Jump to content

Recommended Posts

Hello.From 1 month i'm infected with annoying russian adware which takes me to ad domains like for example "globalworldcityy.ru/otoxym" and "puklisi.ru".I tried to remove it with ADWCleaner,Avast,MalwareBytes,Eset Online scanner,zemana anti-malware and Sophos Virus removal tools but no one of these things helper.(I worked without instructions I have little expirience with that).Please help me.Thanks :)

Link to post
Share on other sites

I forgot the logs sorry

p.s Still MalwareBytes couldn't remove it
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.2.2017 г.
Scan Time: 9:07
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.21.01
Rootkit Database: v2017.02.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399128
Time Elapsed: 36 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\globalworldcityy, Delete-on-Reboot, [9afbb5f02b7dc3733b3e9a1f649c2fd1], 

Registry Values: 1
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}|Path, \globalworldcityy, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.StartPage, C:\Windows\System32\Tasks\globalworldcityy, Quarantined, [b6df00a52781c5718e84f0c99c6431cf], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by User (21-02-2017 09:51:49)
Running from C:\Users\User\Desktop\Malware Fighting tools
Windows 10 Pro Version 1607 (X64) (2016-09-20 09:49:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-691218479-2863476526-4080224816-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-691218479-2863476526-4080224816-503 - Limited - Disabled)
Guest (S-1-5-21-691218479-2863476526-4080224816-501 - Limited - Disabled)
User (S-1-5-21-691218479-2863476526-4080224816-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

