - ) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Minecraft: Story Mode - A Telltale Games Series - Episode 1 (HKLM\...\Steam App 560040) (Version: - Telltale Games) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) Minion Masters (HKLM\...\Steam App 489520) (Version: - BetaDwarf) Monsti (HKLM\...\Steam App 526790) (Version: - Unika Games) Mozilla Firefox 48.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 bg)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version: - ) NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version: - ) NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version: - ) NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue) NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version: - ) NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version: - ) NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue) NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version: - ) NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue) NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Overgrowth (HKLM\...\Steam App 25000) (Version: - Wolfire) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Pixel Puzzles Ultimate (HKLM\...\Steam App 351030) (Version: - Decaying Logic) Plantera (HKLM\...\Steam App 421040) (Version: - VaragtP) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.5.7.57 - Razer Inc.) RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.) Receiver (HKLM\...\Steam App 234190) (Version: - Wolfire Games) Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC) ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - ) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) SpeechLab (HKLM-x32\...\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}) (Version: 1.0.0 - BACL) Spermination (HKLM\...\Steam App 363460) (Version: - Phr00t's Software) SPINGUN (HKLM\...\Steam App 548230) (Version: - Fermenter Games) Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamline (HKLM\...\Steam App 252850) (Version: - Proletariat Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Witness (HKLM\...\Steam App 210970) (Version: - Thekla, Inc.) Trapcode Suite v13.0.3 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.3 - Red Giant, LLC) Trove (HKLM\...\Steam App 304050) (Version: - Trion Worlds) TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.4.1f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS) Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation) VS Update core components (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden vs_update3notification (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden WayOut (HKLM\...\Steam App 551110) (Version: - Konstructors) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden Windscribe version 1.59 build 10 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.59 build 10 - Windscribe) Winexy (HKLM\...\Steam App 577740) (Version: - Heaven Brotherhood) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {033C4581-6095-4955-AE1D-18B48EA2D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {0650722C-556F-4689-9530-50B3A7FA162F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation) Task: {0E67BFAA-FC80-4A34-89B0-509C7B1036B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {2585EB47-A12D-4171-A9C1-5907CE2078E2} - System32\Tasks\TaskSched => Chrome.exe hxxp://gjdksleeeee.ru/eloxym Task: {357A5796-602D-4D35-9B60-514E140BBAFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.) Task: {468DC828-22D4-4C44-8EE2-26F9B960E9E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4CEB3BB4-8F2F-486A-A6B7-C84499DF5F71} - System32\Tasks\{5C066DAE-FB13-483C-BE23-A69C5C4EC109} => pcalua.exe -a "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]\SpeakText.exe" -d "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]" Task: {6170626D-3C5D-4C9F-B2E9-34F61090ADEB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {6221933B-222E-45E3-8E8E-3AD711C62F71} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2016-02-08] () Task: {7AB6445E-57CC-48BB-A5EA-7CCA84FB5E17} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] () Task: {7E3F2FA5-AF10-4AA2-A5D7-DF1867E0751E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.) Task: {801754FA-821A-4AEE-AF7D-A959F9534F84} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] () Task: {92333B72-C092-4CED-83F0-7946F94CD656} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {99868715-6BE5-4495-B53F-C3CFE389FBE8} - System32\Tasks\SafeZone scheduled Autoupdate 1474658096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {BD4B5B7F-5C97-4493-A05F-DEB77DAF04FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.) Task: {F6801EA8-9497-48D3-B5CA-A616D2A10CDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd) Task: {FB3E981A-AA84-4FF4-84DD-F8309D93B584} - System32\Tasks\{179AE184-A649-4CA8-A3D0-6C614864584D} => pcalua.exe -a "C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers\Social Club v1.1.5.8 Setup.exe" -d C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\User\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\771f8bd89de33137\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData --app-id=gfdkimpbcpahaombhbimeihdjnejgicl ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-19 21:10 - 2016-07-19 21:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-08-02 19:04 - 2016-07-24 01:38 - 00047208 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-06-30 05:23 - 2016-06-30 05:23 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll 2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-09-20 20:51 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 10:18 - 2016-12-21 04:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-02-07 22:51 - 2017-02-01 06:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 22:51 - 2017-02-01 06:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-10-30 10:26 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe 2016-08-02 19:04 - 2016-07-24 01:38 - 07647848 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe 2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2017-01-23 07:07 - 2017-01-23 07:08 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2017-02-18 07:42 - 2017-02-18 07:42 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-18 07:42 - 2017-02-18 07:42 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-18 07:42 - 2017-02-18 07:42 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-07 10:00 - 2017-02-07 10:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll 2016-06-27 12:22 - 2016-06-27 12:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-02-20 21:09 - 2017-02-20 21:09 - 05876224 _____ () C:\Program Files\AVAST Software\Avast\defs\17022002\algo.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-08-12 10:35 - 2016-08-12 10:35 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll 2016-07-12 18:53 - 2016-12-23 15:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-07-12 18:53 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 00638976 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL 2016-08-02 19:04 - 2016-04-26 22:04 - 01264128 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-13 10:53 - 2017-01-13 10:53 - 01082880 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-13 10:53 - 2017-01-13 10:53 - 03750400 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-13 10:53 - 2017-01-13 10:53 - 00914432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-13 10:53 - 2017-01-13 10:53 - 01127424 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\keyhook.dll 2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\SpeakTextCom.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-09-10 13:41 - 2016-08-01 13:20 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll 2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2017-01-12 08:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-21 09:48 - 2017-02-21 09:48 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\8042.tmp.node 2017-01-13 10:53 - 2017-01-13 10:53 - 02658304 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2016-12-14 12:27 - 2017-01-05 00:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ:1 [898] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 04:24 - 2016-12-03 08:56 - 00000116 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.100.1 - 198.41.0.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{DBDCB109-955C-4942-8527-AFA42960EAAA}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe FirewallRules: [TCP Query User{8CE20F01-1CCD-4410-86B0-C4CF7FEA37C6}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe FirewallRules: [{E011C6A1-7651-4FAD-8E09-99F7CEA118CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4BADF7BF-E48F-4A25-AB9F-5A14C5CC32E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{2C01EF1C-35D0-49D4-8CC5-55319149F0E0}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{D3D2C64C-6231-4D41-B3C0-4AC77359CF41}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe FirewallRules: [{47F4AEF8-48EE-4EB3-AC9C-03CA0B2D102B}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5951E8A7-DDDC-4B36-B326-2D087F9AC8E5}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe FirewallRules: [{4ED8F7F7-A7A5-4001-B42A-942424D97E81}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe FirewallRules: [{BBCD2C6D-E774-476B-90AE-69FBE65BA5C7}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E3341384-1A64-4E4F-9416-5D1BDA6D1B61}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe FirewallRules: [{427714CC-A96E-44D7-9E0D-1A39057908CC}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe FirewallRules: [UDP Query User{4D6D4A2D-2A13-4E51-A557-167F84D23718}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe FirewallRules: [TCP Query User{5F96416E-CDE2-48EC-ADC1-9733174C8067}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe FirewallRules: [UDP Query User{E1FEF267-D6E7-4419-9C1A-3F0CD63167C6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{5AC975BD-BEBB-4554-A782-B852B0DDF0A7}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{D07A55E2-534B-4A79-8E28-54AC84E14FF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{DB2F543D-4785-4122-8FFC-D448EE29778F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [UDP Query User{AB3946FD-4208-4E40-870F-42E1DCA1BA36}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe FirewallRules: [TCP Query User{98A40DD3-8AA4-4736-B9CF-CD9D98F012FF}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe FirewallRules: [UDP Query User{04005185-2EF0-489A-8FDE-F323FE07816D}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe FirewallRules: [TCP Query User{924ACA3C-A74E-4D08-9199-8B8F546148B2}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe FirewallRules: [{120C565E-B894-4C86-BF94-0B0B50185252}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{33A206E9-2C9D-417A-9DBF-1C94A4DE156D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{E4F6FF23-1439-492F-8A75-B97B11CECAD7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{98C53AF6-FF7D-48B4-8DF4-1B696CDB64CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2AB8580D-6BE2-45B9-B646-92B65C3C2374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{987D3D80-BA00-4C26-8003-3E93F727F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1865D1D6-89F6-4CBF-AF67-8A024D3E36DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9FED75D9-A3B1-474A-B0FC-BB05F83A15FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8A682E27-8475-4089-BB91-E8AC431B06E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{75A964A0-82AB-4766-8BB2-F53CFDF6E874}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{04595A0D-32AF-4023-953A-118169CA1F02}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [UDP Query User{89446BC2-5F21-4756-BF54-223F2B6BF3B6}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [TCP Query User{23F75D1A-A81E-4982-84CD-224F413EA478}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [{F607EE37-6B9B-4443-860C-91715CFBAA1E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{E12B1A35-4636-449D-987F-670928EA3D31}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{3801F88B-5471-4857-9768-26364727A9C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{15D60289-A385-4F45-9728-6B03FEB46E0E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{DE4C9ED2-C757-4710-A881-BEB4A7C62DA8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{303C1E4B-DA58-42E7-9404-785D806BE847}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{C6083222-6B6A-4432-8C02-42B0600CFE5C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{D475B9C9-FD81-445D-807D-69F396B0EB5E}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{A999C29A-E1DB-4E85-8AAF-43497101F34F}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{D0263CE3-8D4B-4A11-B90A-8A70C51504B2}] => (Allow) C:\Users\User\AppData\Local\Temp\is-N3OMN.tmp\download\MiniThunderPlatform.exe FirewallRules: [{7B18ED13-B200-4925-A189-70EEAEE2FCFE}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe FirewallRules: [{5AF9732A-0B32-48C8-8DBE-8298B12133F5}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe FirewallRules: [{47D684F7-14F2-4E50-A538-6A6BE2D92370}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe FirewallRules: [{D34F7BAF-5BF1-47AC-BA10-86190911031D}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe FirewallRules: [{D2D03F12-E0A2-4F9B-9BED-9E5BF0F54301}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{72F22AA6-8F9C-403B-8EC1-4D09622E19D6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe FirewallRules: [{ECE9D62E-798E-4739-A2EA-BE7A1C84A266}] => (Allow) D:\Niche.v0.0.7\Unity\Editor\Unity.exe FirewallRules: [{79F44869-7B74-4BB6-B246-B3AC7C9E4C8B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{3398C9EA-3672-4BF0-A2A7-E4CDAB272BFF}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{320FB54C-A1CC-4890-9A11-5E1961F2AB4F}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [TCP Query User{00DFE3AA-92B0-4DDE-9520-19914B62F214}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe FirewallRules: [UDP Query User{4888F1C6-830E-4C8F-99BB-A4E76C27815F}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe FirewallRules: [{2CD5D846-3D3E-4236-93BF-B2EB7B9EC2F6}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{51AF039C-0028-4E92-A518-6CBBA1DF424B}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [TCP Query User{80A09AA2-7818-4105-90F9-8D3D71103E2C}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{B9A135AA-423E-4FF6-B7C4-C293CA6F2499}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{92FB818C-BFFF-42E0-B7B8-C811146414A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe FirewallRules: [{B976F08A-E3AA-4E1C-914E-2D49F9B73CA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe FirewallRules: [{BCAB5365-6FF0-4DB9-9F5D-B0CD7599D378}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{A593528B-5B77-4665-AEE5-3D337248B40E}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{4DACDA58-61CA-4031-A428-11456B325C2F}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{BF25891A-45E1-493D-9BED-6E05518E7768}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3C89CEB6-22C5-4C81-8CFE-C1E1AD6AE5B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8916E4CD-B934-4730-B151-4FC22E837ED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8263EF20-9F8C-4FD7-8D76-06C28187B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{EC2A2203-C249-4370-86EA-59A8D5212EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C056DD5F-E720-41D4-938F-0278DF0D54DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0A9CA1CF-86C1-436E-B032-3E20DD07A098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE628170-CBB4-4C23-AB24-6BC0F1592C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{216B706A-C3A5-4E3C-8771-B360020B75C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{12AA05A6-3627-41DC-92F3-F08986F4F78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DF623493-0926-4AE0-A8D5-E217FFBE6447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8B30BFEF-3F88-44C9-AC1A-4DC546FDB195}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe FirewallRules: [{7CE6A016-CF4E-4D29-992E-B8EE4599E4CD}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe FirewallRules: [{27940FC2-9FE7-4A8F-84AF-A06E85A83F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7D34E463-080F-443F-9FA9-4ACCA24206BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B95C3AAA-3F4E-4E1D-A208-29C3545565B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B906CCF4-80D5-4CD4-9603-9FF84100A699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{326FE78E-F351-4C87-A16C-381780157764}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe FirewallRules: [{64676190-BE73-4980-AEAF-42199748B6CE}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe FirewallRules: [{5EC935AB-5534-428B-8FBF-0BC47240D9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{62872165-6851-4022-AFCF-7E906D667396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D75EA28D-AD7A-4E85-892A-891C46FFF86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{640BE1DE-2ADD-4C8E-864E-7E7D3D10B91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{19FFB3D8-2F76-41DF-AB01-50467813A802}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe FirewallRules: [UDP Query User{2972D3A0-A9B9-4CBF-95A1-2A666A72F68A}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe FirewallRules: [TCP Query User{0CD8E2FF-4545-4B4B-8D66-7BF1F74AC9DF}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe FirewallRules: [UDP Query User{46032CDC-75CF-4692-8C8A-36957C521A57}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe FirewallRules: [{9C7EE8F1-B35E-4863-8B1A-3ED8454EA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{99EA8F68-80AA-4055-A01C-43699DAA91E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{03D95A6A-685F-466C-98C0-D986B12D4B88}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe FirewallRules: [{BCF1B717-B045-4C3F-8CAE-DBD5A8AA7C67}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe FirewallRules: [{60A19530-8208-47E7-94BC-6F6A9D93FBE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5C9D1EAB-ADDF-4A75-A396-83C4C4BF9E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{782ABA6B-6DC4-4152-9236-ADD9B5BD74D9}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{365F048E-AB85-4013-BB14-692C1637B372}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [{C6FD957D-E4A9-4549-A970-1838E36A729E}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe FirewallRules: [{EA88F506-853D-4912-BF70-D45FF5AB6FF8}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe FirewallRules: [{EEF4523A-396C-44FA-B5BE-15CCF763FA30}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe FirewallRules: [{F4B21E1A-C35B-4D80-ABFD-CFBA43203F1C}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe FirewallRules: [{60252435-A527-434F-9DF2-B27FFF5CD23F}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe FirewallRules: [{EBB9C111-D496-49D6-BEF3-E3001E8BE4FF}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe FirewallRules: [{B3C0745B-4228-47F5-89B7-2210665BE324}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe FirewallRules: [{9F2FBEB0-EB57-4BA3-95C7-AB58E43AC4D7}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe FirewallRules: [{CDF9E0F7-31C2-4ED7-A3E2-E5F9F5FAE255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0D5D52F3-CDC6-41A4-BEC6-289583DD0DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{59724E98-D62D-4A59-825A-ADCEE2FD4903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{3AD44064-164F-44B2-A93E-34EF50531C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{B5F86C54-0C5E-498E-87B6-DB1B058B0725}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe FirewallRules: [UDP Query User{D4FA88F0-E58E-4FBE-9105-BBF8271204C3}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe FirewallRules: [TCP Query User{FF8E5D2B-1326-48FC-8E2E-AC8A39249884}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{6BC8A1B4-1DA4-4D44-A479-2B0ACCB116A2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [{423011CF-44C8-49E6-B8F3-DC43A28BCC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC7506D9-F22D-45DC-BEE9-815333852564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9E4A0B77-D02D-4AE7-AB3A-C0BDAA87C3E1}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe FirewallRules: [{41A8E798-0F8E-45D1-8432-93BCC53F010C}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe FirewallRules: [{58B807C3-12A1-4F88-86D3-401E0E5D893B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{38E77F40-5823-4948-A0BD-75E1A0329F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{912FB4D6-6906-4841-B32F-8B210D5932EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F3556B14-A9C5-4149-B0E5-B86D8D4FBC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{36C6FAE7-A1B4-467D-8DA6-2D3E84AEFDBE}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe FirewallRules: [{203530C5-6FE9-48D2-813C-2D07BA401471}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe FirewallRules: [{F7E08E27-5A8A-4F36-B3B8-41A77142B6D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{35B84057-4BE5-4F37-8017-38C5C92F176D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{90FF37EE-6DE0-4BCB-A38A-0527EBFB9934}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A6667DFF-1DC3-461D-921F-839E982B6711}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{827B06E0-3EED-460F-9A45-13CA94E3CD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{00C3DA68-1FAD-4CE7-8293-715F55F7D764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1117CAD7-9760-494E-9B86-CEF11A2B7499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F639E9C8-3166-4DFD-843E-3EDF757AB1A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{630A32F3-91D6-407A-A39C-76F0B21DA9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DB36951C-9C64-4581-8421-DE80AE6068D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{24D02B91-4A4F-4A67-9620-105BF2723A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{78D553BB-4727-4E3A-A2FA-38755C8A105E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{03AA0DB2-CD73-4DCB-BD67-CC434CC9E11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4DD0252A-5C13-4172-BC0A-58303FD5826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F46B26E6-231B-4527-AA28-53420113F5A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6C46B344-FE98-44AD-9225-6E2A5B30A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{835C5F12-A684-4118-BB4B-66127C15448E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A3767BB1-C791-45D3-9485-E93CB7B6FA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7EE37BB7-48F4-4915-B83B-5FAC8A0FC556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A8D5EE1B-3999-4A11-9806-1A0A38E46794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{725B656F-96A7-4C74-B4F3-6780E1F0D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9C97DF80-850C-4F31-B2CE-D94657968D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D6284FE9-50A1-4B2B-A10E-27B0ACD30DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{465CF54E-D5DE-4A56-A05B-B0240DD44CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5DFB7ED5-9F6A-4CD4-9ACC-EC6DBBAE8A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe FirewallRules: [{76427E99-8ADD-4DAA-81C4-417B7B8D5803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe FirewallRules: [{621937BD-D981-4C95-80FF-96A1D859EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe FirewallRules: [{49D86B97-9DDB-474C-BDF6-46AAA7A22AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe FirewallRules: [{CB826F54-CF36-47CF-9771-5468BD358D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{43B14C39-2595-47AD-A846-7C4639322005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BFE472BA-4B51-4E1B-B9F2-B5E45EC83B62}] => (Allow) C:\Users\User\AppData\Local\Amigo\Application\amigo.exe FirewallRules: [{88EDA688-0FB6-4A62-9531-D90EB7EC8304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{56238A4E-6EC3-4A06-864D-8D4CCE1A8D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C4045F01-3122-4AD9-89C0-8EC145FB05B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B817A402-3E58-4F00-A835-D22606A17D37}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{662193E9-A68A-4D55-9307-3C996B63617D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F4E404A0-EDC9-4DDD-BF47-7EBD0D1BF49C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C2438BBE-39A7-4563-BFA8-E2A7C232EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC29D20A-6294-4468-9F60-9D63F50FAAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4A8C0776-7287-4D0A-8B3D-4E374F50C99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{70B16ACD-0BDA-4D0A-92E7-4F844B81CEAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B7AAD675-94C9-402E-A31E-F4F8C3DB6AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7DCC45EF-FD28-4192-9DB1-4120267D3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7F24F3A0-91C3-47D8-A09D-B90624B51889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D29D4F65-F763-44CA-B4A0-7951FB1AC9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4F7B7C1E-9B81-4B26-9222-6308D447D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1F2AA15F-AC41-41D4-B26C-4BE7879BF73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B94FEEFC-8B36-4D6F-AEA2-B79160809F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FFA76159-E71D-4B66-B531-528E772AABB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{294C5491-44EF-4C32-833F-7A47B92D3E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F0049852-166A-430B-ABDC-E31AFEE48208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1633295D-608E-4823-B8C9-F3F64304DF2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{88EB08EA-20FE-40A8-B4DA-5478DE1C6070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D820E99A-5447-4D30-968F-564DC7788283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6868A4E1-9064-48FD-AFD5-18A89C12D027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{88CBAD27-EEF2-412D-B520-45BCBE9D5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FB9D0FCD-6EF0-41B1-A98E-B8BF9DE8DB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B335EB47-7C62-4F86-81EB-21EB578CD69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8F83D012-4B18-494C-B2DB-50F9B236F603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{89BF9A08-A450-452E-BFC1-E47CABA9C2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{22B41573-BC17-4BED-92B5-03B166A8FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A2DC8C65-2FEC-48BF-8EDC-F7610D09E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6098D482-AA02-4D27-8FCA-8E53529DE329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{44835A16-B98F-4E9C-B20C-D55D7FDDC723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CC61F07D-9938-4F86-8ECA-F52EBB314826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{761EB03A-7B83-4798-B117-270023D645FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E084600A-41D5-45C3-BA83-184C1DFD8244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC7664F2-15A6-4A5E-BA30-FD0101986538}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B38C225E-2605-4465-BE47-9581E1B3FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9CA93BEE-A804-4351-A83A-380CC15BEC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DBF2A0C7-4384-46D0-8A46-6EA75B99C6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0DFB5ACB-2F92-4B26-8A00-27BC796CC478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{026A940B-BB99-43FE-8F1F-F47903A19317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{432B677C-3DEE-4839-83B8-CBAC272C2A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe FirewallRules: [{94F1BDAC-7A35-44D0-AE9B-06E15F391CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe FirewallRules: [{3540031F-3367-4235-80B0-93077A812E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe FirewallRules: [{4C645D74-AA82-466E-8520-320BFBACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe FirewallRules: [{DBAE94C8-EE3F-4DDA-AC0F-C6935A69383C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe FirewallRules: [{143EDC98-D87C-428B-AB79-47A302A09757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe FirewallRules: [TCP Query User{FDE537CA-E52A-4D25-9F6B-FD6EC755942D}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe FirewallRules: [UDP Query User{039A8AAB-ABDC-4800-9763-7F90019E56D7}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe FirewallRules: [{92D2975F-0BB2-4FE1-A936-629F32C7AED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DACFF985-FF59-4A3E-BF2B-780C9D6A6055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9E75A87A-5A4E-4ED8-A03A-6B54CC46A85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5D1A7149-2EF4-4685-9815-677DAD18901B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8312F4C7-5536-4089-BD16-91DEF34305D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B3D074A5-F6D4-4935-96B9-F689C845C60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BA7BB3DA-A40E-4456-9516-C89FCD92E199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E0262FA2-2B8A-4222-BF9B-257FA27BA6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6989BDFA-687B-48EA-AA8A-A5200A2B353A}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe FirewallRules: [{083C1360-085E-4525-817F-F90C2C557CC1}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe FirewallRules: [{C6CA2DD7-326B-49DE-B6AC-3D87DF664902}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe FirewallRules: [{DBFBDD33-482A-491F-9188-19DEF84EA576}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe FirewallRules: [{E6557E5E-B934-420A-B65D-9934B5ADA2C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{89579B47-3D96-45FD-AB2D-17494569E478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7ED65494-7B82-44B0-B3E6-E6EF4734579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DF4B0940-FD83-41E2-9BAE-7F11AFC61529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E3631F91-5BEC-4F92-8EBB-5F2547A82356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{038EE9D5-17A0-4150-ACF2-428EAAC45D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{07A81033-B7A7-4C54-8D9D-5C02EB2155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{68FCFBAA-6ABC-4857-A106-AACCD03632D0}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{CB83078D-B89E-492D-8324-57F82B85F7B3}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [TCP Query User{A9EEBBF2-08B1-4E34-A9B7-92A11616D326}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe FirewallRules: [UDP Query User{8696CAE3-BC47-48D9-B41F-575582000442}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe FirewallRules: [{C85A76F9-3277-471A-A52B-AC30A11E2683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CF172423-3DB3-4FAF-84A1-53D28E503B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{23ACCB44-F3FF-4692-BAD4-74C883712C44}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{46D86578-0ADF-4724-9522-89069D5A4D16}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{9A1727CD-78DD-4CE3-89C6-712472CF6F96}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe FirewallRules: [{3CCFD425-FF43-44F6-A851-E06AE52C09F7}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe FirewallRules: [{6C96897F-08C9-4621-B756-D5F539FD5E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D34C83E2-7DFE-43D5-8623-2FC92E639A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{109F9CB0-6C76-4035-8711-5953365A529B}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe FirewallRules: [{759715BE-4C86-4840-9835-AA7B293C3665}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe FirewallRules: [{F518E36F-8DC9-42F3-B4EA-4C3922756AA3}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe FirewallRules: [{A996469D-C3DE-4BD2-BEBE-74AC2CCD95B7}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe FirewallRules: [{5EB33C3D-10D8-41BE-A53A-346FB28A9CD1}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe FirewallRules: [{D9903764-0E03-46DE-9E39-7A5F808FFF0D}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe FirewallRules: [{953B1213-B3E1-4A8B-92F0-410BDE9C56E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4C1F8611-EF12-4C66-8FEE-65E178BCC9A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F8589C90-AA03-4ECC-8144-1E37D929ECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{328AFA16-6784-4DB7-BD14-0ED2D494AA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2FA06BD2-3501-4D2A-8E5B-7310232281AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1FD13A20-E497-4505-874F-C3DCB875719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AC754828-832E-4D2A-8223-3E0A14610618}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe FirewallRules: [{CBBE9FC0-9003-4178-943F-55402DA95729}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe ==================== Restore Points ========================= 12-02-2017 10:02:40 Windows Update 15-02-2017 14:43:17 Windows Update 19-02-2017 14:53:59 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/21/2017 09:46:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (02/21/2017 09:46:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/21/2017 09:00:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vegas130.exe, version: 13.0.0.453, time stamp: 0x55720ce9 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f Exception code: 0xc0000374 Fault offset: 0x00000000000f8283 Faulting process id: 0x29dc Faulting application start time: 0x01d28c36350db08e Faulting application path: C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 92c30872-2ac3-497c-83d7-78e2b6c68df8 Faulting package full name: Faulting package-relative application ID: Error: (02/21/2017 08:54:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 08:53:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 08:38:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 08:37:00 AM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/21/2017 07:58:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (02/21/2017 07:56:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/21/2017 07:56:22 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. System errors: ============= Error: (02/21/2017 09:49:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital). Error: (02/21/2017 09:46:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2017 09:45:35 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (02/21/2017 09:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2017 09:00:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2017 07:57:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 11:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 10:53:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 05:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2017 01:14:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-02-21 07:53:18.