24 HOURS (HKLM\...\Steam App 485580) (Version:  - MysticGames)
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
A4 TECH PC Camera H (HKLM-x32\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.0 - Vimicro Corporation)
A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - Vimicro)
Absconding Zatwor (HKLM\...\Steam App 385200) (Version:  - Zonitron Productions)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Alien: Isolation (HKLM\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlerite (HKLM\...\Steam App 504370) (Version:  - Stunlock Studios)
BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Break Into Zatwor (HKLM\...\Steam App 395980) (Version:  - Zonitron Productions)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Charles 4.0 (HKLM\...\{E0A65A42-FEA8-4BF1-AB8E-B28821357268}) (Version: 4.0.0.19 - XK72 Ltd)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Counter-Strike CSS Edition 1.6 (HKLM-x32\...\Counter-Strike CSS Edition 1.6) (Version:  - )
Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.35.1.6 - Valve Software)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crack NewBlue ColorFast 3.0 build 121113 (HKLM-x32\...\Crack NewBlue ColorFast 3.0 build 121113_is1) (Version:  - )
Crack NewBlue Creative Effects V3.0 Build 121113 (HKLM-x32\...\Crack NewBlue Creative Effects V3.0 Build 121113_is1) (Version:  - )
Crack NewBlue Transitions Pack v3.0 build 121113 (HKLM-x32\...\Crack NewBlue Transitions Pack v3.0 build 121113_is1) (Version:  - )
Crack NewBlue Video Essentials Tools V3.0 Build 121113I (x86) (HKLM-x32\...\Crack NewBlue Video Essentials Tools V3.0 Build ~EFB930F3_is1) (Version:  - )
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
Discord (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DISTRAINT (HKLM\...\Steam App 395170) (Version:  - Jesse Makkonen)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision)
Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version:  - Zonitron Productions)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
GenArts Sapphire Plug-ins 6.13 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version:  - insayn)
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Last Survivor (HKLM\...\Steam App 463620) (Version:  - Original Games)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mike Crash's Vegas Filters Uninstall (HKLM-x32\...\Mike Crash Vegas Filters) (Version:  - )
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series - Episode 1 (HKLM\...\Steam App 560040) (Version:  - Telltale Games)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Minion Masters (HKLM\...\Steam App 489520) (Version:  - BetaDwarf)
Monsti (HKLM\...\Steam App 526790) (Version:  - Unika Games)
Mozilla Firefox 48.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 bg)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version:  - )
NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version:  - )
NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version:  - )
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version:  - )
NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version:  - )
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version:  - )
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Overgrowth (HKLM\...\Steam App 25000) (Version:  - Wolfire)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Pixel Puzzles Ultimate (HKLM\...\Steam App 351030) (Version:  - Decaying Logic)
Plantera (HKLM\...\Steam App 421040) (Version:  - VaragtP)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.5.7.57 - Razer Inc.)
RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Receiver (HKLM\...\Steam App 234190) (Version:  - Wolfire Games)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SpeechLab (HKLM-x32\...\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}) (Version: 1.0.0 - BACL)
Spermination (HKLM\...\Steam App 363460) (Version:  - Phr00t's Software)
SPINGUN (HKLM\...\Steam App 548230) (Version:  - Fermenter Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamline (HKLM\...\Steam App 252850) (Version:  - Proletariat Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witness (HKLM\...\Steam App 210970) (Version:  - Thekla, Inc.)
Trapcode Suite v13.0.3 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.3 - Red Giant, LLC)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.4.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden
WayOut (HKLM\...\Steam App 551110) (Version:  - Konstructors)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windscribe version 1.59 build 10 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.59 build 10 - Windscribe)
Winexy (HKLM\...\Steam App 577740) (Version:  - Heaven Brotherhood)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version:  - 2D BOY)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033C4581-6095-4955-AE1D-18B48EA2D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {0650722C-556F-4689-9530-50B3A7FA162F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {0E67BFAA-FC80-4A34-89B0-509C7B1036B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {2585EB47-A12D-4171-A9C1-5907CE2078E2} - System32\Tasks\TaskSched => Chrome.exe hxxp://gjdksleeeee.ru/eloxym
Task: {357A5796-602D-4D35-9B60-514E140BBAFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {468DC828-22D4-4C44-8EE2-26F9B960E9E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CEB3BB4-8F2F-486A-A6B7-C84499DF5F71} - System32\Tasks\{5C066DAE-FB13-483C-BE23-A69C5C4EC109} => pcalua.exe -a "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]\SpeakText.exe" -d "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]"
Task: {6170626D-3C5D-4C9F-B2E9-34F61090ADEB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {6221933B-222E-45E3-8E8E-3AD711C62F71} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2016-02-08] ()
Task: {7AB6445E-57CC-48BB-A5EA-7CCA84FB5E17} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {7E3F2FA5-AF10-4AA2-A5D7-DF1867E0751E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {801754FA-821A-4AEE-AF7D-A959F9534F84} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {92333B72-C092-4CED-83F0-7946F94CD656} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {99868715-6BE5-4495-B53F-C3CFE389FBE8} - System32\Tasks\SafeZone scheduled Autoupdate 1474658096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {BD4B5B7F-5C97-4493-A05F-DEB77DAF04FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {F6801EA8-9497-48D3-B5CA-A616D2A10CDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {FB3E981A-AA84-4FF4-84DD-F8309D93B584} - System32\Tasks\{179AE184-A649-4CA8-A3D0-6C614864584D} => pcalua.exe -a "C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers\Social Club v1.1.5.8 Setup.exe" -d C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\User\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\771f8bd89de33137\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-19 21:10 - 2016-07-19 21:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-08-02 19:04 - 2016-07-24 01:38 - 00047208 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-30 05:23 - 2016-06-30 05:23 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-20 20:51 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:18 - 2016-12-21 04:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-07 22:51 - 2017-02-01 06:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 22:51 - 2017-02-01 06:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-10-30 10:26 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe
2016-08-02 19:04 - 2016-07-24 01:38 - 07647848 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-01-23 07:07 - 2017-01-23 07:08 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-02-18 07:42 - 2017-02-18 07:42 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 07:42 - 2017-02-18 07:42 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 07:42 - 2017-02-18 07:42 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 10:00 - 2017-02-07 10:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2016-06-27 12:22 - 2016-06-27 12:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-20 21:09 - 2017-02-20 21:09 - 05876224 _____ () C:\Program Files\AVAST Software\Avast\defs\17022002\algo.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-12 10:35 - 2016-08-12 10:35 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2016-07-12 18:53 - 2016-12-23 15:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-12 18:53 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 00638976 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2016-08-02 19:04 - 2016-04-26 22:04 - 01264128 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-13 10:53 - 2017-01-13 10:53 - 01082880 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-13 10:53 - 2017-01-13 10:53 - 03750400 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-13 10:53 - 2017-01-13 10:53 - 00914432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-13 10:53 - 2017-01-13 10:53 - 01127424 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\keyhook.dll
2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\SpeakTextCom.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-10 13:41 - 2016-08-01 13:20 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-01-12 08:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-02-21 09:48 - 2017-02-21 09:48 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\8042.tmp.node
2017-01-13 10:53 - 2017-01-13 10:53 - 02658304 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2016-12-14 12:27 - 2017-01-05 00:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ:1 [898]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 04:24 - 2016-12-03 08:56 - 00000116 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.100.1 - 198.41.0.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DBDCB109-955C-4942-8527-AFA42960EAAA}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe
FirewallRules: [TCP Query User{8CE20F01-1CCD-4410-86B0-C4CF7FEA37C6}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe
FirewallRules: [{E011C6A1-7651-4FAD-8E09-99F7CEA118CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BADF7BF-E48F-4A25-AB9F-5A14C5CC32E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{2C01EF1C-35D0-49D4-8CC5-55319149F0E0}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D3D2C64C-6231-4D41-B3C0-4AC77359CF41}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe
FirewallRules: [{47F4AEF8-48EE-4EB3-AC9C-03CA0B2D102B}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5951E8A7-DDDC-4B36-B326-2D087F9AC8E5}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe
FirewallRules: [{4ED8F7F7-A7A5-4001-B42A-942424D97E81}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe
FirewallRules: [{BBCD2C6D-E774-476B-90AE-69FBE65BA5C7}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3341384-1A64-4E4F-9416-5D1BDA6D1B61}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe
FirewallRules: [{427714CC-A96E-44D7-9E0D-1A39057908CC}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe
FirewallRules: [UDP Query User{4D6D4A2D-2A13-4E51-A557-167F84D23718}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe
FirewallRules: [TCP Query User{5F96416E-CDE2-48EC-ADC1-9733174C8067}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe
FirewallRules: [UDP Query User{E1FEF267-D6E7-4419-9C1A-3F0CD63167C6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{5AC975BD-BEBB-4554-A782-B852B0DDF0A7}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{D07A55E2-534B-4A79-8E28-54AC84E14FF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DB2F543D-4785-4122-8FFC-D448EE29778F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{AB3946FD-4208-4E40-870F-42E1DCA1BA36}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe
FirewallRules: [TCP Query User{98A40DD3-8AA4-4736-B9CF-CD9D98F012FF}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe
FirewallRules: [UDP Query User{04005185-2EF0-489A-8FDE-F323FE07816D}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{924ACA3C-A74E-4D08-9199-8B8F546148B2}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{120C565E-B894-4C86-BF94-0B0B50185252}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{33A206E9-2C9D-417A-9DBF-1C94A4DE156D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E4F6FF23-1439-492F-8A75-B97B11CECAD7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{98C53AF6-FF7D-48B4-8DF4-1B696CDB64CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2AB8580D-6BE2-45B9-B646-92B65C3C2374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{987D3D80-BA00-4C26-8003-3E93F727F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1865D1D6-89F6-4CBF-AF67-8A024D3E36DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9FED75D9-A3B1-474A-B0FC-BB05F83A15FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A682E27-8475-4089-BB91-E8AC431B06E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{75A964A0-82AB-4766-8BB2-F53CFDF6E874}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{04595A0D-32AF-4023-953A-118169CA1F02}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{89446BC2-5F21-4756-BF54-223F2B6BF3B6}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{23F75D1A-A81E-4982-84CD-224F413EA478}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{F607EE37-6B9B-4443-860C-91715CFBAA1E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E12B1A35-4636-449D-987F-670928EA3D31}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3801F88B-5471-4857-9768-26364727A9C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15D60289-A385-4F45-9728-6B03FEB46E0E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{DE4C9ED2-C757-4710-A881-BEB4A7C62DA8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{303C1E4B-DA58-42E7-9404-785D806BE847}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C6083222-6B6A-4432-8C02-42B0600CFE5C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D475B9C9-FD81-445D-807D-69F396B0EB5E}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{A999C29A-E1DB-4E85-8AAF-43497101F34F}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D0263CE3-8D4B-4A11-B90A-8A70C51504B2}] => (Allow) C:\Users\User\AppData\Local\Temp\is-N3OMN.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{7B18ED13-B200-4925-A189-70EEAEE2FCFE}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe
FirewallRules: [{5AF9732A-0B32-48C8-8DBE-8298B12133F5}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe
FirewallRules: [{47D684F7-14F2-4E50-A538-6A6BE2D92370}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{D34F7BAF-5BF1-47AC-BA10-86190911031D}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe
FirewallRules: [{D2D03F12-E0A2-4F9B-9BED-9E5BF0F54301}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{72F22AA6-8F9C-403B-8EC1-4D09622E19D6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{ECE9D62E-798E-4739-A2EA-BE7A1C84A266}] => (Allow) D:\Niche.v0.0.7\Unity\Editor\Unity.exe
FirewallRules: [{79F44869-7B74-4BB6-B246-B3AC7C9E4C8B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{3398C9EA-3672-4BF0-A2A7-E4CDAB272BFF}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{320FB54C-A1CC-4890-9A11-5E1961F2AB4F}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [TCP Query User{00DFE3AA-92B0-4DDE-9520-19914B62F214}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{4888F1C6-830E-4C8F-99BB-A4E76C27815F}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [{2CD5D846-3D3E-4236-93BF-B2EB7B9EC2F6}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{51AF039C-0028-4E92-A518-6CBBA1DF424B}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{80A09AA2-7818-4105-90F9-8D3D71103E2C}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{B9A135AA-423E-4FF6-B7C4-C293CA6F2499}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{92FB818C-BFFF-42E0-B7B8-C811146414A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{B976F08A-E3AA-4E1C-914E-2D49F9B73CA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{BCAB5365-6FF0-4DB9-9F5D-B0CD7599D378}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{A593528B-5B77-4665-AEE5-3D337248B40E}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{4DACDA58-61CA-4031-A428-11456B325C2F}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BF25891A-45E1-493D-9BED-6E05518E7768}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3C89CEB6-22C5-4C81-8CFE-C1E1AD6AE5B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8916E4CD-B934-4730-B151-4FC22E837ED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8263EF20-9F8C-4FD7-8D76-06C28187B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC2A2203-C249-4370-86EA-59A8D5212EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C056DD5F-E720-41D4-938F-0278DF0D54DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A9CA1CF-86C1-436E-B032-3E20DD07A098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE628170-CBB4-4C23-AB24-6BC0F1592C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{216B706A-C3A5-4E3C-8771-B360020B75C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12AA05A6-3627-41DC-92F3-F08986F4F78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF623493-0926-4AE0-A8D5-E217FFBE6447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B30BFEF-3F88-44C9-AC1A-4DC546FDB195}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe
FirewallRules: [{7CE6A016-CF4E-4D29-992E-B8EE4599E4CD}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe
FirewallRules: [{27940FC2-9FE7-4A8F-84AF-A06E85A83F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D34E463-080F-443F-9FA9-4ACCA24206BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B95C3AAA-3F4E-4E1D-A208-29C3545565B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B906CCF4-80D5-4CD4-9603-9FF84100A699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{326FE78E-F351-4C87-A16C-381780157764}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe
FirewallRules: [{64676190-BE73-4980-AEAF-42199748B6CE}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe
FirewallRules: [{5EC935AB-5534-428B-8FBF-0BC47240D9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{62872165-6851-4022-AFCF-7E906D667396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D75EA28D-AD7A-4E85-892A-891C46FFF86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{640BE1DE-2ADD-4C8E-864E-7E7D3D10B91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{19FFB3D8-2F76-41DF-AB01-50467813A802}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{2972D3A0-A9B9-4CBF-95A1-2A666A72F68A}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{0CD8E2FF-4545-4B4B-8D66-7BF1F74AC9DF}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{46032CDC-75CF-4692-8C8A-36957C521A57}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe
FirewallRules: [{9C7EE8F1-B35E-4863-8B1A-3ED8454EA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99EA8F68-80AA-4055-A01C-43699DAA91E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03D95A6A-685F-466C-98C0-D986B12D4B88}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{BCF1B717-B045-4C3F-8CAE-DBD5A8AA7C67}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{60A19530-8208-47E7-94BC-6F6A9D93FBE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C9D1EAB-ADDF-4A75-A396-83C4C4BF9E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{782ABA6B-6DC4-4152-9236-ADD9B5BD74D9}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{365F048E-AB85-4013-BB14-692C1637B372}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{C6FD957D-E4A9-4549-A970-1838E36A729E}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{EA88F506-853D-4912-BF70-D45FF5AB6FF8}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{EEF4523A-396C-44FA-B5BE-15CCF763FA30}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe
FirewallRules: [{F4B21E1A-C35B-4D80-ABFD-CFBA43203F1C}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe
FirewallRules: [{60252435-A527-434F-9DF2-B27FFF5CD23F}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{EBB9C111-D496-49D6-BEF3-E3001E8BE4FF}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{B3C0745B-4228-47F5-89B7-2210665BE324}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe
FirewallRules: [{9F2FBEB0-EB57-4BA3-95C7-AB58E43AC4D7}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe
FirewallRules: [{CDF9E0F7-31C2-4ED7-A3E2-E5F9F5FAE255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D5D52F3-CDC6-41A4-BEC6-289583DD0DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59724E98-D62D-4A59-825A-ADCEE2FD4903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AD44064-164F-44B2-A93E-34EF50531C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{B5F86C54-0C5E-498E-87B6-DB1B058B0725}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{D4FA88F0-E58E-4FBE-9105-BBF8271204C3}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{FF8E5D2B-1326-48FC-8E2E-AC8A39249884}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{6BC8A1B4-1DA4-4D44-A479-2B0ACCB116A2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{423011CF-44C8-49E6-B8F3-DC43A28BCC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC7506D9-F22D-45DC-BEE9-815333852564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E4A0B77-D02D-4AE7-AB3A-C0BDAA87C3E1}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{41A8E798-0F8E-45D1-8432-93BCC53F010C}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{58B807C3-12A1-4F88-86D3-401E0E5D893B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{38E77F40-5823-4948-A0BD-75E1A0329F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{912FB4D6-6906-4841-B32F-8B210D5932EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3556B14-A9C5-4149-B0E5-B86D8D4FBC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36C6FAE7-A1B4-467D-8DA6-2D3E84AEFDBE}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe
FirewallRules: [{203530C5-6FE9-48D2-813C-2D07BA401471}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe
FirewallRules: [{F7E08E27-5A8A-4F36-B3B8-41A77142B6D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35B84057-4BE5-4F37-8017-38C5C92F176D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90FF37EE-6DE0-4BCB-A38A-0527EBFB9934}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A6667DFF-1DC3-461D-921F-839E982B6711}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{827B06E0-3EED-460F-9A45-13CA94E3CD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00C3DA68-1FAD-4CE7-8293-715F55F7D764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1117CAD7-9760-494E-9B86-CEF11A2B7499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F639E9C8-3166-4DFD-843E-3EDF757AB1A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{630A32F3-91D6-407A-A39C-76F0B21DA9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB36951C-9C64-4581-8421-DE80AE6068D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24D02B91-4A4F-4A67-9620-105BF2723A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78D553BB-4727-4E3A-A2FA-38755C8A105E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03AA0DB2-CD73-4DCB-BD67-CC434CC9E11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DD0252A-5C13-4172-BC0A-58303FD5826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F46B26E6-231B-4527-AA28-53420113F5A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C46B344-FE98-44AD-9225-6E2A5B30A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{835C5F12-A684-4118-BB4B-66127C15448E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3767BB1-C791-45D3-9485-E93CB7B6FA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7EE37BB7-48F4-4915-B83B-5FAC8A0FC556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8D5EE1B-3999-4A11-9806-1A0A38E46794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{725B656F-96A7-4C74-B4F3-6780E1F0D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C97DF80-850C-4F31-B2CE-D94657968D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D6284FE9-50A1-4B2B-A10E-27B0ACD30DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{465CF54E-D5DE-4A56-A05B-B0240DD44CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5DFB7ED5-9F6A-4CD4-9ACC-EC6DBBAE8A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe
FirewallRules: [{76427E99-8ADD-4DAA-81C4-417B7B8D5803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe
FirewallRules: [{621937BD-D981-4C95-80FF-96A1D859EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe
FirewallRules: [{49D86B97-9DDB-474C-BDF6-46AAA7A22AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe
FirewallRules: [{CB826F54-CF36-47CF-9771-5468BD358D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{43B14C39-2595-47AD-A846-7C4639322005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BFE472BA-4B51-4E1B-B9F2-B5E45EC83B62}] => (Allow) C:\Users\User\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{88EDA688-0FB6-4A62-9531-D90EB7EC8304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{56238A4E-6EC3-4A06-864D-8D4CCE1A8D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4045F01-3122-4AD9-89C0-8EC145FB05B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B817A402-3E58-4F00-A835-D22606A17D37}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{662193E9-A68A-4D55-9307-3C996B63617D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F4E404A0-EDC9-4DDD-BF47-7EBD0D1BF49C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C2438BBE-39A7-4563-BFA8-E2A7C232EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC29D20A-6294-4468-9F60-9D63F50FAAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A8C0776-7287-4D0A-8B3D-4E374F50C99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70B16ACD-0BDA-4D0A-92E7-4F844B81CEAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7AAD675-94C9-402E-A31E-F4F8C3DB6AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7DCC45EF-FD28-4192-9DB1-4120267D3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F24F3A0-91C3-47D8-A09D-B90624B51889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D29D4F65-F763-44CA-B4A0-7951FB1AC9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F7B7C1E-9B81-4B26-9222-6308D447D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F2AA15F-AC41-41D4-B26C-4BE7879BF73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B94FEEFC-8B36-4D6F-AEA2-B79160809F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFA76159-E71D-4B66-B531-528E772AABB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{294C5491-44EF-4C32-833F-7A47B92D3E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0049852-166A-430B-ABDC-E31AFEE48208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1633295D-608E-4823-B8C9-F3F64304DF2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88EB08EA-20FE-40A8-B4DA-5478DE1C6070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D820E99A-5447-4D30-968F-564DC7788283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6868A4E1-9064-48FD-AFD5-18A89C12D027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88CBAD27-EEF2-412D-B520-45BCBE9D5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB9D0FCD-6EF0-41B1-A98E-B8BF9DE8DB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B335EB47-7C62-4F86-81EB-21EB578CD69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F83D012-4B18-494C-B2DB-50F9B236F603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89BF9A08-A450-452E-BFC1-E47CABA9C2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22B41573-BC17-4BED-92B5-03B166A8FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2DC8C65-2FEC-48BF-8EDC-F7610D09E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6098D482-AA02-4D27-8FCA-8E53529DE329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44835A16-B98F-4E9C-B20C-D55D7FDDC723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CC61F07D-9938-4F86-8ECA-F52EBB314826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{761EB03A-7B83-4798-B117-270023D645FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E084600A-41D5-45C3-BA83-184C1DFD8244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC7664F2-15A6-4A5E-BA30-FD0101986538}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B38C225E-2605-4465-BE47-9581E1B3FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CA93BEE-A804-4351-A83A-380CC15BEC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DBF2A0C7-4384-46D0-8A46-6EA75B99C6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0DFB5ACB-2F92-4B26-8A00-27BC796CC478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{026A940B-BB99-43FE-8F1F-F47903A19317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{432B677C-3DEE-4839-83B8-CBAC272C2A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe
FirewallRules: [{94F1BDAC-7A35-44D0-AE9B-06E15F391CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe
FirewallRules: [{3540031F-3367-4235-80B0-93077A812E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{4C645D74-AA82-466E-8520-320BFBACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{DBAE94C8-EE3F-4DDA-AC0F-C6935A69383C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe
FirewallRules: [{143EDC98-D87C-428B-AB79-47A302A09757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe
FirewallRules: [TCP Query User{FDE537CA-E52A-4D25-9F6B-FD6EC755942D}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{039A8AAB-ABDC-4800-9763-7F90019E56D7}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe
FirewallRules: [{92D2975F-0BB2-4FE1-A936-629F32C7AED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DACFF985-FF59-4A3E-BF2B-780C9D6A6055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E75A87A-5A4E-4ED8-A03A-6B54CC46A85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5D1A7149-2EF4-4685-9815-677DAD18901B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8312F4C7-5536-4089-BD16-91DEF34305D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B3D074A5-F6D4-4935-96B9-F689C845C60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA7BB3DA-A40E-4456-9516-C89FCD92E199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0262FA2-2B8A-4222-BF9B-257FA27BA6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6989BDFA-687B-48EA-AA8A-A5200A2B353A}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe
FirewallRules: [{083C1360-085E-4525-817F-F90C2C557CC1}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe
FirewallRules: [{C6CA2DD7-326B-49DE-B6AC-3D87DF664902}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe
FirewallRules: [{DBFBDD33-482A-491F-9188-19DEF84EA576}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe
FirewallRules: [{E6557E5E-B934-420A-B65D-9934B5ADA2C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89579B47-3D96-45FD-AB2D-17494569E478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7ED65494-7B82-44B0-B3E6-E6EF4734579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF4B0940-FD83-41E2-9BAE-7F11AFC61529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3631F91-5BEC-4F92-8EBB-5F2547A82356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{038EE9D5-17A0-4150-ACF2-428EAAC45D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07A81033-B7A7-4C54-8D9D-5C02EB2155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68FCFBAA-6ABC-4857-A106-AACCD03632D0}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{CB83078D-B89E-492D-8324-57F82B85F7B3}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{A9EEBBF2-08B1-4E34-A9B7-92A11616D326}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{8696CAE3-BC47-48D9-B41F-575582000442}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{C85A76F9-3277-471A-A52B-AC30A11E2683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF172423-3DB3-4FAF-84A1-53D28E503B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23ACCB44-F3FF-4692-BAD4-74C883712C44}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{46D86578-0ADF-4724-9522-89069D5A4D16}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{9A1727CD-78DD-4CE3-89C6-712472CF6F96}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{3CCFD425-FF43-44F6-A851-E06AE52C09F7}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{6C96897F-08C9-4621-B756-D5F539FD5E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D34C83E2-7DFE-43D5-8623-2FC92E639A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{109F9CB0-6C76-4035-8711-5953365A529B}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{759715BE-4C86-4840-9835-AA7B293C3665}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{F518E36F-8DC9-42F3-B4EA-4C3922756AA3}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{A996469D-C3DE-4BD2-BEBE-74AC2CCD95B7}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{5EB33C3D-10D8-41BE-A53A-346FB28A9CD1}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{D9903764-0E03-46DE-9E39-7A5F808FFF0D}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{953B1213-B3E1-4A8B-92F0-410BDE9C56E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C1F8611-EF12-4C66-8FEE-65E178BCC9A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F8589C90-AA03-4ECC-8144-1E37D929ECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{328AFA16-6784-4DB7-BD14-0ED2D494AA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FA06BD2-3501-4D2A-8E5B-7310232281AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1FD13A20-E497-4505-874F-C3DCB875719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC754828-832E-4D2A-8223-3E0A14610618}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe
FirewallRules: [{CBBE9FC0-9003-4178-943F-55402DA95729}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe

==================== Restore Points =========================

12-02-2017 10:02:40 Windows Update
15-02-2017 14:43:17 Windows Update
19-02-2017 14:53:59 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2017 09:46:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/21/2017 09:46:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/21/2017 09:00:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vegas130.exe, version: 13.0.0.453, time stamp: 0x55720ce9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x29dc
Faulting application start time: 0x01d28c36350db08e
Faulting application path: C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 92c30872-2ac3-497c-83d7-78e2b6c68df8
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/21/2017 08:54:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 08:53:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 08:38:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 08:37:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 07:58:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (02/21/2017 07:56:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/21/2017 07:56:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.


System errors:
=============
Error: (02/21/2017 09:49:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital).

Error: (02/21/2017 09:46:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 09:45:35 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (02/21/2017 09:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 09:00:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 07:57:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 11:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 10:53:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 01:14:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-02-21 07:53:18.205
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-20 20:00:46.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-20 19:14:10.940
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-20 19:13:57.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-20 11:06:22.707
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-18 20:39:14.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 20:39:09.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 21:36:50.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 21:36:03.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-14 12:46:38.849
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 36%
Total physical RAM: 8127.55 MB
Available physical RAM: 5144.28 MB
Total Virtual: 18367.55 MB
Available Virtual: 14500.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.65 GB) (Free:35.98 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:66.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B4E1C60)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by User (administrator) on DESKTOP-EF75065 (21-02-2017 09:49:54)
Running from C:\Users\User\Desktop\Malware Fighting tools
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Vimicro) C:\Windows\vmsnap3.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
() C:\Windows\Domino.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
() C:\Program Files (x86)\Windscribe\Windscribe.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Българска асоциация за компютърна лингвистика) C:\Program Files (x86)\BACL\SpeechLab\TTSProfileDlg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-29] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [49152 2006-07-04] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-08-19] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-23] (AVAST Software)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1368816 2016-07-04] (Bogdan Sharkov)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] ()
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [iCall] => D:\James\iCall\iCall.exe
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1367432 2017-02-10] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk [2016-09-20]
ShortcutTarget: Configure Bulgarian Speech.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 198.41.0.4
Tcpip\..\Interfaces\{89a31647-e35c-41e6-954a-95b1caae8c97}: [DhcpNameServer] 192.168.100.1 198.41.0.4