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-20 20:00:46.354 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-20 19:14:10.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-20 19:13:57.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-20 11:06:22.707 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-18 20:39:14.809 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-18 20:39:09.901 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-15 21:36:50.680 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-15 21:36:03.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-14 12:46:38.849 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz Percentage of memory in use: 36% Total physical RAM: 8127.55 MB Available physical RAM: 5144.28 MB Total Virtual: 18367.55 MB Available Virtual: 14500.03 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:243.65 GB) (Free:35.98 GB) NTFS Drive d: () (Fixed) (Total:687.37 GB) (Free:66.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B4E1C60) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017 Ran by User (administrator) on DESKTOP-EF75065 (21-02-2017 09:49:54) Running from C:\Users\User\Desktop\Malware Fighting tools Loaded Profiles: User (Available Profiles: User) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe () C:\Program Files (x86)\Windscribe\WindscribeService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Vimicro) C:\Windows\vmsnap3.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe () C:\Windows\Domino.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe () C:\Program Files (x86)\Windscribe\Windscribe.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Българска асоциация за компютърна лингвистика) C:\Program Files (x86)\BACL\SpeechLab\TTSProfileDlg.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-29] (Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.exe [49152 2006-07-18] (Vimicro) HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [49152 2006-07-04] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-08-19] (Razer Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-23] (AVAST Software) HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1368816 2016-07-04] (Bogdan Sharkov) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] () HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [iCall] => D:\James\iCall\iCall.exe HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1367432 2017-02-10] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-23] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk [2016-09-20] ShortcutTarget: Configure Bulgarian Speech.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe () GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 198.41.0.4 Tcpip\..\Interfaces\{89a31647-e35c-41e6-954a-95b1caae8c97}: [DhcpNameServer] 192.168.100.1 198.41.0.4 Internet Explorer: ================== HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-691218479-2863476526-4080224816-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: uq6to8j3.default FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default [2017-01-21] FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-23] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-23] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-21] <==== ATTENTION CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-11-17] CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27] CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27] CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27] CHR Extension: (Повиквания в Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-30] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-19] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14] CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27] CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16] CHR Extension: (Video Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-02-18] CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-18] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01] CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28] CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28] CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28] CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-02-01] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-28] CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28] CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-01] CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-28] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-23] (AVAST Software) S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed] R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-29] (Realtek Semiconductor) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-08-01] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] () R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmdag.sys [32699928 2017-02-13] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmpag.sys [525848 2017-02-13] (Advanced Micro Devices, Inc.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-23] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-23] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-23] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-23] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-23] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices) S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-10] (ELECOM) S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-10] (ELECOM) S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42184 2015-02-03] (Anchorfree Inc.) S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.) S3 vvftav303; C:\WINDOWS\system32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-26] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-26] (Zemana Ltd.) S3 ZSMC0303; C:\WINDOWS\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-21 09:47 - 2017-02-21 09:47 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignefef41194696fd6e 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndf4ac25f12e3024d 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign768d43647244ab66 2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-20 19:07 - 2017-02-20 19:07 - 00000222 _____ C:\Users\User\Desktop\Last Survivor.url 2017-02-20 11:10 - 2017-02-20 11:10 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN 2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings 2017-02-20 11:05 - 2017-02-20 11:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\AMD 2017-02-20 11:02 - 2017-02-20 11:02 - 34980000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170213_64bit.exe 2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c8a9d4eedf6ef7f 2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign55b33519653644d7 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda721cd187df812e 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbc772f732524804e 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5e7e968daba52c09 2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc25247caae1bdb34 2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8c85c7abbfb4329a 2017-02-18 13:57 - 2017-02-18 13:57 - 00351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign26ec685e02fca897 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign21c2d6389996e986 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1274dbcc845009c8 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbfd57de5041bf42d 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5000216ff848b5ff 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c67bf6492556570 2017-02-16 11:45 - 2017-02-16 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna2e887b47527c44d 2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5a321afbfa278a0f 2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2f93566971e86c30 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9c1f673b3cde819e 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign85eb0e50dca07ba1 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1662e630b5faedcf 2017-02-15 09:38 - 2017-02-15 09:38 - 00000222 _____ C:\Users\User\Desktop\Receiver.url 2017-02-15 09:38 - 2017-02-15 09:38 - 00000221 _____ C:\Users\User\Desktop\Overgrowth.url 2017-02-15 09:26 - 2017-02-15 09:26 - 00000221 _____ C:\Users\User\Desktop\World of Goo.url 2017-02-14 22:48 - 2017-02-15 09:24 - 00000222 _____ C:\Users\User\Desktop\The Witness.url 2017-02-14 22:40 - 2017-02-14 22:40 - 00000222 _____ C:\Users\User\Desktop\Stardew Valley.url 2017-02-14 22:23 - 2017-02-14 22:39 - 00000000 ____D C:\Users\User\Downloads\The Witness - HI2U 2017-02-14 20:09 - 2017-02-14 20:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc86765212109eec5 2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign958d8a35021e9629 2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1908629696da59f2 2017-02-13 22:24 - 2017-02-13 23:12 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ 2017-02-13 14:32 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00924696 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin 2017-02-13 14:32 - 2017-02-13 14:32 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin 2017-02-13 14:32 - 2017-02-13 14:32 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man 2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign857deb0bdb73acb8 2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign419e7ed1de275020 2017-02-13 13:10 - 2017-02-13 13:10 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign605236e60ce9aaf4 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignff63bc284cbd90cf 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c95620aa64e4fdd 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign30f42fb39380d4db 2017-02-12 22:23 - 2017-02-06 21:18 - 00000681 _____ C:\Users\User\Desktop\Nicks.txt 2017-02-12 22:23 - 2017-02-06 13:23 - 00763365 _____ C:\Users\User\Desktop\Bot3.91.jar 2017-02-12 22:23 - 2017-01-19 20:20 - 00026936 _____ C:\Users\User\Desktop\S5Proxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00007803 _____ C:\Users\User\Desktop\SSLProxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00002770 _____ C:\Users\User\Desktop\S4Proxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00000000 _____ C:\Users\User\Desktop\Alts.txt 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign80b7e0bbbacd2a06 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4270bfa142f5acb4 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign27e4e8f0c55f07f5 2017-02-11 18:55 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\ezBlueCC.aep Logs 2017-02-11 18:53 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\Adobe After Effects Auto-Save 2017-02-11 18:22 - 2017-02-11 18:22 - 00000222 _____ C:\Users\User\Desktop\Alien Isolation.url 2017-02-10 09:21 - 2017-02-10 09:21 - 00127368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll 2017-02-10 09:21 - 2017-02-10 09:21 - 00108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll 2017-02-09 19:54 - 2017-02-09 19:54 - 00000000 ____D C:\Users\User\AppData\Local\RadeonSettings 2017-02-09 13:31 - 2017-02-20 11:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml 2017-02-09 13:30 - 2017-02-09 13:30 - 34425000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170208_64bit.exe 2017-02-09 13:12 - 2017-02-09 13:19 - 00012572 _____ C:\Users\User\Documents\config.yml 2017-02-09 10:34 - 2017-02-09 11:39 - 00000000 ____D C:\Program Files (x86)\Gyazo 2017-02-09 10:34 - 2017-02-09 10:34 - 00003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily 2017-02-09 10:34 - 2017-02-09 10:34 - 00003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine 2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk 2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk 2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Gyazo 2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo 2017-02-08 20:54 - 2017-02-08 21:08 - 00000000 ____D C:\Users\User\Downloads\MAGIX Vegas Pro v14.0.0 Build 161 Multilingual Incl Patch [Androgalaxy] 2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3d12282ab427bec8 2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign39239f78e02ca690 2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign74eee52f224163ee 2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbd85422d21ec8249 2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb0c2129923b984ce 2017-02-06 22:27 - 2017-02-06 22:27 - 00000222 _____ C:\Users\User\Desktop\Winexy.url 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6ca18dacb411151 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0cdddfd4925af2e0 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign05a481d55b765b7a 2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncbf821141236de50 2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5b8ac7667ca308c7 2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a8db63a16d3873c 2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3a12c5d343562aa8 2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign88c394360d62b8f4 2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4d492f4d4cf17716 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignacf42cedff92350e 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign920bc04b317f3c5c 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign41acb30f43380c4f 2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf20ed834c64bce5a 2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign78852940e8698bfe 2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign980e1cdbc4ad1924 2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign856a6ec98db30213 2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf452e097946deb14 2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign208dc8b221361bd5 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignec3bc5d70bf4401b 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9e28fbe3fe233ff2 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2887591d55266b17 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf6b44f2e4cabd0f4 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignab87d13b5f08e818 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign19ca0aef7dcdb624 2017-02-03 10:32 - 2017-02-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-02-03 08:56 - 2017-02-13 14:32 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe 2017-02-03 08:56 - 2017-02-13 14:32 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe 2017-02-03 08:56 - 2017-02-13 14:32 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00170008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2017-02-03 08:56 - 2017-02-03 08:56 - 00248728 _____ C:\WINDOWS\SysWOW64\SETA5CD.tmp 2017-02-03 08:55 - 2017-02-13 14:32 - 09881624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 07928856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 02504728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 02186264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00536600 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00892440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00716824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll 2017-02-03 08:54 - 2017-02-13 14:31 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2017-02-03 08:53 - 2017-02-13 14:31 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2017-02-03 08:52 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2017-02-03 08:52 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2017-02-03 08:51 - 2017-02-13 14:31 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2017-02-03 08:51 - 2017-02-13 14:31 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2017-02-03 02:24 - 2017-02-13 14:32 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2017-02-03 02:24 - 2017-02-13 14:32 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb 2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json 2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbf476638c5dc2fb2 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb43b7346a26da930 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0681dd8df1c9c9f4 2017-02-01 23:06 - 2017-02-01 23:11 - 00000527 _____ C:\Users\User\Desktop\New Text Document (3).txt 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Fiends of Imprisonment.url 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Break Into Zatwor.url 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Absconding Zatwor.url 2017-02-01 19:17 - 2017-02-01 19:17 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\Program Files\CPUID 2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7af2337b62eca833 2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a79f6746ae3a888 2017-02-01 17:28 - 2017-02-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard 2017-02-01 17:27 - 2017-02-20 11:10 - 00000000 ____D C:\Program Files (x86)\AMD 2017-02-01 17:25 - 2017-02-09 13:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-02-01 17:25 - 2016-12-15 21:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-02-01 17:25 - 2016-12-15 21:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-02-01 17:25 - 2016-12-15 21:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-02-01 17:25 - 2016-12-15 21:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\ATI 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ATI 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\ProgramData\ATI 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc1b4321d69503d89 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb64107e48a10520e 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0ca5cf2df4cd7b05 2017-02-01 14:03 - 2017-02-09 13:34 - 00000000 ____D C:\WINDOWS\LastGood 2017-01-31 15:26 - 2017-02-01 14:13 - 00000000 ____D C:\Users\User\AppData\Local\AMD 2017-01-31 15:24 - 2017-01-31 15:24 - 00000000 ____D C:\WINDOWS\system32\яяяяяяяяerStore 2017-01-31 15:23 - 2017-02-21 09:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-01-31 15:23 - 2017-02-20 11:02 - 00000000 ____D C:\AMD 2017-01-31 15:23 - 2017-02-01 17:28 - 00000000 ____D C:\Program Files\AMD 2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ff7b4e41c5008c7 2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ac6517316836db7 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne67f0245aa8e982d 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda8c29a69208b22d 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign47ea9b80be2f317d 2017-01-30 21:04 - 2017-01-30 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43cb80db0f33b781 2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9183e6f170dfbfad 2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1ac2641ef8248637 2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg.bak 2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg 2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb37f7d541af60a3f 2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign003627890c2564f3 2017-01-30 13:39 - 2017-01-30 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++ 2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbcd33d395956c38e 2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8ca3b849d96dd188 2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa23bfac505a06e8 2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3bc1033ae442c0f0 2017-01-29 20:01 - 2017-01-29 20:01 - 04039535 _____ C:\Users\User\Documents\ezBlueCC.aep 2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna9c1c409d0138a6d 2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3ab36616700399dc 2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9362115c96600750 2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign556ef54085dadc11 2017-01-29 14:41 - 2017-01-29 14:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb3fd7c8b529bf327 2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9539e6bc494fa519 2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5f511921f3a57edb 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne7ac829965aebc49 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb8864999a988e18a 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb76ded90fad24975 2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncd9cd9bd1d66a919 2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign183c617a5be2fd95 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndefb682f86df1e11 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb216085f45055496 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8898d78a46fbfb65 2017-01-25 21:35 - 2017-02-04 13:40 - 00000000 _____ C:\Users\User\Desktop\New Text Document (2).txt 2017-01-25 12:49 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 12:49 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-25 01:29 - 2017-02-13 14:32 - 01262616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2017-01-25 01:29 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2017-01-25 01:29 - 2017-02-13 14:32 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2017-01-25 01:29 - 2017-02-03 08:56 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SETA51C.tmp 2017-01-25 01:29 - 2017-02-03 08:55 - 01355672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETA18E.tmp 2017-01-25 01:29 - 2017-02-03 08:55 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETA72C.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 01351192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET472F.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 01015832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5028.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00909336 _____ (AMD) C:\WINDOWS\system32\SET84E.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00305176 _____ (AMD) C:\WINDOWS\system32\SET5D6.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00258072 _____ C:\WINDOWS\SysWOW64\SET4E3C.tmp 2017-01-25 01:29 - 2017-01-25 01:29 - 00038424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET4BE5.tmp 2017-01-25 01:29 - 2016-12-29 08:23 - 00029072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET512C.tmp 2017-01-25 01:29 - 2016-12-29 08:21 - 01355664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET4D31.tmp 2017-01-25 01:29 - 2016-12-29 08:21 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5648.tmp 2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndd4d997659f04a51 2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign14960739aefee3df 2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5d86ad4db91613f4 2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3209b14e9177834e 2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0b12dcaad71907ca 2017-01-23 18:27 - 2017-01-24 21:28 - 05403221 _____ C:\Users\User\Desktop\Австралия – Природни зони.pptx 2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncec8b6d6eacebce7 2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4fa2e7d167b1ab01 2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1afa1f635f90e65c ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-21 09:50 - 2016-09-26 17:52 - 00064874 _____ C:\WINDOWS\ZAM.krnl.trace 2017-02-21 09:50 - 2016-09-26 17:52 - 00033760 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-02-21 09:49 - 2016-09-25 21:52 - 00000000 ____D C:\FRST 2017-02-21 09:49 - 2016-09-25 21:21 - 00000000 ____D C:\Users\User\Desktop\Malware Fighting tools 2017-02-21 09:48 - 2016-09-24 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-21 09:48 - 2016-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-21 09:46 - 2016-09-21 16:49 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-02-21 09:46 - 2016-09-20 06:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-21 09:46 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-21 09:45 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PLA 2017-02-21 09:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-21 09:20 - 2016-07-12 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2017-02-21 09:00 - 2016-08-31 17:25 - 00000000 ____D C:\ProgramData\rgt 2017-02-21 08:57 - 2016-07-12 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft 2017-02-21 08:15 - 2016-07-15 19:31 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla 2017-02-20 23:01 - 2016-09-20 06:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-20 22:10 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-02-20 22:09 - 2016-11-18 21:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net 2017-02-20 19:07 - 2016-07-12 20:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-02-20 18:30 - 2016-07-14 17:03 - 00000000 ____D C:\Users\User\Documents\OFX Presets 2017-02-20 17:10 - 2016-07-12 12:23 - 01649248 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-20 17:07 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-20 13:08 - 2016-07-29 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio 2017-02-20 11:04 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-18 22:26 - 2016-07-28 17:06 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables 2017-02-18 18:54 - 2016-08-01 21:01 - 00000022 _____ C:\Users\User\Desktop\RANKOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.txt 2017-02-18 18:49 - 2016-12-09 19:09 - 00000052 _____ C:\Users\User\Desktop\secret.txt 2017-02-18 16:59 - 2016-10-03 07:33 - 00000304 _____ C:\Users\User\Desktop\SFCFix.txt 2017-02-18 16:21 - 2016-09-25 21:18 - 00001622 _____ C:\Users\User\Desktop\Rkill.txt 2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\Users\User\AppData\Local\niemiro 2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\SFCFix 2017-02-18 14:00 - 2016-09-26 12:46 - 00000000 ____D C:\AdwCleaner 2017-02-18 07:42 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-17 13:00 - 2016-08-22 22:19 - 00000402 _____ C:\Users\User\Desktop\aaaaaaaaa.txt 2017-02-16 10:04 - 2016-11-10 17:53 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-16 10:04 - 2016-07-12 12:21 - 00002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-16 10:04 - 2016-07-12 12:21 - 00000000 ___RD C:\Users\User\OneDrive 2017-02-14 22:59 - 2016-07-12 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent 2017-02-13 14:32 - 2016-12-29 08:24 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2017-02-13 12:51 - 2016-10-01 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\discord 2017-02-12 11:17 - 2016-07-12 12:39 - 00000000 ____D C:\ProgramData\Skype 2017-02-12 10:06 - 2017-01-09 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC 2017-02-12 10:06 - 2016-11-14 13:53 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2017-02-12 10:06 - 2016-09-23 15:07 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-11 16:39 - 2016-09-30 19:08 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2015 2017-02-10 13:43 - 2016-07-13 09:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony 2017-02-07 22:51 - 2017-01-06 22:38 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 22:51 - 2017-01-06 22:38 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-07 09:46 - 2016-12-01 08:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-02-03 10:32 - 2017-01-18 12:54 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-02-03 08:56 - 2016-12-29 08:23 - 00922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll 2017-02-02 21:32 - 2016-07-12 12:39 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-01 21:40 - 2016-07-28 16:59 - 00000000 ____D C:\Users\User\Documents\My Games 2017-02-01 14:11 - 2016-07-26 09:08 - 00000774 _____ C:\Users\User\Desktop\nativelog.txt 2017-01-31 13:29 - 2016-07-12 12:55 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles 2017-01-30 18:56 - 2016-12-22 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\VEGAS 2017-01-30 12:50 - 2016-07-12 12:19 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2017-01-28 13:15 - 2016-07-13 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games 2017-01-25 16:03 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-22 23:01 - 2016-08-01 14:44 - 00001879 _____ C:\Users\User\Desktop\SOCKS_proxies.txt ==================== Files in the root of some directories ======= 2016-07-23 20:21 - 2016-07-23 20:21 - 20982175 _____ () C:\Users\User\AppData\Roaming\xulrunner.zip 2016-08-04 18:16 - 2016-08-04 18:16 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-07-23 20:50 - 2016-08-03 17:43 - 0007628 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2016-07-12 20:40 - 2016-07-12 20:40 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml 2017-02-09 13:31 - 2017-02-20 11:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-10 18:22 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Android8888 Posted February 25, 2017 ID:1104313 Share Posted February 25, 2017 Hello iskrentsbg and Forum. My screen name is Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear. I can see that you have a duplicated post here. I will ask to merge both posts to avoid duplicate responses. Please DO NOT run any tools unless asked to do so. Please follow the instructions in the order listed. First, Re-run Malwarebytes, update the tool, perform another scan and post the content of the new log in your next reply. Next, I need to see a new set of fresh logs from FRST. Right-click on the FRST icon and select Run as Administrator; Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; Make sure the Addition.txt box is checked; Click on the Scan button; On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files; Please attach both FRST.txt and Addition.txt files in your next reply; To summarize please post the content of the new Malwarebytes log and attach the two files (FRST.txt and Addition.txt) produced by FRST. Link to post Share on other sites More sharing options...
iskrentsbg Posted February 25, 2017 Author ID:1104400 Share Posted February 25, 2017 MalwareBytes - nothing found. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017 Ran by User (administrator) on DESKTOP-EF75065 (25-02-2017 21:30:27) Running from C:\Users\User\Desktop\Malware Fighting tools Loaded Profiles: User (Available Profiles: User) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe () C:\Program Files (x86)\Windscribe\WindscribeService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Vimicro) C:\Windows\vmsnap3.exe () C:\Windows\Domino.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe () C:\Program Files (x86)\Windscribe\Windscribe.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (Българска асоциация за компютърна лингвистика) C:\Program Files (x86)\BACL\SpeechLab\TTSProfileDlg.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\05C18118-571E-4705-9E86-6A3CD5567E0C\DismHost.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe (Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe (Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\32\dynamiclinkmanager.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\32\Adobe QT32 Server.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-29] (Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.exe [49152 2006-07-18] (Vimicro) HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [49152 2006-07-04] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-08-19] (Razer Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-23] (AVAST Software) HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1368816 2016-07-04] (Bogdan Sharkov) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] () HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [iCall] => D:\James\iCall\iCall.exe HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1367432 2017-02-10] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-23] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk [2016-09-20] ShortcutTarget: Configure Bulgarian Speech.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe () GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 198.41.0.4 Tcpip\..\Interfaces\{89a31647-e35c-41e6-954a-95b1caae8c97}: [DhcpNameServer] 192.168.100.1 198.41.0.4 Internet Explorer: ================== HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-691218479-2863476526-4080224816-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: uq6to8j3.default FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default [2017-01-21] FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-23] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-23] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-25] <==== ATTENTION CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-02-22] CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27] CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27] CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27] CHR Extension: (Повиквания в Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-30] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-19] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14] CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27] CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16] CHR Extension: (Video Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-02-18] CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-25] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-25] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01] CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28] CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28] CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28] CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-02-01] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-28] CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28] CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-01] CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-28] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-23] (AVAST Software) S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed] R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-29] (Realtek Semiconductor) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-08-01] (Razer Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] () R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmdag.sys [32699928 2017-02-13] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmpag.sys [525848 2017-02-13] (Advanced Micro Devices, Inc.