Internet Explorer:
==================
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-691218479-2863476526-4080224816-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: uq6to8j3.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default [2017-01-21]
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-23]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-21] <==== ATTENTION
CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-11-17]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (Повиквания в Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-30]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-19]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Video Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-02-18]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-18]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28]
CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-02-01]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-28]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-01]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-28]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-23] (AVAST Software)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-29] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-08-01] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmdag.sys [32699928 2017-02-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmpag.sys [525848 2017-02-13] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-23] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-10] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-10] (ELECOM)
S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42184 2015-02-03] (Anchorfree Inc.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.)
S3 vvftav303; C:\WINDOWS\system32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-26] (Zemana Ltd.)
S3 ZSMC0303; C:\WINDOWS\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 09:47 - 2017-02-21 09:47 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignefef41194696fd6e
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndf4ac25f12e3024d
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign768d43647244ab66
2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-02-20 19:07 - 2017-02-20 19:07 - 00000222 _____ C:\Users\User\Desktop\Last Survivor.url
2017-02-20 11:10 - 2017-02-20 11:10 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-02-20 11:05 - 2017-02-20 11:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\AMD
2017-02-20 11:02 - 2017-02-20 11:02 - 34980000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170213_64bit.exe
2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c8a9d4eedf6ef7f
2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign55b33519653644d7
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda721cd187df812e
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbc772f732524804e
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5e7e968daba52c09
2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc25247caae1bdb34
2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8c85c7abbfb4329a
2017-02-18 13:57 - 2017-02-18 13:57 - 00351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign26ec685e02fca897
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign21c2d6389996e986
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1274dbcc845009c8
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbfd57de5041bf42d
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5000216ff848b5ff
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c67bf6492556570
2017-02-16 11:45 - 2017-02-16 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna2e887b47527c44d
2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5a321afbfa278a0f
2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2f93566971e86c30
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9c1f673b3cde819e
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign85eb0e50dca07ba1
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1662e630b5faedcf
2017-02-15 09:38 - 2017-02-15 09:38 - 00000222 _____ C:\Users\User\Desktop\Receiver.url
2017-02-15 09:38 - 2017-02-15 09:38 - 00000221 _____ C:\Users\User\Desktop\Overgrowth.url
2017-02-15 09:26 - 2017-02-15 09:26 - 00000221 _____ C:\Users\User\Desktop\World of Goo.url
2017-02-14 22:48 - 2017-02-15 09:24 - 00000222 _____ C:\Users\User\Desktop\The Witness.url
2017-02-14 22:40 - 2017-02-14 22:40 - 00000222 _____ C:\Users\User\Desktop\Stardew Valley.url
2017-02-14 22:23 - 2017-02-14 22:39 - 00000000 ____D C:\Users\User\Downloads\The Witness - HI2U
2017-02-14 20:09 - 2017-02-14 20:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc86765212109eec5
2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign958d8a35021e9629
2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1908629696da59f2
2017-02-13 22:24 - 2017-02-13 23:12 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ
2017-02-13 14:32 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00924696 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-02-13 14:32 - 2017-02-13 14:32 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-02-13 14:32 - 2017-02-13 14:32 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign857deb0bdb73acb8
2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign419e7ed1de275020
2017-02-13 13:10 - 2017-02-13 13:10 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign605236e60ce9aaf4
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignff63bc284cbd90cf
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c95620aa64e4fdd
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign30f42fb39380d4db
2017-02-12 22:23 - 2017-02-06 21:18 - 00000681 _____ C:\Users\User\Desktop\Nicks.txt
2017-02-12 22:23 - 2017-02-06 13:23 - 00763365 _____ C:\Users\User\Desktop\Bot3.91.jar
2017-02-12 22:23 - 2017-01-19 20:20 - 00026936 _____ C:\Users\User\Desktop\S5Proxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00007803 _____ C:\Users\User\Desktop\SSLProxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00002770 _____ C:\Users\User\Desktop\S4Proxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00000000 _____ C:\Users\User\Desktop\Alts.txt
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign80b7e0bbbacd2a06
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4270bfa142f5acb4
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign27e4e8f0c55f07f5
2017-02-11 18:55 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\ezBlueCC.aep Logs
2017-02-11 18:53 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\Adobe After Effects Auto-Save
2017-02-11 18:22 - 2017-02-11 18:22 - 00000222 _____ C:\Users\User\Desktop\Alien Isolation.url
2017-02-10 09:21 - 2017-02-10 09:21 - 00127368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2017-02-10 09:21 - 2017-02-10 09:21 - 00108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2017-02-09 19:54 - 2017-02-09 19:54 - 00000000 ____D C:\Users\User\AppData\Local\RadeonSettings
2017-02-09 13:31 - 2017-02-20 11:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-02-09 13:30 - 2017-02-09 13:30 - 34425000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170208_64bit.exe
2017-02-09 13:12 - 2017-02-09 13:19 - 00012572 _____ C:\Users\User\Documents\config.yml
2017-02-09 10:34 - 2017-02-09 11:39 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-02-09 10:34 - 2017-02-09 10:34 - 00003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-02-09 10:34 - 2017-02-09 10:34 - 00003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk
2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Gyazo
2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2017-02-08 20:54 - 2017-02-08 21:08 - 00000000 ____D C:\Users\User\Downloads\MAGIX Vegas Pro v14.0.0 Build 161 Multilingual Incl Patch [Androgalaxy]
2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3d12282ab427bec8
2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign39239f78e02ca690
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign74eee52f224163ee
2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbd85422d21ec8249
2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb0c2129923b984ce
2017-02-06 22:27 - 2017-02-06 22:27 - 00000222 _____ C:\Users\User\Desktop\Winexy.url
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6ca18dacb411151
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0cdddfd4925af2e0
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign05a481d55b765b7a
2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncbf821141236de50
2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5b8ac7667ca308c7
2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a8db63a16d3873c
2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3a12c5d343562aa8
2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign88c394360d62b8f4
2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4d492f4d4cf17716
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignacf42cedff92350e
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign920bc04b317f3c5c
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign41acb30f43380c4f
2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf20ed834c64bce5a
2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign78852940e8698bfe
2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign980e1cdbc4ad1924
2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign856a6ec98db30213
2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf452e097946deb14
2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign208dc8b221361bd5
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignec3bc5d70bf4401b
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9e28fbe3fe233ff2
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2887591d55266b17
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf6b44f2e4cabd0f4
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignab87d13b5f08e818
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign19ca0aef7dcdb624
2017-02-03 10:32 - 2017-02-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-03 08:56 - 2017-02-13 14:32 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-02-03 08:56 - 2017-02-13 14:32 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe
2017-02-03 08:56 - 2017-02-13 14:32 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00170008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-02-03 08:56 - 2017-02-03 08:56 - 00248728 _____ C:\WINDOWS\SysWOW64\SETA5CD.tmp
2017-02-03 08:55 - 2017-02-13 14:32 - 09881624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 07928856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 02504728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 02186264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00536600 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00892440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00716824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-02-03 08:54 - 2017-02-13 14:31 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-02-03 08:53 - 2017-02-13 14:31 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-02-03 08:52 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-02-03 08:52 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-02-03 08:51 - 2017-02-13 14:31 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-02-03 08:51 - 2017-02-13 14:31 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-02-03 02:24 - 2017-02-13 14:32 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-02-03 02:24 - 2017-02-13 14:32 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbf476638c5dc2fb2
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb43b7346a26da930
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0681dd8df1c9c9f4
2017-02-01 23:06 - 2017-02-01 23:11 - 00000527 _____ C:\Users\User\Desktop\New Text Document (3).txt
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Fiends of Imprisonment.url
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Break Into Zatwor.url
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Absconding Zatwor.url
2017-02-01 19:17 - 2017-02-01 19:17 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\Program Files\CPUID
2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7af2337b62eca833
2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a79f6746ae3a888
2017-02-01 17:28 - 2017-02-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-02-01 17:27 - 2017-02-20 11:10 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 17:25 - 2017-02-09 13:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-01 17:25 - 2016-12-15 21:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-01 17:25 - 2016-12-15 21:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-01 17:25 - 2016-12-15 21:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-01 17:25 - 2016-12-15 21:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\ATI
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ATI
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\ProgramData\ATI
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc1b4321d69503d89
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb64107e48a10520e
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0ca5cf2df4cd7b05
2017-02-01 14:03 - 2017-02-09 13:34 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-31 15:26 - 2017-02-01 14:13 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2017-01-31 15:24 - 2017-01-31 15:24 - 00000000 ____D C:\WINDOWS\system32\яяяяяяяяerStore
2017-01-31 15:23 - 2017-02-21 09:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-31 15:23 - 2017-02-20 11:02 - 00000000 ____D C:\AMD
2017-01-31 15:23 - 2017-02-01 17:28 - 00000000 ____D C:\Program Files\AMD
2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ff7b4e41c5008c7
2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ac6517316836db7
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne67f0245aa8e982d
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda8c29a69208b22d
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign47ea9b80be2f317d
2017-01-30 21:04 - 2017-01-30 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43cb80db0f33b781
2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9183e6f170dfbfad
2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1ac2641ef8248637
2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg.bak
2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg
2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb37f7d541af60a3f
2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign003627890c2564f3
2017-01-30 13:39 - 2017-01-30 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbcd33d395956c38e
2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8ca3b849d96dd188
2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa23bfac505a06e8
2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3bc1033ae442c0f0
2017-01-29 20:01 - 2017-01-29 20:01 - 04039535 _____ C:\Users\User\Documents\ezBlueCC.aep
2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna9c1c409d0138a6d
2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3ab36616700399dc
2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9362115c96600750
2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign556ef54085dadc11
2017-01-29 14:41 - 2017-01-29 14:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb3fd7c8b529bf327
2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9539e6bc494fa519
2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5f511921f3a57edb
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne7ac829965aebc49
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb8864999a988e18a
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb76ded90fad24975
2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncd9cd9bd1d66a919
2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign183c617a5be2fd95
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndefb682f86df1e11
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb216085f45055496
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8898d78a46fbfb65
2017-01-25 21:35 - 2017-02-04 13:40 - 00000000 _____ C:\Users\User\Desktop\New Text Document (2).txt
2017-01-25 12:49 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 12:49 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 01:29 - 2017-02-13 14:32 - 01262616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-01-25 01:29 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-01-25 01:29 - 2017-02-13 14:32 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-01-25 01:29 - 2017-02-03 08:56 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SETA51C.tmp
2017-01-25 01:29 - 2017-02-03 08:55 - 01355672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETA18E.tmp
2017-01-25 01:29 - 2017-02-03 08:55 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETA72C.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 01351192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET472F.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 01015832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5028.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00909336 _____ (AMD) C:\WINDOWS\system32\SET84E.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00305176 _____ (AMD) C:\WINDOWS\system32\SET5D6.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00258072 _____ C:\WINDOWS\SysWOW64\SET4E3C.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00038424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET4BE5.tmp
2017-01-25 01:29 - 2016-12-29 08:23 - 00029072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET512C.tmp
2017-01-25 01:29 - 2016-12-29 08:21 - 01355664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET4D31.tmp
2017-01-25 01:29 - 2016-12-29 08:21 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5648.tmp
2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndd4d997659f04a51
2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign14960739aefee3df
2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5d86ad4db91613f4
2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3209b14e9177834e
2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0b12dcaad71907ca
2017-01-23 18:27 - 2017-01-24 21:28 - 05403221 _____ C:\Users\User\Desktop\Австралия – Природни зони.pptx
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncec8b6d6eacebce7
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4fa2e7d167b1ab01
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1afa1f635f90e65c

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 09:50 - 2016-09-26 17:52 - 00064874 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-21 09:50 - 2016-09-26 17:52 - 00033760 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-21 09:49 - 2016-09-25 21:52 - 00000000 ____D C:\FRST
2017-02-21 09:49 - 2016-09-25 21:21 - 00000000 ____D C:\Users\User\Desktop\Malware Fighting tools
2017-02-21 09:48 - 2016-09-24 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 09:48 - 2016-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-21 09:46 - 2016-09-21 16:49 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-21 09:46 - 2016-09-20 06:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 09:46 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 09:45 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PLA
2017-02-21 09:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 09:20 - 2016-07-12 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-02-21 09:00 - 2016-08-31 17:25 - 00000000 ____D C:\ProgramData\rgt
2017-02-21 08:57 - 2016-07-12 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2017-02-21 08:15 - 2016-07-15 19:31 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2017-02-20 23:01 - 2016-09-20 06:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-20 22:10 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-20 22:09 - 2016-11-18 21:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-02-20 19:07 - 2016-07-12 20:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-20 18:30 - 2016-07-14 17:03 - 00000000 ____D C:\Users\User\Documents\OFX Presets
2017-02-20 17:10 - 2016-07-12 12:23 - 01649248 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-20 17:07 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-20 13:08 - 2016-07-29 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-02-20 11:04 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-18 22:26 - 2016-07-28 17:06 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables
2017-02-18 18:54 - 2016-08-01 21:01 - 00000022 _____ C:\Users\User\Desktop\RANKOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.txt
2017-02-18 18:49 - 2016-12-09 19:09 - 00000052 _____ C:\Users\User\Desktop\secret.txt
2017-02-18 16:59 - 2016-10-03 07:33 - 00000304 _____ C:\Users\User\Desktop\SFCFix.txt
2017-02-18 16:21 - 2016-09-25 21:18 - 00001622 _____ C:\Users\User\Desktop\Rkill.txt
2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\Users\User\AppData\Local\niemiro
2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\SFCFix
2017-02-18 14:00 - 2016-09-26 12:46 - 00000000 ____D C:\AdwCleaner
2017-02-18 07:42 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 13:00 - 2016-08-22 22:19 - 00000402 _____ C:\Users\User\Desktop\aaaaaaaaa.txt
2017-02-16 10:04 - 2016-11-10 17:53 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-16 10:04 - 2016-07-12 12:21 - 00002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-16 10:04 - 2016-07-12 12:21 - 00000000 ___RD C:\Users\User\OneDrive
2017-02-14 22:59 - 2016-07-12 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2017-02-13 14:32 - 2016-12-29 08:24 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-02-13 12:51 - 2016-10-01 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-02-12 11:17 - 2016-07-12 12:39 - 00000000 ____D C:\ProgramData\Skype
2017-02-12 10:06 - 2017-01-09 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2017-02-12 10:06 - 2016-11-14 13:53 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2017-02-12 10:06 - 2016-09-23 15:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-11 16:39 - 2016-09-30 19:08 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2015
2017-02-10 13:43 - 2016-07-13 09:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony
2017-02-07 22:51 - 2017-01-06 22:38 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 22:51 - 2017-01-06 22:38 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 09:46 - 2016-12-01 08:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-03 10:32 - 2017-01-18 12:54 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-03 08:56 - 2016-12-29 08:23 - 00922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2017-02-02 21:32 - 2016-07-12 12:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 21:40 - 2016-07-28 16:59 - 00000000 ____D C:\Users\User\Documents\My Games
2017-02-01 14:11 - 2016-07-26 09:08 - 00000774 _____ C:\Users\User\Desktop\nativelog.txt
2017-01-31 13:29 - 2016-07-12 12:55 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-01-30 18:56 - 2016-12-22 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\VEGAS
2017-01-30 12:50 - 2016-07-12 12:19 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-01-28 13:15 - 2016-07-13 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games
2017-01-25 16:03 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-22 23:01 - 2016-08-01 14:44 - 00001879 _____ C:\Users\User\Desktop\SOCKS_proxies.txt

==================== Files in the root of some directories =======

2016-07-23 20:21 - 2016-07-23 20:21 - 20982175 _____ () C:\Users\User\AppData\Roaming\xulrunner.zip
2016-08-04 18:16 - 2016-08-04 18:16 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-23 20:50 - 2016-08-03 17:43 - 0007628 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2016-07-12 20:40 - 2016-07-12 20:40 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml
2017-02-09 13:31 - 2017-02-20 11:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-10 18:22

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello.From 1 month i'm infected with annoying russian adware which takes me to ad domains like for example "globalworldcityy.ru/otoxym" and "puklisi.ru".I tried to remove it with ADWCleaner,Avast,MalwareBytes,Eset Online scanner,zemana anti-malware and Sophos Virus removal tools but no one of these things helper.(I worked without instructions I have little expirience with that).Please help me.Thanks :)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.2.2017 г.
Scan Time: 9:07
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.21.01
Rootkit Database: v2017.02.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399128
Time Elapsed: 36 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\globalworldcityy, Delete-on-Reboot, [9afbb5f02b7dc3733b3e9a1f649c2fd1], 

Registry Values: 1
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30EBBC9F-2798-4778-B7B4-4675DBEC9BA4}|Path, \globalworldcityy, Delete-on-Reboot, [b1e4a6ffdecaf1453b2500b720e0cb35]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.StartPage, C:\Windows\System32\Tasks\globalworldcityy, Quarantined, [b6df00a52781c5718e84f0c99c6431cf], 

Physical Sectors: 0
(No malicious items detected)


(end)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by User (21-02-2017 09:51:49)
Running from C:\Users\User\Desktop\Malware Fighting tools
Windows 10 Pro Version 1607 (X64) (2016-09-20 09:49:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-691218479-2863476526-4080224816-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-691218479-2863476526-4080224816-503 - Limited - Disabled)
Guest (S-1-5-21-691218479-2863476526-4080224816-501 - Limited - Disabled)
User (S-1-5-21-691218479-2863476526-4080224816-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