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-23] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-23] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-23] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-23] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-23] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices) S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-10] (ELECOM) S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-10] (ELECOM) S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42184 2015-02-03] (Anchorfree Inc.) S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.) S3 vvftav303; C:\WINDOWS\system32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-26] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-26] (Zemana Ltd.) S3 ZSMC0303; C:\WINDOWS\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-25 10:19 - 2017-02-25 13:47 - 00000000 ____D C:\LionNetworks4HB 2017-02-24 20:12 - 2017-02-24 22:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Telegram Desktop 2017-02-24 20:12 - 2017-02-24 20:12 - 00001029 _____ C:\Users\User\Desktop\Telegram.lnk 2017-02-24 20:12 - 2017-02-24 20:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2017-02-23 08:32 - 2017-02-23 08:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf5f3304b6f9d46bf 2017-02-23 08:32 - 2017-02-23 08:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign324bc26fcd5593b6 2017-02-23 08:32 - 2017-02-23 08:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2c7cd95bc1c0fe1e 2017-02-22 18:50 - 2017-02-22 18:50 - 00000000 ____D C:\WINDOWS\LastGood 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignefef41194696fd6e 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndf4ac25f12e3024d 2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign768d43647244ab66 2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-02-20 19:07 - 2017-02-20 19:07 - 00000222 _____ C:\Users\User\Desktop\Last Survivor.url 2017-02-20 11:10 - 2017-02-20 11:10 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN 2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings 2017-02-20 11:05 - 2017-02-20 11:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\AMD 2017-02-20 11:02 - 2017-02-20 11:02 - 34980000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170213_64bit.exe 2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c8a9d4eedf6ef7f 2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign55b33519653644d7 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda721cd187df812e 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbc772f732524804e 2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5e7e968daba52c09 2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc25247caae1bdb34 2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8c85c7abbfb4329a 2017-02-18 13:57 - 2017-02-18 13:57 - 00351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign26ec685e02fca897 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign21c2d6389996e986 2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1274dbcc845009c8 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbfd57de5041bf42d 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5000216ff848b5ff 2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c67bf6492556570 2017-02-16 11:45 - 2017-02-16 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna2e887b47527c44d 2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5a321afbfa278a0f 2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2f93566971e86c30 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9c1f673b3cde819e 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign85eb0e50dca07ba1 2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1662e630b5faedcf 2017-02-15 09:38 - 2017-02-15 09:38 - 00000222 _____ C:\Users\User\Desktop\Receiver.url 2017-02-15 09:38 - 2017-02-15 09:38 - 00000221 _____ C:\Users\User\Desktop\Overgrowth.url 2017-02-15 09:26 - 2017-02-15 09:26 - 00000221 _____ C:\Users\User\Desktop\World of Goo.url 2017-02-14 22:48 - 2017-02-15 09:24 - 00000222 _____ C:\Users\User\Desktop\The Witness.url 2017-02-14 22:40 - 2017-02-14 22:40 - 00000222 _____ C:\Users\User\Desktop\Stardew Valley.url 2017-02-14 22:23 - 2017-02-14 22:39 - 00000000 ____D C:\Users\User\Downloads\The Witness - HI2U 2017-02-14 20:09 - 2017-02-14 20:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc86765212109eec5 2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign958d8a35021e9629 2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1908629696da59f2 2017-02-13 22:24 - 2017-02-13 23:12 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ 2017-02-13 14:32 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00924696 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin 2017-02-13 14:32 - 2017-02-13 14:32 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin 2017-02-13 14:32 - 2017-02-13 14:32 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2017-02-13 14:32 - 2017-02-13 14:32 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man 2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign857deb0bdb73acb8 2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign419e7ed1de275020 2017-02-13 13:10 - 2017-02-13 13:10 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign605236e60ce9aaf4 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignff63bc284cbd90cf 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c95620aa64e4fdd 2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign30f42fb39380d4db 2017-02-12 22:23 - 2017-02-06 21:18 - 00000681 _____ C:\Users\User\Desktop\Nicks.txt 2017-02-12 22:23 - 2017-02-06 13:23 - 00763365 _____ C:\Users\User\Desktop\Bot3.91.jar 2017-02-12 22:23 - 2017-01-19 20:20 - 00026936 _____ C:\Users\User\Desktop\S5Proxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00007803 _____ C:\Users\User\Desktop\SSLProxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00002770 _____ C:\Users\User\Desktop\S4Proxies.txt 2017-02-12 22:23 - 2017-01-19 20:20 - 00000000 _____ C:\Users\User\Desktop\Alts.txt 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign80b7e0bbbacd2a06 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4270bfa142f5acb4 2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign27e4e8f0c55f07f5 2017-02-11 18:55 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\ezBlueCC.aep Logs 2017-02-11 18:53 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\Adobe After Effects Auto-Save 2017-02-11 18:22 - 2017-02-11 18:22 - 00000222 _____ C:\Users\User\Desktop\Alien Isolation.url 2017-02-10 09:21 - 2017-02-10 09:21 - 00127368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll 2017-02-10 09:21 - 2017-02-10 09:21 - 00108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll 2017-02-09 19:54 - 2017-02-09 19:54 - 00000000 ____D C:\Users\User\AppData\Local\RadeonSettings 2017-02-09 13:31 - 2017-02-20 11:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml 2017-02-09 13:30 - 2017-02-09 13:30 - 34425000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170208_64bit.exe 2017-02-09 13:12 - 2017-02-09 13:19 - 00012572 _____ C:\Users\User\Documents\config.yml 2017-02-09 10:34 - 2017-02-09 11:39 - 00000000 ____D C:\Program Files (x86)\Gyazo 2017-02-09 10:34 - 2017-02-09 10:34 - 00003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily 2017-02-09 10:34 - 2017-02-09 10:34 - 00003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine 2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk 2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk 2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Gyazo 2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo 2017-02-08 20:54 - 2017-02-08 21:08 - 00000000 ____D C:\Users\User\Downloads\MAGIX Vegas Pro v14.0.0 Build 161 Multilingual Incl Patch [Androgalaxy] 2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3d12282ab427bec8 2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign39239f78e02ca690 2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign74eee52f224163ee 2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbd85422d21ec8249 2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb0c2129923b984ce 2017-02-06 22:27 - 2017-02-06 22:27 - 00000222 _____ C:\Users\User\Desktop\Winexy.url 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6ca18dacb411151 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0cdddfd4925af2e0 2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign05a481d55b765b7a 2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncbf821141236de50 2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5b8ac7667ca308c7 2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a8db63a16d3873c 2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3a12c5d343562aa8 2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign88c394360d62b8f4 2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4d492f4d4cf17716 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignacf42cedff92350e 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign920bc04b317f3c5c 2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign41acb30f43380c4f 2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf20ed834c64bce5a 2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign78852940e8698bfe 2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign980e1cdbc4ad1924 2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign856a6ec98db30213 2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf452e097946deb14 2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign208dc8b221361bd5 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignec3bc5d70bf4401b 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9e28fbe3fe233ff2 2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2887591d55266b17 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf6b44f2e4cabd0f4 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignab87d13b5f08e818 2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign19ca0aef7dcdb624 2017-02-03 10:32 - 2017-02-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-02-03 08:56 - 2017-02-13 14:32 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe 2017-02-03 08:56 - 2017-02-13 14:32 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe 2017-02-03 08:56 - 2017-02-13 14:32 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00170008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2017-02-03 08:56 - 2017-02-13 14:32 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2017-02-03 08:56 - 2017-02-03 08:56 - 00248728 _____ C:\WINDOWS\SysWOW64\SETA5CD.tmp 2017-02-03 08:55 - 2017-02-13 14:32 - 09881624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 07928856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 02504728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 02186264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00536600 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2017-02-03 08:55 - 2017-02-13 14:32 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2017-02-03 08:55 - 2017-02-13 14:32 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00892440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00716824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll 2017-02-03 08:54 - 2017-02-13 14:32 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll 2017-02-03 08:54 - 2017-02-13 14:31 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2017-02-03 08:53 - 2017-02-13 14:31 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2017-02-03 08:52 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2017-02-03 08:52 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2017-02-03 08:51 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2017-02-03 08:51 - 2017-02-13 14:31 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2017-02-03 08:51 - 2017-02-13 14:31 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2017-02-03 02:24 - 2017-02-13 14:32 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2017-02-03 02:24 - 2017-02-13 14:32 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb 2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json 2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbf476638c5dc2fb2 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb43b7346a26da930 2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0681dd8df1c9c9f4 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Fiends of Imprisonment.url 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Break Into Zatwor.url 2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Absconding Zatwor.url 2017-02-01 19:17 - 2017-02-01 19:17 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\Program Files\CPUID 2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7af2337b62eca833 2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a79f6746ae3a888 2017-02-01 17:28 - 2017-02-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard 2017-02-01 17:27 - 2017-02-20 11:10 - 00000000 ____D C:\Program Files (x86)\AMD 2017-02-01 17:25 - 2017-02-09 13:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-02-01 17:25 - 2016-12-15 21:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-02-01 17:25 - 2016-12-15 21:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-02-01 17:25 - 2016-12-15 21:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-02-01 17:25 - 2016-12-15 21:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\ATI 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ATI 2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\ProgramData\ATI 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc1b4321d69503d89 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb64107e48a10520e 2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0ca5cf2df4cd7b05 2017-01-31 15:26 - 2017-02-01 14:13 - 00000000 ____D C:\Users\User\AppData\Local\AMD 2017-01-31 15:24 - 2017-01-31 15:24 - 00000000 ____D C:\WINDOWS\system32\яяяяяяяяerStore 2017-01-31 15:23 - 2017-02-21 09:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-01-31 15:23 - 2017-02-20 11:02 - 00000000 ____D C:\AMD 2017-01-31 15:23 - 2017-02-01 17:28 - 00000000 ____D C:\Program Files\AMD 2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ff7b4e41c5008c7 2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ac6517316836db7 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne67f0245aa8e982d 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda8c29a69208b22d 2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign47ea9b80be2f317d 2017-01-30 21:04 - 2017-01-30 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43cb80db0f33b781 2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9183e6f170dfbfad 2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1ac2641ef8248637 2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg.bak 2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg 2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb37f7d541af60a3f 2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign003627890c2564f3 2017-01-30 13:39 - 2017-01-30 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++ 2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbcd33d395956c38e 2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8ca3b849d96dd188 2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa23bfac505a06e8 2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3bc1033ae442c0f0 2017-01-29 20:01 - 2017-01-29 20:01 - 04039535 _____ C:\Users\User\Documents\ezBlueCC.aep 2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna9c1c409d0138a6d 2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3ab36616700399dc 2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9362115c96600750 2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign556ef54085dadc11 2017-01-29 14:41 - 2017-01-29 14:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb3fd7c8b529bf327 2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9539e6bc494fa519 2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5f511921f3a57edb 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne7ac829965aebc49 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb8864999a988e18a 2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb76ded90fad24975 2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncd9cd9bd1d66a919 2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign183c617a5be2fd95 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndefb682f86df1e11 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb216085f45055496 2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8898d78a46fbfb65 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-25 21:30 - 2016-09-26 17:52 - 01506376 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-02-25 21:30 - 2016-09-26 17:52 - 01488308 _____ C:\WINDOWS\ZAM.krnl.trace 2017-02-25 21:30 - 2016-09-25 21:52 - 00000000 ____D C:\FRST 2017-02-25 21:30 - 2016-09-25 21:21 - 00000000 ____D C:\Users\User\Desktop\Malware Fighting tools 2017-02-25 21:27 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-25 21:25 - 2016-07-12 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2017-02-25 20:59 - 2016-08-31 17:25 - 00000000 ____D C:\ProgramData\rgt 2017-02-25 19:44 - 2016-09-20 06:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-25 19:14 - 2016-07-12 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft 2017-02-25 18:12 - 2016-09-24 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-25 17:21 - 2016-07-29 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio 2017-02-25 10:19 - 2016-07-15 19:31 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla 2017-02-25 08:27 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-25 08:23 - 2016-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-24 12:50 - 2016-07-12 17:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-24 12:47 - 2016-07-12 17:02 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 12:19 - 2016-12-09 19:09 - 00000018 _____ C:\Users\User\Desktop\secret.txt 2017-02-22 11:42 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-22 11:14 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-22 11:13 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-21 09:52 - 2016-07-12 12:23 - 01657896 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-21 09:46 - 2016-09-21 16:49 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-02-21 09:46 - 2016-09-20 06:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-21 09:45 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PLA 2017-02-21 09:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-20 22:10 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-02-20 22:09 - 2016-11-18 21:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net 2017-02-20 19:07 - 2016-07-12 20:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-02-20 18:30 - 2016-07-14 17:03 - 00000000 ____D C:\Users\User\Documents\OFX Presets 2017-02-18 22:26 - 2016-07-28 17:06 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables 2017-02-18 18:54 - 2016-08-01 21:01 - 00000022 _____ C:\Users\User\Desktop\RANKOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.txt 2017-02-18 16:59 - 2016-10-03 07:33 - 00000304 _____ C:\Users\User\Desktop\SFCFix.txt 2017-02-18 16:21 - 2016-09-25 21:18 - 00001622 _____ C:\Users\User\Desktop\Rkill.txt 2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\Users\User\AppData\Local\niemiro 2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\SFCFix 2017-02-18 14:00 - 2016-09-26 12:46 - 00000000 ____D C:\AdwCleaner 2017-02-17 13:00 - 2016-08-22 22:19 - 00000402 _____ C:\Users\User\Desktop\aaaaaaaaa.txt 2017-02-16 10:04 - 2016-11-10 17:53 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-16 10:04 - 2016-07-12 12:21 - 00002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-16 10:04 - 2016-07-12 12:21 - 00000000 ___RD C:\Users\User\OneDrive 2017-02-14 22:59 - 2016-07-12 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent 2017-02-13 14:32 - 2017-01-25 01:29 - 01262616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2017-02-13 14:32 - 2017-01-25 01:29 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2017-02-13 14:32 - 2017-01-25 01:29 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2017-02-13 14:32 - 2016-12-29 08:24 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2017-02-13 12:51 - 2016-10-01 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\discord 2017-02-12 11:17 - 2016-07-12 12:39 - 00000000 ____D C:\ProgramData\Skype 2017-02-12 10:06 - 2017-01-09 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC 2017-02-12 10:06 - 2016-11-14 13:53 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2017-02-12 10:06 - 2016-09-23 15:07 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-11 16:39 - 2016-09-30 19:08 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2015 2017-02-10 13:43 - 2016-07-13 09:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony 2017-02-07 22:51 - 2017-01-06 22:38 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 22:51 - 2017-01-06 22:38 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-07 09:46 - 2016-12-01 08:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-02-06 16:48 - 2016-07-16 08:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-02-06 16:48 - 2016-07-16 08:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-04 13:40 - 2017-01-25 21:35 - 00000000 _____ C:\Users\User\Desktop\New Text Document (2).txt 2017-02-03 10:32 - 2017-01-18 12:54 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-02-03 08:56 - 2017-01-25 01:29 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SETA51C.tmp 2017-02-03 08:56 - 2016-12-29 08:23 - 00922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll 2017-02-03 08:55 - 2017-01-25 01:29 - 01355672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETA18E.tmp 2017-02-03 08:55 - 2017-01-25 01:29 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETA72C.tmp 2017-02-02 21:32 - 2016-07-12 12:39 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-01 21:40 - 2016-07-28 16:59 - 00000000 ____D C:\Users\User\Documents\My Games 2017-02-01 14:11 - 2016-07-26 09:08 - 00000774 _____ C:\Users\User\Desktop\nativelog.txt 2017-01-31 13:29 - 2016-07-12 12:55 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles 2017-01-30 18:56 - 2016-12-22 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\VEGAS 2017-01-30 12:50 - 2016-07-12 12:19 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2017-01-28 13:15 - 2016-07-13 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games ==================== Files in the root of some directories ======= 2016-07-23 20:21 - 2016-07-23 20:21 - 20982175 _____ () C:\Users\User\AppData\Roaming\xulrunner.zip 2016-08-04 18:16 - 2016-08-04 18:16 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-07-23 20:50 - 2016-08-03 17:43 - 0007628 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2016-07-12 20:40 - 2016-07-12 20:40 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml 2017-02-09 13:31 - 2017-02-20 11:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-21 10:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017 Ran by User (25-02-2017 21:32:31) Running from C:\Users\User\Desktop\Malware Fighting tools Windows 10 Pro Version 1607 (X64) (2016-09-20 09:49:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-691218479-2863476526-4080224816-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-691218479-2863476526-4080224816-503 - Limited - Disabled) Guest (S-1-5-21-691218479-2863476526-4080224816-501 - Limited - Disabled) User (S-1-5-21-691218479-2863476526-4080224816-1001 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 24 HOURS (HKLM\...\Steam App 485580) (Version: - MysticGames) A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - ) A4 TECH PC Camera H (HKLM-x32\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.0 - Vimicro Corporation) A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - Vimicro) Absconding Zatwor (HKLM\...\Steam App 385200) (Version: - Zonitron Productions) Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated) Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) Alien: Isolation (HKLM\...\Steam App 214490) (Version: - Creative Assembly) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation) Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlerite (HKLM\...\Steam App 504370) (Version: - Stunlock Studios) BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.) Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.) Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games) Break Into Zatwor (HKLM\...\Steam App 395980) (Version: - Zonitron Productions) Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform) Charles 4.0 (HKLM\...\{E0A65A42-FEA8-4BF1-AB8E-B28821357268}) (Version: 4.0.0.19 - XK72 Ltd) Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine) Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - ) Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC) Counter-Strike CSS Edition 1.6 (HKLM-x32\...\Counter-Strike CSS Edition 1.6) (Version: - ) Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.35.1.6 - Valve Software) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Crack NewBlue ColorFast 3.0 build 121113 (HKLM-x32\...\Crack NewBlue ColorFast 3.0 build 121113_is1) (Version: - ) Crack NewBlue Creative Effects V3.0 Build 121113 (HKLM-x32\...\Crack NewBlue Creative Effects V3.0 Build 121113_is1) (Version: - ) Crack NewBlue Transitions Pack v3.0 build 121113 (HKLM-x32\...\Crack NewBlue Transitions Pack v3.0 build 121113_is1) (Version: - ) Crack NewBlue Video Essentials Tools V3.0 Build 121113I (x86) (HKLM-x32\...\Crack NewBlue Video Essentials Tools V3.0 Build ~EFB930F3_is1) (Version: - ) Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar) Discord (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DISTRAINT (HKLM\...\Steam App 395170) (Version: - Jesse Makkonen) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden Enter the Gungeon (HKLM\...\Steam App 311690) (Version: - Dodge Roll) FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision) Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version: - Zonitron Productions) FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse) Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version: - Panoramik Inc) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - ) GenArts Sapphire Plug-ins 6.13 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - ) GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version: - ) Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version: - insayn) K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - ) Last Survivor (HKLM\...\Steam App 463620) (Version: - Original Games) League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains) Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.) Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Mike Crash's Vegas Filters Uninstall (HKLM-x32\...\Mike Crash Vegas Filters) (Version: - ) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Minecraft: Story Mode - A Telltale Games Series - Episode 1 (HKLM\...\Steam App 560040) (Version: - Telltale Games) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) Minion Masters (HKLM\...\Steam App 489520) (Version: - BetaDwarf) Monsti (HKLM\...\Steam App 526790) (Version: - Unika Games) Mozilla Firefox 48.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 bg)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version: - ) NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version: - ) NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version: - ) NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue) NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version: - ) NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version: - ) NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue) NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version: - ) NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue) NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Overgrowth (HKLM\...\Steam App 25000) (Version: - Wolfire) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Pixel Puzzles Ultimate (HKLM\...\Steam App 351030) (Version: - Decaying Logic) Plantera (HKLM\...\Steam App 421040) (Version: - VaragtP) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.5.7.57 - Razer Inc.) RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.) Receiver (HKLM\...\Steam App 234190) (Version: - Wolfire Games) Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC) ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - ) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) SpeechLab (HKLM-x32\...\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}) (Version: 1.0.0 - BACL) Spermination (HKLM\...\Steam App 363460) (Version: - Phr00t's Software) SPINGUN (HKLM\...\Steam App 548230) (Version: - Fermenter Games) Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamline (HKLM\...\Steam App 252850) (Version: - Proletariat Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) Telegram Desktop version 1.0.14 (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP) Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Witness (HKLM\...\Steam App 210970) (Version: - Thekla, Inc.) Trapcode Suite v13.0.3 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.3 - Red Giant, LLC) Trove (HKLM\...\Steam App 304050) (Version: - Trion Worlds) TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.4.1f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS) Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation) VS Update core components (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden vs_update3notification (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden WayOut (HKLM\...\Steam App 551110) (Version: - Konstructors) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden Windscribe version 1.59 build 10 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.59 build 10 - Windscribe) Winexy (HKLM\...\Steam App 577740) (Version: - Heaven Brotherhood) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {033C4581-6095-4955-AE1D-18B48EA2D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {0650722C-556F-4689-9530-50B3A7FA162F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation) Task: {0E67BFAA-FC80-4A34-89B0-509C7B1036B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {2585EB47-A12D-4171-A9C1-5907CE2078E2} - System32\Tasks\TaskSched => Chrome.exe hxxp://gjdksleeeee.ru/eloxym Task: {357A5796-602D-4D35-9B60-514E140BBAFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.) Task: {468DC828-22D4-4C44-8EE2-26F9B960E9E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4CEB3BB4-8F2F-486A-A6B7-C84499DF5F71} - System32\Tasks\{5C066DAE-FB13-483C-BE23-A69C5C4EC109} => pcalua.exe -a "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]\SpeakText.exe" -d "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]" Task: {6170626D-3C5D-4C9F-B2E9-34F61090ADEB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {6221933B-222E-45E3-8E8E-3AD711C62F71} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2016-02-08] () Task: {7AB6445E-57CC-48BB-A5EA-7CCA84FB5E17} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] () Task: {7E3F2FA5-AF10-4AA2-A5D7-DF1867E0751E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.) Task: {801754FA-821A-4AEE-AF7D-A959F9534F84} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] () Task: {92333B72-C092-4CED-83F0-7946F94CD656} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {99868715-6BE5-4495-B53F-C3CFE389FBE8} - System32\Tasks\SafeZone scheduled Autoupdate 1474658096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {BD4B5B7F-5C97-4493-A05F-DEB77DAF04FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.) Task: {F6801EA8-9497-48D3-B5CA-A616D2A10CDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd) Task: {FB3E981A-AA84-4FF4-84DD-F8309D93B584} - System32\Tasks\{179AE184-A649-4CA8-A3D0-6C614864584D} => pcalua.exe -a "C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers\Social Club v1.1.5.8 Setup.exe" -d C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\User\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\771f8bd89de33137\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData --app-id=gfdkimpbcpahaombhbimeihdjnejgicl ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Loaded Modules (Whitelisted) ============== 2016-07-19 21:10 - 2016-07-19 21:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-08-02 19:04 - 2016-07-24 01:38 - 00047208 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-06-30 05:23 - 2016-06-30 05:23 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll 2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2015-07-31 03:58 - 2015-07-31 03:58 - 08901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-20 20:51 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 10:18 - 2016-12-21 04:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 10:18 - 2016-12-21 04:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2016-10-30 10:26 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe 2016-08-02 19:04 - 2016-07-24 01:38 - 07647848 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe 2016-12-08 18:30 - 2016-12-08 18:30 - 00358400 _____ () C:\Program Files\AMD\CNext\CNext\amf-component-ffmpeg64.dll 2016-06-02 13:56 - 2016-06-02 13:56 - 02682368 _____ () C:\Program Files\AMD\CNext\CNext\avformat-57.dll 2016-06-02 13:56 - 2016-06-02 13:56 - 00386560 _____ () C:\Program Files\AMD\CNext\CNext\avresample-3.dll 2016-06-02 13:56 - 2016-06-02 13:56 - 00802304 _____ () C:\Program Files\AMD\CNext\CNext\avutil-55.dll 2016-06-02 13:56 - 2016-06-02 13:56 - 13923328 _____ () C:\Program Files\AMD\CNext\CNext\avcodec-57.dll 2016-06-02 13:56 - 2016-06-02 13:56 - 00351232 _____ () C:\Program Files\AMD\CNext\CNext\swresample-2.dll 2016-10-13 10:11 - 2016-10-13 10:11 - 00207360 _____ () C:\Program Files\AMD\CNext\CNext\amf-component-ring-buffer64.dll 2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2017-02-22 08:15 - 2017-02-22 08:15 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 08:15 - 2017-02-22 08:15 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 08:15 - 2017-02-22 08:15 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-07 10:00 - 2017-02-07 10:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-02-07 22:51 - 2017-02-01 06:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 22:51 - 2017-02-01 06:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00934632 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_calib3d248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 02541800 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_core248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 02193128 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_imgproc248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00805096 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_objdetect248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00436456 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_video248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 02416360 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_highgui248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00659176 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_flann248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00867560 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_features2d248.