24 HOURS (HKLM\...\Steam App 485580) (Version:  - MysticGames)
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
A4 TECH PC Camera H (HKLM-x32\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.0 - Vimicro Corporation)
A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - Vimicro)
Absconding Zatwor (HKLM\...\Steam App 385200) (Version:  - Zonitron Productions)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Alien: Isolation (HKLM\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlerite (HKLM\...\Steam App 504370) (Version:  - Stunlock Studios)
BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Break Into Zatwor (HKLM\...\Steam App 395980) (Version:  - Zonitron Productions)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Charles 4.0 (HKLM\...\{E0A65A42-FEA8-4BF1-AB8E-B28821357268}) (Version: 4.0.0.19 - XK72 Ltd)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Counter-Strike CSS Edition 1.6 (HKLM-x32\...\Counter-Strike CSS Edition 1.6) (Version:  - )
Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.35.1.6 - Valve Software)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crack NewBlue ColorFast 3.0 build 121113 (HKLM-x32\...\Crack NewBlue ColorFast 3.0 build 121113_is1) (Version:  - )
Crack NewBlue Creative Effects V3.0 Build 121113 (HKLM-x32\...\Crack NewBlue Creative Effects V3.0 Build 121113_is1) (Version:  - )
Crack NewBlue Transitions Pack v3.0 build 121113 (HKLM-x32\...\Crack NewBlue Transitions Pack v3.0 build 121113_is1) (Version:  - )
Crack NewBlue Video Essentials Tools V3.0 Build 121113I (x86) (HKLM-x32\...\Crack NewBlue Video Essentials Tools V3.0 Build ~EFB930F3_is1) (Version:  - )
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
Discord (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DISTRAINT (HKLM\...\Steam App 395170) (Version:  - Jesse Makkonen)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision)
Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version:  - Zonitron Productions)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
GenArts Sapphire Plug-ins 6.13 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version:  - insayn)
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Last Survivor (HKLM\...\Steam App 463620) (Version:  - Original Games)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mike Crash's Vegas Filters Uninstall (HKLM-x32\...\Mike Crash Vegas Filters) (Version:  - )
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series - Episode 1 (HKLM\...\Steam App 560040) (Version:  - Telltale Games)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Minion Masters (HKLM\...\Steam App 489520) (Version:  - BetaDwarf)
Monsti (HKLM\...\Steam App 526790) (Version:  - Unika Games)
Mozilla Firefox 48.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 bg)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version:  - )
NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version:  - )
NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version:  - )
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version:  - )
NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version:  - )
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version:  - )
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Overgrowth (HKLM\...\Steam App 25000) (Version:  - Wolfire)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Pixel Puzzles Ultimate (HKLM\...\Steam App 351030) (Version:  - Decaying Logic)
Plantera (HKLM\...\Steam App 421040) (Version:  - VaragtP)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.5.7.57 - Razer Inc.)
RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Receiver (HKLM\...\Steam App 234190) (Version:  - Wolfire Games)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SpeechLab (HKLM-x32\...\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}) (Version: 1.0.0 - BACL)
Spermination (HKLM\...\Steam App 363460) (Version:  - Phr00t's Software)
SPINGUN (HKLM\...\Steam App 548230) (Version:  - Fermenter Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamline (HKLM\...\Steam App 252850) (Version:  - Proletariat Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witness (HKLM\...\Steam App 210970) (Version:  - Thekla, Inc.)
Trapcode Suite v13.0.3 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.3 - Red Giant, LLC)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.4.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden
WayOut (HKLM\...\Steam App 551110) (Version:  - Konstructors)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windscribe version 1.59 build 10 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.59 build 10 - Windscribe)
Winexy (HKLM\...\Steam App 577740) (Version:  - Heaven Brotherhood)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version:  - 2D BOY)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033C4581-6095-4955-AE1D-18B48EA2D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {0650722C-556F-4689-9530-50B3A7FA162F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {0E67BFAA-FC80-4A34-89B0-509C7B1036B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {2585EB47-A12D-4171-A9C1-5907CE2078E2} - System32\Tasks\TaskSched => Chrome.exe hxxp://gjdksleeeee.ru/eloxym
Task: {357A5796-602D-4D35-9B60-514E140BBAFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {468DC828-22D4-4C44-8EE2-26F9B960E9E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CEB3BB4-8F2F-486A-A6B7-C84499DF5F71} - System32\Tasks\{5C066DAE-FB13-483C-BE23-A69C5C4EC109} => pcalua.exe -a "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]\SpeakText.exe" -d "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]"
Task: {6170626D-3C5D-4C9F-B2E9-34F61090ADEB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {6221933B-222E-45E3-8E8E-3AD711C62F71} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2016-02-08] ()
Task: {7AB6445E-57CC-48BB-A5EA-7CCA84FB5E17} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {7E3F2FA5-AF10-4AA2-A5D7-DF1867E0751E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {801754FA-821A-4AEE-AF7D-A959F9534F84} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {92333B72-C092-4CED-83F0-7946F94CD656} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {99868715-6BE5-4495-B53F-C3CFE389FBE8} - System32\Tasks\SafeZone scheduled Autoupdate 1474658096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {BD4B5B7F-5C97-4493-A05F-DEB77DAF04FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {F6801EA8-9497-48D3-B5CA-A616D2A10CDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {FB3E981A-AA84-4FF4-84DD-F8309D93B584} - System32\Tasks\{179AE184-A649-4CA8-A3D0-6C614864584D} => pcalua.exe -a "C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers\Social Club v1.1.5.8 Setup.exe" -d C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\User\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\771f8bd89de33137\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-19 21:10 - 2016-07-19 21:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-08-02 19:04 - 2016-07-24 01:38 - 00047208 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-30 05:23 - 2016-06-30 05:23 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-20 20:51 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:18 - 2016-12-21 04:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-07 22:51 - 2017-02-01 06:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 22:51 - 2017-02-01 06:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-10-30 10:26 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe
2016-08-02 19:04 - 2016-07-24 01:38 - 07647848 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-01-23 07:07 - 2017-01-23 07:08 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-02-18 07:42 - 2017-02-18 07:42 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 07:42 - 2017-02-18 07:42 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 07:42 - 2017-02-18 07:42 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 10:00 - 2017-02-07 10:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2016-06-27 12:22 - 2016-06-27 12:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-20 21:09 - 2017-02-20 21:09 - 05876224 _____ () C:\Program Files\AVAST Software\Avast\defs\17022002\algo.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-12 10:35 - 2016-08-12 10:35 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2016-07-12 18:53 - 2016-12-23 15:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-12 18:53 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 00638976 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2016-08-02 19:04 - 2016-04-26 22:04 - 01264128 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-13 10:53 - 2017-01-13 10:53 - 01082880 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-13 10:53 - 2017-01-13 10:53 - 03750400 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-13 10:53 - 2017-01-13 10:53 - 00914432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-13 10:53 - 2017-01-13 10:53 - 01127424 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\keyhook.dll
2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\SpeakTextCom.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-10 13:41 - 2016-08-01 13:20 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-01-12 08:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-02-21 09:48 - 2017-02-21 09:48 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\8042.tmp.node
2017-01-13 10:53 - 2017-01-13 10:53 - 02658304 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2016-12-14 12:27 - 2017-01-05 00:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ:1 [898]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 04:24 - 2016-12-03 08:56 - 00000116 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.100.1 - 198.41.0.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DBDCB109-955C-4942-8527-AFA42960EAAA}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe
FirewallRules: [TCP Query User{8CE20F01-1CCD-4410-86B0-C4CF7FEA37C6}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe
FirewallRules: [{E011C6A1-7651-4FAD-8E09-99F7CEA118CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BADF7BF-E48F-4A25-AB9F-5A14C5CC32E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{2C01EF1C-35D0-49D4-8CC5-55319149F0E0}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D3D2C64C-6231-4D41-B3C0-4AC77359CF41}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe
FirewallRules: [{47F4AEF8-48EE-4EB3-AC9C-03CA0B2D102B}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5951E8A7-DDDC-4B36-B326-2D087F9AC8E5}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe
FirewallRules: [{4ED8F7F7-A7A5-4001-B42A-942424D97E81}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe
FirewallRules: [{BBCD2C6D-E774-476B-90AE-69FBE65BA5C7}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3341384-1A64-4E4F-9416-5D1BDA6D1B61}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe
FirewallRules: [{427714CC-A96E-44D7-9E0D-1A39057908CC}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe
FirewallRules: [UDP Query User{4D6D4A2D-2A13-4E51-A557-167F84D23718}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe
FirewallRules: [TCP Query User{5F96416E-CDE2-48EC-ADC1-9733174C8067}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe
FirewallRules: [UDP Query User{E1FEF267-D6E7-4419-9C1A-3F0CD63167C6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{5AC975BD-BEBB-4554-A782-B852B0DDF0A7}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{D07A55E2-534B-4A79-8E28-54AC84E14FF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DB2F543D-4785-4122-8FFC-D448EE29778F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{AB3946FD-4208-4E40-870F-42E1DCA1BA36}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe
FirewallRules: [TCP Query User{98A40DD3-8AA4-4736-B9CF-CD9D98F012FF}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe
FirewallRules: [UDP Query User{04005185-2EF0-489A-8FDE-F323FE07816D}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{924ACA3C-A74E-4D08-9199-8B8F546148B2}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{120C565E-B894-4C86-BF94-0B0B50185252}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{33A206E9-2C9D-417A-9DBF-1C94A4DE156D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E4F6FF23-1439-492F-8A75-B97B11CECAD7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{98C53AF6-FF7D-48B4-8DF4-1B696CDB64CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2AB8580D-6BE2-45B9-B646-92B65C3C2374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{987D3D80-BA00-4C26-8003-3E93F727F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1865D1D6-89F6-4CBF-AF67-8A024D3E36DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9FED75D9-A3B1-474A-B0FC-BB05F83A15FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A682E27-8475-4089-BB91-E8AC431B06E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{75A964A0-82AB-4766-8BB2-F53CFDF6E874}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{04595A0D-32AF-4023-953A-118169CA1F02}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{89446BC2-5F21-4756-BF54-223F2B6BF3B6}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{23F75D1A-A81E-4982-84CD-224F413EA478}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{F607EE37-6B9B-4443-860C-91715CFBAA1E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E12B1A35-4636-449D-987F-670928EA3D31}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3801F88B-5471-4857-9768-26364727A9C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15D60289-A385-4F45-9728-6B03FEB46E0E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{DE4C9ED2-C757-4710-A881-BEB4A7C62DA8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{303C1E4B-DA58-42E7-9404-785D806BE847}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C6083222-6B6A-4432-8C02-42B0600CFE5C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D475B9C9-FD81-445D-807D-69F396B0EB5E}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{A999C29A-E1DB-4E85-8AAF-43497101F34F}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D0263CE3-8D4B-4A11-B90A-8A70C51504B2}] => (Allow) C:\Users\User\AppData\Local\Temp\is-N3OMN.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{7B18ED13-B200-4925-A189-70EEAEE2FCFE}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe
FirewallRules: [{5AF9732A-0B32-48C8-8DBE-8298B12133F5}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe
FirewallRules: [{47D684F7-14F2-4E50-A538-6A6BE2D92370}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{D34F7BAF-5BF1-47AC-BA10-86190911031D}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe
FirewallRules: [{D2D03F12-E0A2-4F9B-9BED-9E5BF0F54301}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{72F22AA6-8F9C-403B-8EC1-4D09622E19D6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{ECE9D62E-798E-4739-A2EA-BE7A1C84A266}] => (Allow) D:\Niche.v0.0.7\Unity\Editor\Unity.exe
FirewallRules: [{79F44869-7B74-4BB6-B246-B3AC7C9E4C8B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{3398C9EA-3672-4BF0-A2A7-E4CDAB272BFF}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{320FB54C-A1CC-4890-9A11-5E1961F2AB4F}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [TCP Query User{00DFE3AA-92B0-4DDE-9520-19914B62F214}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{4888F1C6-830E-4C8F-99BB-A4E76C27815F}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [{2CD5D846-3D3E-4236-93BF-B2EB7B9EC2F6}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{51AF039C-0028-4E92-A518-6CBBA1DF424B}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{80A09AA2-7818-4105-90F9-8D3D71103E2C}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{B9A135AA-423E-4FF6-B7C4-C293CA6F2499}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{92FB818C-BFFF-42E0-B7B8-C811146414A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{B976F08A-E3AA-4E1C-914E-2D49F9B73CA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{BCAB5365-6FF0-4DB9-9F5D-B0CD7599D378}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{A593528B-5B77-4665-AEE5-3D337248B40E}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{4DACDA58-61CA-4031-A428-11456B325C2F}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BF25891A-45E1-493D-9BED-6E05518E7768}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3C89CEB6-22C5-4C81-8CFE-C1E1AD6AE5B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8916E4CD-B934-4730-B151-4FC22E837ED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8263EF20-9F8C-4FD7-8D76-06C28187B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC2A2203-C249-4370-86EA-59A8D5212EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C056DD5F-E720-41D4-938F-0278DF0D54DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A9CA1CF-86C1-436E-B032-3E20DD07A098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE628170-CBB4-4C23-AB24-6BC0F1592C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{216B706A-C3A5-4E3C-8771-B360020B75C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12AA05A6-3627-41DC-92F3-F08986F4F78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF623493-0926-4AE0-A8D5-E217FFBE6447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B30BFEF-3F88-44C9-AC1A-4DC546FDB195}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe
FirewallRules: [{7CE6A016-CF4E-4D29-992E-B8EE4599E4CD}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe
FirewallRules: [{27940FC2-9FE7-4A8F-84AF-A06E85A83F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D34E463-080F-443F-9FA9-4ACCA24206BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B95C3AAA-3F4E-4E1D-A208-29C3545565B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B906CCF4-80D5-4CD4-9603-9FF84100A699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{326FE78E-F351-4C87-A16C-381780157764}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe
FirewallRules: [{64676190-BE73-4980-AEAF-42199748B6CE}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe
FirewallRules: [{5EC935AB-5534-428B-8FBF-0BC47240D9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{62872165-6851-4022-AFCF-7E906D667396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D75EA28D-AD7A-4E85-892A-891C46FFF86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{640BE1DE-2ADD-4C8E-864E-7E7D3D10B91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{19FFB3D8-2F76-41DF-AB01-50467813A802}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{2972D3A0-A9B9-4CBF-95A1-2A666A72F68A}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{0CD8E2FF-4545-4B4B-8D66-7BF1F74AC9DF}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{46032CDC-75CF-4692-8C8A-36957C521A57}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe
FirewallRules: [{9C7EE8F1-B35E-4863-8B1A-3ED8454EA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99EA8F68-80AA-4055-A01C-43699DAA91E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03D95A6A-685F-466C-98C0-D986B12D4B88}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{BCF1B717-B045-4C3F-8CAE-DBD5A8AA7C67}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{60A19530-8208-47E7-94BC-6F6A9D93FBE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C9D1EAB-ADDF-4A75-A396-83C4C4BF9E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{782ABA6B-6DC4-4152-9236-ADD9B5BD74D9}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{365F048E-AB85-4013-BB14-692C1637B372}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{C6FD957D-E4A9-4549-A970-1838E36A729E}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{EA88F506-853D-4912-BF70-D45FF5AB6FF8}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{EEF4523A-396C-44FA-B5BE-15CCF763FA30}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe
FirewallRules: [{F4B21E1A-C35B-4D80-ABFD-CFBA43203F1C}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe
FirewallRules: [{60252435-A527-434F-9DF2-B27FFF5CD23F}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{EBB9C111-D496-49D6-BEF3-E3001E8BE4FF}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{B3C0745B-4228-47F5-89B7-2210665BE324}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe
FirewallRules: [{9F2FBEB0-EB57-4BA3-95C7-AB58E43AC4D7}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe
FirewallRules: [{CDF9E0F7-31C2-4ED7-A3E2-E5F9F5FAE255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D5D52F3-CDC6-41A4-BEC6-289583DD0DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59724E98-D62D-4A59-825A-ADCEE2FD4903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AD44064-164F-44B2-A93E-34EF50531C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{B5F86C54-0C5E-498E-87B6-DB1B058B0725}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{D4FA88F0-E58E-4FBE-9105-BBF8271204C3}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{FF8E5D2B-1326-48FC-8E2E-AC8A39249884}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{6BC8A1B4-1DA4-4D44-A479-2B0ACCB116A2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{423011CF-44C8-49E6-B8F3-DC43A28BCC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC7506D9-F22D-45DC-BEE9-815333852564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E4A0B77-D02D-4AE7-AB3A-C0BDAA87C3E1}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{41A8E798-0F8E-45D1-8432-93BCC53F010C}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{58B807C3-12A1-4F88-86D3-401E0E5D893B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{38E77F40-5823-4948-A0BD-75E1A0329F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{912FB4D6-6906-4841-B32F-8B210D5932EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3556B14-A9C5-4149-B0E5-B86D8D4FBC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36C6FAE7-A1B4-467D-8DA6-2D3E84AEFDBE}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe
FirewallRules: [{203530C5-6FE9-48D2-813C-2D07BA401471}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe
FirewallRules: [{F7E08E27-5A8A-4F36-B3B8-41A77142B6D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35B84057-4BE5-4F37-8017-38C5C92F176D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90FF37EE-6DE0-4BCB-A38A-0527EBFB9934}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A6667DFF-1DC3-461D-921F-839E982B6711}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{827B06E0-3EED-460F-9A45-13CA94E3CD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00C3DA68-1FAD-4CE7-8293-715F55F7D764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1117CAD7-9760-494E-9B86-CEF11A2B7499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F639E9C8-3166-4DFD-843E-3EDF757AB1A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{630A32F3-91D6-407A-A39C-76F0B21DA9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB36951C-9C64-4581-8421-DE80AE6068D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24D02B91-4A4F-4A67-9620-105BF2723A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78D553BB-4727-4E3A-A2FA-38755C8A105E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03AA0DB2-CD73-4DCB-BD67-CC434CC9E11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DD0252A-5C13-4172-BC0A-58303FD5826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F46B26E6-231B-4527-AA28-53420113F5A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C46B344-FE98-44AD-9225-6E2A5B30A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{835C5F12-A684-4118-BB4B-66127C15448E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3767BB1-C791-45D3-9485-E93CB7B6FA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7EE37BB7-48F4-4915-B83B-5FAC8A0FC556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8D5EE1B-3999-4A11-9806-1A0A38E46794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{725B656F-96A7-4C74-B4F3-6780E1F0D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C97DF80-850C-4F31-B2CE-D94657968D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D6284FE9-50A1-4B2B-A10E-27B0ACD30DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{465CF54E-D5DE-4A56-A05B-B0240DD44CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5DFB7ED5-9F6A-4CD4-9ACC-EC6DBBAE8A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe
FirewallRules: [{76427E99-8ADD-4DAA-81C4-417B7B8D5803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe
FirewallRules: [{621937BD-D981-4C95-80FF-96A1D859EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe
FirewallRules: [{49D86B97-9DDB-474C-BDF6-46AAA7A22AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe
FirewallRules: [{CB826F54-CF36-47CF-9771-5468BD358D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{43B14C39-2595-47AD-A846-7C4639322005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BFE472BA-4B51-4E1B-B9F2-B5E45EC83B62}] => (Allow) C:\Users\User\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{88EDA688-0FB6-4A62-9531-D90EB7EC8304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{56238A4E-6EC3-4A06-864D-8D4CCE1A8D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4045F01-3122-4AD9-89C0-8EC145FB05B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B817A402-3E58-4F00-A835-D22606A17D37}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{662193E9-A68A-4D55-9307-3C996B63617D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F4E404A0-EDC9-4DDD-BF47-7EBD0D1BF49C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C2438BBE-39A7-4563-BFA8-E2A7C232EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC29D20A-6294-4468-9F60-9D63F50FAAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A8C0776-7287-4D0A-8B3D-4E374F50C99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70B16ACD-0BDA-4D0A-92E7-4F844B81CEAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7AAD675-94C9-402E-A31E-F4F8C3DB6AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7DCC45EF-FD28-4192-9DB1-4120267D3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F24F3A0-91C3-47D8-A09D-B90624B51889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D29D4F65-F763-44CA-B4A0-7951FB1AC9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F7B7C1E-9B81-4B26-9222-6308D447D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F2AA15F-AC41-41D4-B26C-4BE7879BF73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B94FEEFC-8B36-4D6F-AEA2-B79160809F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFA76159-E71D-4B66-B531-528E772AABB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{294C5491-44EF-4C32-833F-7A47B92D3E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0049852-166A-430B-ABDC-E31AFEE48208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1633295D-608E-4823-B8C9-F3F64304DF2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88EB08EA-20FE-40A8-B4DA-5478DE1C6070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D820E99A-5447-4D30-968F-564DC7788283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6868A4E1-9064-48FD-AFD5-18A89C12D027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88CBAD27-EEF2-412D-B520-45BCBE9D5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB9D0FCD-6EF0-41B1-A98E-B8BF9DE8DB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B335EB47-7C62-4F86-81EB-21EB578CD69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F83D012-4B18-494C-B2DB-50F9B236F603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89BF9A08-A450-452E-BFC1-E47CABA9C2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22B41573-BC17-4BED-92B5-03B166A8FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2DC8C65-2FEC-48BF-8EDC-F7610D09E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6098D482-AA02-4D27-8FCA-8E53529DE329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44835A16-B98F-4E9C-B20C-D55D7FDDC723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CC61F07D-9938-4F86-8ECA-F52EBB314826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{761EB03A-7B83-4798-B117-270023D645FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E084600A-41D5-45C3-BA83-184C1DFD8244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC7664F2-15A6-4A5E-BA30-FD0101986538}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B38C225E-2605-4465-BE47-9581E1B3FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CA93BEE-A804-4351-A83A-380CC15BEC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DBF2A0C7-4384-46D0-8A46-6EA75B99C6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0DFB5ACB-2F92-4B26-8A00-27BC796CC478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{026A940B-BB99-43FE-8F1F-F47903A19317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{432B677C-3DEE-4839-83B8-CBAC272C2A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe
FirewallRules: [{94F1BDAC-7A35-44D0-AE9B-06E15F391CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe
FirewallRules: [{3540031F-3367-4235-80B0-93077A812E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{4C645D74-AA82-466E-8520-320BFBACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{DBAE94C8-EE3F-4DDA-AC0F-C6935A69383C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe
FirewallRules: [{143EDC98-D87C-428B-AB79-47A302A09757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe
FirewallRules: [TCP Query User{FDE537CA-E52A-4D25-9F6B-FD6EC755942D}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{039A8AAB-ABDC-4800-9763-7F90019E56D7}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe
FirewallRules: [{92D2975F-0BB2-4FE1-A936-629F32C7AED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DACFF985-FF59-4A3E-BF2B-780C9D6A6055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E75A87A-5A4E-4ED8-A03A-6B54CC46A85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5D1A7149-2EF4-4685-9815-677DAD18901B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8312F4C7-5536-4089-BD16-91DEF34305D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B3D074A5-F6D4-4935-96B9-F689C845C60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA7BB3DA-A40E-4456-9516-C89FCD92E199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0262FA2-2B8A-4222-BF9B-257FA27BA6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6989BDFA-687B-48EA-AA8A-A5200A2B353A}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe
FirewallRules: [{083C1360-085E-4525-817F-F90C2C557CC1}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe
FirewallRules: [{C6CA2DD7-326B-49DE-B6AC-3D87DF664902}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe
FirewallRules: [{DBFBDD33-482A-491F-9188-19DEF84EA576}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe
FirewallRules: [{E6557E5E-B934-420A-B65D-9934B5ADA2C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89579B47-3D96-45FD-AB2D-17494569E478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7ED65494-7B82-44B0-B3E6-E6EF4734579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF4B0940-FD83-41E2-9BAE-7F11AFC61529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3631F91-5BEC-4F92-8EBB-5F2547A82356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{038EE9D5-17A0-4150-ACF2-428EAAC45D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07A81033-B7A7-4C54-8D9D-5C02EB2155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68FCFBAA-6ABC-4857-A106-AACCD03632D0}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{CB83078D-B89E-492D-8324-57F82B85F7B3}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{A9EEBBF2-08B1-4E34-A9B7-92A11616D326}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{8696CAE3-BC47-48D9-B41F-575582000442}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{C85A76F9-3277-471A-A52B-AC30A11E2683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF172423-3DB3-4FAF-84A1-53D28E503B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23ACCB44-F3FF-4692-BAD4-74C883712C44}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{46D86578-0ADF-4724-9522-89069D5A4D16}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{9A1727CD-78DD-4CE3-89C6-712472CF6F96}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{3CCFD425-FF43-44F6-A851-E06AE52C09F7}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{6C96897F-08C9-4621-B756-D5F539FD5E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D34C83E2-7DFE-43D5-8623-2FC92E639A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{109F9CB0-6C76-4035-8711-5953365A529B}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{759715BE-4C86-4840-9835-AA7B293C3665}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{F518E36F-8DC9-42F3-B4EA-4C3922756AA3}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{A996469D-C3DE-4BD2-BEBE-74AC2CCD95B7}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{5EB33C3D-10D8-41BE-A53A-346FB28A9CD1}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{D9903764-0E03-46DE-9E39-7A5F808FFF0D}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{953B1213-B3E1-4A8B-92F0-410BDE9C56E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C1F8611-EF12-4C66-8FEE-65E178BCC9A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F8589C90-AA03-4ECC-8144-1E37D929ECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{328AFA16-6784-4DB7-BD14-0ED2D494AA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FA06BD2-3501-4D2A-8E5B-7310232281AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1FD13A20-E497-4505-874F-C3DCB875719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC754828-832E-4D2A-8223-3E0A14610618}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe
FirewallRules: [{CBBE9FC0-9003-4178-943F-55402DA95729}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe