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00678120 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\aeres1.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 01722088 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_LiveLink.aex 2016-06-02 19:22 - 2016-06-02 19:22 - 21078376 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\Effects\mochaAE\mochashapeconverter4ae.aex 2016-06-03 02:23 - 2016-06-03 02:23 - 04087016 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\Format\OpenEXR.aex 2016-07-19 16:09 - 2016-06-16 21:12 - 06251520 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\Format\Trapcode\TrapcodeOBJ.AEX 2016-06-03 02:23 - 2016-06-03 02:23 - 02298088 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_Exporter.aex 2016-06-03 02:23 - 2016-06-03 02:23 - 02245352 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_SceneLayer.aex 2016-06-03 02:23 - 2016-06-03 02:23 - 02449128 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_Effect.aex 2016-09-23 15:36 - 2016-09-23 15:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-02-22 23:01 - 2017-02-22 23:01 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022203\algo.dll 2017-02-23 19:05 - 2017-02-23 19:05 - 05884928 _____ () C:\Program Files\AVAST Software\Avast\defs\17022300\algo.dll 2017-02-24 21:31 - 2017-02-24 21:31 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022401\algo.dll 2017-02-25 17:17 - 2017-02-25 17:17 - 05990096 _____ () C:\Program Files\AVAST Software\Avast\defs\17022501\algo.dll 2016-07-12 18:53 - 2016-12-23 15:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-07-12 18:53 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-07-12 18:53 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-07-12 18:53 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 00638976 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL 2016-08-02 19:04 - 2016-04-26 22:04 - 01264128 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-13 10:53 - 2017-01-13 10:53 - 01082880 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-13 10:53 - 2017-01-13 10:53 - 03750400 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-13 10:53 - 2017-01-13 10:53 - 00914432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-13 10:53 - 2017-01-13 10:53 - 01127424 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\keyhook.dll 2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\SpeakTextCom.dll 2016-06-30 08:24 - 2016-06-30 08:24 - 00564224 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll 2015-07-31 04:00 - 2015-07-31 04:00 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2016-09-23 15:36 - 2016-09-23 15:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-09-10 13:41 - 2016-08-01 13:20 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll 2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2017-02-25 08:18 - 2017-02-25 08:18 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\AC14.tmp.node 2017-01-13 10:53 - 2017-01-13 10:53 - 02658304 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-13 10:53 - 2017-01-13 10:53 - 02130432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node 2016-12-14 12:27 - 2017-01-05 00:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2016-07-12 18:53 - 2017-01-18 22:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-12 08:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-25 18:01 - 2017-02-25 18:01 - 00306176 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\lwjgl.dll 2017-02-25 18:01 - 2017-02-25 18:01 - 00246332 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\avutil-ttv-51.dll 2017-02-25 18:01 - 2017-02-25 18:01 - 00113171 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\swresample-ttv-0.dll 2017-02-25 18:01 - 2017-02-25 18:01 - 00394810 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\libmp3lame-ttv.dll 2017-02-25 18:01 - 2017-02-25 18:01 - 01145344 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\twitchsdk.dll 2017-02-25 18:01 - 2017-02-25 18:01 - 00390144 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\OpenAL32.dll 2017-01-16 22:30 - 2017-01-16 22:30 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 44042752 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\libcef.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 01482240 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\libglesv2.dll 2016-06-03 02:23 - 2016-06-03 02:23 - 00073728 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ:1 [898] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 04:24 - 2016-12-03 08:56 - 00000116 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.100.1 - 198.41.0.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{DBDCB109-955C-4942-8527-AFA42960EAAA}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe FirewallRules: [TCP Query User{8CE20F01-1CCD-4410-86B0-C4CF7FEA37C6}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe FirewallRules: [{E011C6A1-7651-4FAD-8E09-99F7CEA118CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4BADF7BF-E48F-4A25-AB9F-5A14C5CC32E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{2C01EF1C-35D0-49D4-8CC5-55319149F0E0}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{D3D2C64C-6231-4D41-B3C0-4AC77359CF41}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe FirewallRules: [{47F4AEF8-48EE-4EB3-AC9C-03CA0B2D102B}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5951E8A7-DDDC-4B36-B326-2D087F9AC8E5}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe FirewallRules: [{4ED8F7F7-A7A5-4001-B42A-942424D97E81}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe FirewallRules: [{BBCD2C6D-E774-476B-90AE-69FBE65BA5C7}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E3341384-1A64-4E4F-9416-5D1BDA6D1B61}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe FirewallRules: [{427714CC-A96E-44D7-9E0D-1A39057908CC}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe FirewallRules: [UDP Query User{4D6D4A2D-2A13-4E51-A557-167F84D23718}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe FirewallRules: [TCP Query User{5F96416E-CDE2-48EC-ADC1-9733174C8067}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe FirewallRules: [UDP Query User{E1FEF267-D6E7-4419-9C1A-3F0CD63167C6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{5AC975BD-BEBB-4554-A782-B852B0DDF0A7}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{D07A55E2-534B-4A79-8E28-54AC84E14FF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{DB2F543D-4785-4122-8FFC-D448EE29778F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [UDP Query User{AB3946FD-4208-4E40-870F-42E1DCA1BA36}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe FirewallRules: [TCP Query User{98A40DD3-8AA4-4736-B9CF-CD9D98F012FF}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe FirewallRules: [UDP Query User{04005185-2EF0-489A-8FDE-F323FE07816D}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe FirewallRules: [TCP Query User{924ACA3C-A74E-4D08-9199-8B8F546148B2}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe FirewallRules: [{120C565E-B894-4C86-BF94-0B0B50185252}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{33A206E9-2C9D-417A-9DBF-1C94A4DE156D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{E4F6FF23-1439-492F-8A75-B97B11CECAD7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{98C53AF6-FF7D-48B4-8DF4-1B696CDB64CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2AB8580D-6BE2-45B9-B646-92B65C3C2374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{987D3D80-BA00-4C26-8003-3E93F727F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1865D1D6-89F6-4CBF-AF67-8A024D3E36DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9FED75D9-A3B1-474A-B0FC-BB05F83A15FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8A682E27-8475-4089-BB91-E8AC431B06E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{75A964A0-82AB-4766-8BB2-F53CFDF6E874}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [TCP Query User{04595A0D-32AF-4023-953A-118169CA1F02}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [UDP Query User{89446BC2-5F21-4756-BF54-223F2B6BF3B6}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [TCP Query User{23F75D1A-A81E-4982-84CD-224F413EA478}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [{F607EE37-6B9B-4443-860C-91715CFBAA1E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{E12B1A35-4636-449D-987F-670928EA3D31}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{3801F88B-5471-4857-9768-26364727A9C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{15D60289-A385-4F45-9728-6B03FEB46E0E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{DE4C9ED2-C757-4710-A881-BEB4A7C62DA8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{303C1E4B-DA58-42E7-9404-785D806BE847}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{C6083222-6B6A-4432-8C02-42B0600CFE5C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{D475B9C9-FD81-445D-807D-69F396B0EB5E}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{A999C29A-E1DB-4E85-8AAF-43497101F34F}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{D0263CE3-8D4B-4A11-B90A-8A70C51504B2}] => (Allow) C:\Users\User\AppData\Local\Temp\is-N3OMN.tmp\download\MiniThunderPlatform.exe FirewallRules: [{7B18ED13-B200-4925-A189-70EEAEE2FCFE}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe FirewallRules: [{5AF9732A-0B32-48C8-8DBE-8298B12133F5}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe FirewallRules: [{47D684F7-14F2-4E50-A538-6A6BE2D92370}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe FirewallRules: [{D34F7BAF-5BF1-47AC-BA10-86190911031D}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe FirewallRules: [{D2D03F12-E0A2-4F9B-9BED-9E5BF0F54301}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{72F22AA6-8F9C-403B-8EC1-4D09622E19D6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe FirewallRules: [{ECE9D62E-798E-4739-A2EA-BE7A1C84A266}] => (Allow) D:\Niche.v0.0.7\Unity\Editor\Unity.exe FirewallRules: [{79F44869-7B74-4BB6-B246-B3AC7C9E4C8B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{3398C9EA-3672-4BF0-A2A7-E4CDAB272BFF}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [{320FB54C-A1CC-4890-9A11-5E1961F2AB4F}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe FirewallRules: [TCP Query User{00DFE3AA-92B0-4DDE-9520-19914B62F214}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe FirewallRules: [UDP Query User{4888F1C6-830E-4C8F-99BB-A4E76C27815F}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe FirewallRules: [{2CD5D846-3D3E-4236-93BF-B2EB7B9EC2F6}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{51AF039C-0028-4E92-A518-6CBBA1DF424B}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [TCP Query User{80A09AA2-7818-4105-90F9-8D3D71103E2C}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{B9A135AA-423E-4FF6-B7C4-C293CA6F2499}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [{92FB818C-BFFF-42E0-B7B8-C811146414A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe FirewallRules: [{B976F08A-E3AA-4E1C-914E-2D49F9B73CA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe FirewallRules: [{BCAB5365-6FF0-4DB9-9F5D-B0CD7599D378}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{A593528B-5B77-4665-AEE5-3D337248B40E}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{4DACDA58-61CA-4031-A428-11456B325C2F}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{BF25891A-45E1-493D-9BED-6E05518E7768}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3C89CEB6-22C5-4C81-8CFE-C1E1AD6AE5B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8916E4CD-B934-4730-B151-4FC22E837ED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8263EF20-9F8C-4FD7-8D76-06C28187B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{EC2A2203-C249-4370-86EA-59A8D5212EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C056DD5F-E720-41D4-938F-0278DF0D54DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0A9CA1CF-86C1-436E-B032-3E20DD07A098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE628170-CBB4-4C23-AB24-6BC0F1592C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{216B706A-C3A5-4E3C-8771-B360020B75C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{12AA05A6-3627-41DC-92F3-F08986F4F78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DF623493-0926-4AE0-A8D5-E217FFBE6447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8B30BFEF-3F88-44C9-AC1A-4DC546FDB195}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe FirewallRules: [{7CE6A016-CF4E-4D29-992E-B8EE4599E4CD}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe FirewallRules: [{27940FC2-9FE7-4A8F-84AF-A06E85A83F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7D34E463-080F-443F-9FA9-4ACCA24206BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B95C3AAA-3F4E-4E1D-A208-29C3545565B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B906CCF4-80D5-4CD4-9603-9FF84100A699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{326FE78E-F351-4C87-A16C-381780157764}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe FirewallRules: [{64676190-BE73-4980-AEAF-42199748B6CE}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe FirewallRules: [{5EC935AB-5534-428B-8FBF-0BC47240D9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{62872165-6851-4022-AFCF-7E906D667396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D75EA28D-AD7A-4E85-892A-891C46FFF86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{640BE1DE-2ADD-4C8E-864E-7E7D3D10B91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{19FFB3D8-2F76-41DF-AB01-50467813A802}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe FirewallRules: [UDP Query User{2972D3A0-A9B9-4CBF-95A1-2A666A72F68A}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe FirewallRules: [TCP Query User{0CD8E2FF-4545-4B4B-8D66-7BF1F74AC9DF}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe FirewallRules: [UDP Query User{46032CDC-75CF-4692-8C8A-36957C521A57}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe FirewallRules: [{9C7EE8F1-B35E-4863-8B1A-3ED8454EA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{99EA8F68-80AA-4055-A01C-43699DAA91E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{03D95A6A-685F-466C-98C0-D986B12D4B88}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe FirewallRules: [{BCF1B717-B045-4C3F-8CAE-DBD5A8AA7C67}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe FirewallRules: [{60A19530-8208-47E7-94BC-6F6A9D93FBE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5C9D1EAB-ADDF-4A75-A396-83C4C4BF9E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{782ABA6B-6DC4-4152-9236-ADD9B5BD74D9}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{365F048E-AB85-4013-BB14-692C1637B372}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [{C6FD957D-E4A9-4549-A970-1838E36A729E}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe FirewallRules: [{EA88F506-853D-4912-BF70-D45FF5AB6FF8}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe FirewallRules: [{EEF4523A-396C-44FA-B5BE-15CCF763FA30}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe FirewallRules: [{F4B21E1A-C35B-4D80-ABFD-CFBA43203F1C}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe FirewallRules: [{60252435-A527-434F-9DF2-B27FFF5CD23F}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe FirewallRules: [{EBB9C111-D496-49D6-BEF3-E3001E8BE4FF}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe FirewallRules: [{B3C0745B-4228-47F5-89B7-2210665BE324}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe FirewallRules: [{9F2FBEB0-EB57-4BA3-95C7-AB58E43AC4D7}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe FirewallRules: [{CDF9E0F7-31C2-4ED7-A3E2-E5F9F5FAE255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0D5D52F3-CDC6-41A4-BEC6-289583DD0DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{59724E98-D62D-4A59-825A-ADCEE2FD4903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{3AD44064-164F-44B2-A93E-34EF50531C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{B5F86C54-0C5E-498E-87B6-DB1B058B0725}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe FirewallRules: [UDP Query User{D4FA88F0-E58E-4FBE-9105-BBF8271204C3}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe FirewallRules: [TCP Query User{FF8E5D2B-1326-48FC-8E2E-AC8A39249884}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{6BC8A1B4-1DA4-4D44-A479-2B0ACCB116A2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [{423011CF-44C8-49E6-B8F3-DC43A28BCC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC7506D9-F22D-45DC-BEE9-815333852564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9E4A0B77-D02D-4AE7-AB3A-C0BDAA87C3E1}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe FirewallRules: [{41A8E798-0F8E-45D1-8432-93BCC53F010C}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe FirewallRules: [{58B807C3-12A1-4F88-86D3-401E0E5D893B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{38E77F40-5823-4948-A0BD-75E1A0329F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{912FB4D6-6906-4841-B32F-8B210D5932EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F3556B14-A9C5-4149-B0E5-B86D8D4FBC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{36C6FAE7-A1B4-467D-8DA6-2D3E84AEFDBE}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe FirewallRules: [{203530C5-6FE9-48D2-813C-2D07BA401471}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe FirewallRules: [{F7E08E27-5A8A-4F36-B3B8-41A77142B6D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{35B84057-4BE5-4F37-8017-38C5C92F176D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{90FF37EE-6DE0-4BCB-A38A-0527EBFB9934}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A6667DFF-1DC3-461D-921F-839E982B6711}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{827B06E0-3EED-460F-9A45-13CA94E3CD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{00C3DA68-1FAD-4CE7-8293-715F55F7D764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1117CAD7-9760-494E-9B86-CEF11A2B7499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F639E9C8-3166-4DFD-843E-3EDF757AB1A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{630A32F3-91D6-407A-A39C-76F0B21DA9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DB36951C-9C64-4581-8421-DE80AE6068D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{24D02B91-4A4F-4A67-9620-105BF2723A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{78D553BB-4727-4E3A-A2FA-38755C8A105E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{03AA0DB2-CD73-4DCB-BD67-CC434CC9E11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4DD0252A-5C13-4172-BC0A-58303FD5826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F46B26E6-231B-4527-AA28-53420113F5A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6C46B344-FE98-44AD-9225-6E2A5B30A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{835C5F12-A684-4118-BB4B-66127C15448E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A3767BB1-C791-45D3-9485-E93CB7B6FA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7EE37BB7-48F4-4915-B83B-5FAC8A0FC556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A8D5EE1B-3999-4A11-9806-1A0A38E46794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{725B656F-96A7-4C74-B4F3-6780E1F0D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9C97DF80-850C-4F31-B2CE-D94657968D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D6284FE9-50A1-4B2B-A10E-27B0ACD30DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{465CF54E-D5DE-4A56-A05B-B0240DD44CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5DFB7ED5-9F6A-4CD4-9ACC-EC6DBBAE8A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe FirewallRules: [{76427E99-8ADD-4DAA-81C4-417B7B8D5803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe FirewallRules: [{621937BD-D981-4C95-80FF-96A1D859EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe FirewallRules: [{49D86B97-9DDB-474C-BDF6-46AAA7A22AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe FirewallRules: [{CB826F54-CF36-47CF-9771-5468BD358D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{43B14C39-2595-47AD-A846-7C4639322005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BFE472BA-4B51-4E1B-B9F2-B5E45EC83B62}] => (Allow) C:\Users\User\AppData\Local\Amigo\Application\amigo.exe FirewallRules: [{88EDA688-0FB6-4A62-9531-D90EB7EC8304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{56238A4E-6EC3-4A06-864D-8D4CCE1A8D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C4045F01-3122-4AD9-89C0-8EC145FB05B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B817A402-3E58-4F00-A835-D22606A17D37}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{662193E9-A68A-4D55-9307-3C996B63617D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F4E404A0-EDC9-4DDD-BF47-7EBD0D1BF49C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C2438BBE-39A7-4563-BFA8-E2A7C232EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC29D20A-6294-4468-9F60-9D63F50FAAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4A8C0776-7287-4D0A-8B3D-4E374F50C99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{70B16ACD-0BDA-4D0A-92E7-4F844B81CEAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B7AAD675-94C9-402E-A31E-F4F8C3DB6AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7DCC45EF-FD28-4192-9DB1-4120267D3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7F24F3A0-91C3-47D8-A09D-B90624B51889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D29D4F65-F763-44CA-B4A0-7951FB1AC9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4F7B7C1E-9B81-4B26-9222-6308D447D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1F2AA15F-AC41-41D4-B26C-4BE7879BF73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B94FEEFC-8B36-4D6F-AEA2-B79160809F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FFA76159-E71D-4B66-B531-528E772AABB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{294C5491-44EF-4C32-833F-7A47B92D3E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F0049852-166A-430B-ABDC-E31AFEE48208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1633295D-608E-4823-B8C9-F3F64304DF2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{88EB08EA-20FE-40A8-B4DA-5478DE1C6070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D820E99A-5447-4D30-968F-564DC7788283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6868A4E1-9064-48FD-AFD5-18A89C12D027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{88CBAD27-EEF2-412D-B520-45BCBE9D5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FB9D0FCD-6EF0-41B1-A98E-B8BF9DE8DB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B335EB47-7C62-4F86-81EB-21EB578CD69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8F83D012-4B18-494C-B2DB-50F9B236F603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{89BF9A08-A450-452E-BFC1-E47CABA9C2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{22B41573-BC17-4BED-92B5-03B166A8FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A2DC8C65-2FEC-48BF-8EDC-F7610D09E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6098D482-AA02-4D27-8FCA-8E53529DE329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{44835A16-B98F-4E9C-B20C-D55D7FDDC723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CC61F07D-9938-4F86-8ECA-F52EBB314826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{761EB03A-7B83-4798-B117-270023D645FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E084600A-41D5-45C3-BA83-184C1DFD8244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DC7664F2-15A6-4A5E-BA30-FD0101986538}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B38C225E-2605-4465-BE47-9581E1B3FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9CA93BEE-A804-4351-A83A-380CC15BEC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DBF2A0C7-4384-46D0-8A46-6EA75B99C6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0DFB5ACB-2F92-4B26-8A00-27BC796CC478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{026A940B-BB99-43FE-8F1F-F47903A19317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{432B677C-3DEE-4839-83B8-CBAC272C2A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe FirewallRules: [{94F1BDAC-7A35-44D0-AE9B-06E15F391CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe FirewallRules: [{3540031F-3367-4235-80B0-93077A812E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe FirewallRules: [{4C645D74-AA82-466E-8520-320BFBACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe FirewallRules: [{DBAE94C8-EE3F-4DDA-AC0F-C6935A69383C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe FirewallRules: [{143EDC98-D87C-428B-AB79-47A302A09757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe FirewallRules: [TCP Query User{FDE537CA-E52A-4D25-9F6B-FD6EC755942D}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe FirewallRules: [UDP Query User{039A8AAB-ABDC-4800-9763-7F90019E56D7}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe FirewallRules: [{92D2975F-0BB2-4FE1-A936-629F32C7AED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DACFF985-FF59-4A3E-BF2B-780C9D6A6055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9E75A87A-5A4E-4ED8-A03A-6B54CC46A85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5D1A7149-2EF4-4685-9815-677DAD18901B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8312F4C7-5536-4089-BD16-91DEF34305D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B3D074A5-F6D4-4935-96B9-F689C845C60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BA7BB3DA-A40E-4456-9516-C89FCD92E199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E0262FA2-2B8A-4222-BF9B-257FA27BA6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6989BDFA-687B-48EA-AA8A-A5200A2B353A}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe FirewallRules: [{083C1360-085E-4525-817F-F90C2C557CC1}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe FirewallRules: [{C6CA2DD7-326B-49DE-B6AC-3D87DF664902}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe FirewallRules: [{DBFBDD33-482A-491F-9188-19DEF84EA576}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe FirewallRules: [{E6557E5E-B934-420A-B65D-9934B5ADA2C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{89579B47-3D96-45FD-AB2D-17494569E478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7ED65494-7B82-44B0-B3E6-E6EF4734579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DF4B0940-FD83-41E2-9BAE-7F11AFC61529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E3631F91-5BEC-4F92-8EBB-5F2547A82356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{038EE9D5-17A0-4150-ACF2-428EAAC45D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{07A81033-B7A7-4C54-8D9D-5C02EB2155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{68FCFBAA-6ABC-4857-A106-AACCD03632D0}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{CB83078D-B89E-492D-8324-57F82B85F7B3}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [TCP Query User{A9EEBBF2-08B1-4E34-A9B7-92A11616D326}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe FirewallRules: [UDP Query User{8696CAE3-BC47-48D9-B41F-575582000442}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe FirewallRules: [{C85A76F9-3277-471A-A52B-AC30A11E2683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CF172423-3DB3-4FAF-84A1-53D28E503B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{23ACCB44-F3FF-4692-BAD4-74C883712C44}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{46D86578-0ADF-4724-9522-89069D5A4D16}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{9A1727CD-78DD-4CE3-89C6-712472CF6F96}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe FirewallRules: [{3CCFD425-FF43-44F6-A851-E06AE52C09F7}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe FirewallRules: [{6C96897F-08C9-4621-B756-D5F539FD5E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D34C83E2-7DFE-43D5-8623-2FC92E639A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{109F9CB0-6C76-4035-8711-5953365A529B}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe FirewallRules: [{759715BE-4C86-4840-9835-AA7B293C3665}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe FirewallRules: [{F518E36F-8DC9-42F3-B4EA-4C3922756AA3}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe FirewallRules: [{A996469D-C3DE-4BD2-BEBE-74AC2CCD95B7}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe FirewallRules: [{5EB33C3D-10D8-41BE-A53A-346FB28A9CD1}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe FirewallRules: [{D9903764-0E03-46DE-9E39-7A5F808FFF0D}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe FirewallRules: [{953B1213-B3E1-4A8B-92F0-410BDE9C56E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4C1F8611-EF12-4C66-8FEE-65E178BCC9A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F8589C90-AA03-4ECC-8144-1E37D929ECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{328AFA16-6784-4DB7-BD14-0ED2D494AA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2FA06BD2-3501-4D2A-8E5B-7310232281AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1FD13A20-E497-4505-874F-C3DCB875719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AC754828-832E-4D2A-8223-3E0A14610618}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe FirewallRules: [{CBBE9FC0-9003-4178-943F-55402DA95729}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe FirewallRules: [{1E822975-9E3F-452F-B8FB-FA16C2791B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9B523FF8-97D2-4CD6-A396-63DD3CDBD61A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{37FD9A7A-F289-4422-BA50-2D3A92734E92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{988DD954-4688-4884-8756-34976ECB62A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B9466775-1D83-414D-87A6-935D51DA4FBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{43B8C807-32FC-4FA9-8C6A-E51035CFC2BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe ==================== Restore Points ========================= 19-02-2017 14:53:59 Windows Update 23-02-2017 11:15:00 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/25/2017 09:34:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:32:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:30:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:29:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:28:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:26:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:24:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:22:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:21:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/25/2017 09:20:00 PM) (Source: ESENT) (EventID: 474) (User: ) Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. System errors: ============= Error: (02/25/2017 05:40:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EF75065) Description: The server {CACE29C3-10A7-4B66-A8CA-82C1ECEC1FA3} did not register with DCOM within the required timeout. Error: (02/25/2017 02:39:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/25/2017 09:01:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital). Error: (02/25/2017 08:16:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/24/2017 11:09:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EF75065) Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout. Error: (02/24/2017 11:09:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/24/2017 09:33:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/24/2017 09:28:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital). Error: (02/24/2017 07:37:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/23/2017 11:10:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-02-25 20:41:28.570 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-25 20:41:24.839 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-24 11:25:00.531 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-24 11:22:40.199 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-23 20:01:25.573 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-23 20:00:08.257 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-22 22:47:09.218 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-22 22:47:02.548 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-02-21 07:53:18.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-20 20:00:46.354 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz Percentage of memory in use: 78% Total physical RAM: 8127.55 MB Available physical RAM: 1758.34 MB Total Virtual: 18367.55 MB Available Virtual: 4980.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:243.65 GB) (Free:31.51 GB) NTFS Drive d: () (Fixed) (Total:687.37 GB) (Free:61.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B4E1C60) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites
Recommended Posts