==================== Restore Points =========================

12-02-2017 10:02:40 Windows Update
15-02-2017 14:43:17 Windows Update
19-02-2017 14:53:59 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2017 09:46:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/21/2017 09:46:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/21/2017 09:00:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vegas130.exe, version: 13.0.0.453, time stamp: 0x55720ce9
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x29dc
Faulting application start time: 0x01d28c36350db08e
Faulting application path: C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 92c30872-2ac3-497c-83d7-78e2b6c68df8
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/21/2017 08:54:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 08:53:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 08:38:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 08:37:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1596) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/21/2017 07:58:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (02/21/2017 07:56:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/21/2017 07:56:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.


System errors:
=============
Error: (02/21/2017 09:49:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital).

Error: (02/21/2017 09:46:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 09:45:35 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (02/21/2017 09:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 09:00:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 07:57:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 11:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 10:53:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 01:14:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-02-21 07:53:18.205
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-20 20:00:46.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-20 19:14:10.940
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-20 19:13:57.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-20 11:06:22.707
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-18 20:39:14.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 20:39:09.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 21:36:50.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 21:36:03.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-14 12:46:38.849
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 36%
Total physical RAM: 8127.55 MB
Available physical RAM: 5144.28 MB
Total Virtual: 18367.55 MB
Available Virtual: 14500.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.65 GB) (Free:35.98 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:66.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B4E1C60)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by User (administrator) on DESKTOP-EF75065 (21-02-2017 09:49:54)
Running from C:\Users\User\Desktop\Malware Fighting tools
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Vimicro) C:\Windows\vmsnap3.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
() C:\Windows\Domino.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
() C:\Program Files (x86)\Windscribe\Windscribe.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Българска асоциация за компютърна лингвистика) C:\Program Files (x86)\BACL\SpeechLab\TTSProfileDlg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-29] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [49152 2006-07-04] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-08-19] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-23] (AVAST Software)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1368816 2016-07-04] (Bogdan Sharkov)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] ()
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [iCall] => D:\James\iCall\iCall.exe
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1367432 2017-02-10] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk [2016-09-20]
ShortcutTarget: Configure Bulgarian Speech.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 198.41.0.4
Tcpip\..\Interfaces\{89a31647-e35c-41e6-954a-95b1caae8c97}: [DhcpNameServer] 192.168.100.1 198.41.0.4

Internet Explorer:
==================
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-691218479-2863476526-4080224816-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: uq6to8j3.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default [2017-01-21]
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-23]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-21] <==== ATTENTION
CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-11-17]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (Повиквания в Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-30]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-19]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Video Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-02-18]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-18]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28]
CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-02-01]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-28]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-01]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-28]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-23] (AVAST Software)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-29] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-08-01] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmdag.sys [32699928 2017-02-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmpag.sys [525848 2017-02-13] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-23] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-10] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-10] (ELECOM)
S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42184 2015-02-03] (Anchorfree Inc.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.)
S3 vvftav303; C:\WINDOWS\system32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-26] (Zemana Ltd.)
S3 ZSMC0303; C:\WINDOWS\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 09:47 - 2017-02-21 09:47 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignefef41194696fd6e
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndf4ac25f12e3024d
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign768d43647244ab66
2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-02-20 19:07 - 2017-02-20 19:07 - 00000222 _____ C:\Users\User\Desktop\Last Survivor.url
2017-02-20 11:10 - 2017-02-20 11:10 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-02-20 11:05 - 2017-02-20 11:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\AMD
2017-02-20 11:02 - 2017-02-20 11:02 - 34980000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170213_64bit.exe
2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c8a9d4eedf6ef7f
2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign55b33519653644d7
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda721cd187df812e
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbc772f732524804e
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5e7e968daba52c09
2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc25247caae1bdb34
2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8c85c7abbfb4329a
2017-02-18 13:57 - 2017-02-18 13:57 - 00351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign26ec685e02fca897
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign21c2d6389996e986
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1274dbcc845009c8
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbfd57de5041bf42d
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5000216ff848b5ff
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c67bf6492556570
2017-02-16 11:45 - 2017-02-16 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna2e887b47527c44d
2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5a321afbfa278a0f
2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2f93566971e86c30
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9c1f673b3cde819e
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign85eb0e50dca07ba1
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1662e630b5faedcf
2017-02-15 09:38 - 2017-02-15 09:38 - 00000222 _____ C:\Users\User\Desktop\Receiver.url
2017-02-15 09:38 - 2017-02-15 09:38 - 00000221 _____ C:\Users\User\Desktop\Overgrowth.url
2017-02-15 09:26 - 2017-02-15 09:26 - 00000221 _____ C:\Users\User\Desktop\World of Goo.url
2017-02-14 22:48 - 2017-02-15 09:24 - 00000222 _____ C:\Users\User\Desktop\The Witness.url
2017-02-14 22:40 - 2017-02-14 22:40 - 00000222 _____ C:\Users\User\Desktop\Stardew Valley.url
2017-02-14 22:23 - 2017-02-14 22:39 - 00000000 ____D C:\Users\User\Downloads\The Witness - HI2U
2017-02-14 20:09 - 2017-02-14 20:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc86765212109eec5
2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign958d8a35021e9629
2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1908629696da59f2
2017-02-13 22:24 - 2017-02-13 23:12 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ
2017-02-13 14:32 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00924696 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-02-13 14:32 - 2017-02-13 14:32 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-02-13 14:32 - 2017-02-13 14:32 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign857deb0bdb73acb8
2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign419e7ed1de275020
2017-02-13 13:10 - 2017-02-13 13:10 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign605236e60ce9aaf4
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignff63bc284cbd90cf
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c95620aa64e4fdd
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign30f42fb39380d4db
2017-02-12 22:23 - 2017-02-06 21:18 - 00000681 _____ C:\Users\User\Desktop\Nicks.txt
2017-02-12 22:23 - 2017-02-06 13:23 - 00763365 _____ C:\Users\User\Desktop\Bot3.91.jar
2017-02-12 22:23 - 2017-01-19 20:20 - 00026936 _____ C:\Users\User\Desktop\S5Proxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00007803 _____ C:\Users\User\Desktop\SSLProxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00002770 _____ C:\Users\User\Desktop\S4Proxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00000000 _____ C:\Users\User\Desktop\Alts.txt
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign80b7e0bbbacd2a06
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4270bfa142f5acb4
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign27e4e8f0c55f07f5
2017-02-11 18:55 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\ezBlueCC.aep Logs
2017-02-11 18:53 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\Adobe After Effects Auto-Save
2017-02-11 18:22 - 2017-02-11 18:22 - 00000222 _____ C:\Users\User\Desktop\Alien Isolation.url
2017-02-10 09:21 - 2017-02-10 09:21 - 00127368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2017-02-10 09:21 - 2017-02-10 09:21 - 00108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2017-02-09 19:54 - 2017-02-09 19:54 - 00000000 ____D C:\Users\User\AppData\Local\RadeonSettings
2017-02-09 13:31 - 2017-02-20 11:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-02-09 13:30 - 2017-02-09 13:30 - 34425000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170208_64bit.exe
2017-02-09 13:12 - 2017-02-09 13:19 - 00012572 _____ C:\Users\User\Documents\config.yml
2017-02-09 10:34 - 2017-02-09 11:39 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-02-09 10:34 - 2017-02-09 10:34 - 00003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-02-09 10:34 - 2017-02-09 10:34 - 00003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk
2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Gyazo
2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2017-02-08 20:54 - 2017-02-08 21:08 - 00000000 ____D C:\Users\User\Downloads\MAGIX Vegas Pro v14.0.0 Build 161 Multilingual Incl Patch [Androgalaxy]
2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3d12282ab427bec8
2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign39239f78e02ca690
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign74eee52f224163ee
2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbd85422d21ec8249
2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb0c2129923b984ce
2017-02-06 22:27 - 2017-02-06 22:27 - 00000222 _____ C:\Users\User\Desktop\Winexy.url
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6ca18dacb411151
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0cdddfd4925af2e0
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign05a481d55b765b7a
2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncbf821141236de50
2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5b8ac7667ca308c7
2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a8db63a16d3873c
2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3a12c5d343562aa8
2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign88c394360d62b8f4
2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4d492f4d4cf17716
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignacf42cedff92350e
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign920bc04b317f3c5c
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign41acb30f43380c4f
2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf20ed834c64bce5a
2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign78852940e8698bfe
2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign980e1cdbc4ad1924
2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign856a6ec98db30213
2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf452e097946deb14
2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign208dc8b221361bd5
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignec3bc5d70bf4401b
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9e28fbe3fe233ff2
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2887591d55266b17
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf6b44f2e4cabd0f4
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignab87d13b5f08e818
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign19ca0aef7dcdb624
2017-02-03 10:32 - 2017-02-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-03 08:56 - 2017-02-13 14:32 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-02-03 08:56 - 2017-02-13 14:32 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe
2017-02-03 08:56 - 2017-02-13 14:32 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00170008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-02-03 08:56 - 2017-02-03 08:56 - 00248728 _____ C:\WINDOWS\SysWOW64\SETA5CD.tmp
2017-02-03 08:55 - 2017-02-13 14:32 - 09881624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 07928856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 02504728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 02186264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00536600 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00892440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00716824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-02-03 08:54 - 2017-02-13 14:31 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-02-03 08:53 - 2017-02-13 14:31 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-02-03 08:52 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-02-03 08:52 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-02-03 08:51 - 2017-02-13 14:31 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-02-03 08:51 - 2017-02-13 14:31 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-02-03 02:24 - 2017-02-13 14:32 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-02-03 02:24 - 2017-02-13 14:32 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbf476638c5dc2fb2
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb43b7346a26da930
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0681dd8df1c9c9f4
2017-02-01 23:06 - 2017-02-01 23:11 - 00000527 _____ C:\Users\User\Desktop\New Text Document (3).txt
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Fiends of Imprisonment.url
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Break Into Zatwor.url
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Absconding Zatwor.url
2017-02-01 19:17 - 2017-02-01 19:17 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\Program Files\CPUID
2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7af2337b62eca833
2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a79f6746ae3a888
2017-02-01 17:28 - 2017-02-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-02-01 17:27 - 2017-02-20 11:10 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 17:25 - 2017-02-09 13:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-01 17:25 - 2016-12-15 21:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-01 17:25 - 2016-12-15 21:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-01 17:25 - 2016-12-15 21:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-01 17:25 - 2016-12-15 21:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\ATI
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ATI
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\ProgramData\ATI
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc1b4321d69503d89
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb64107e48a10520e
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0ca5cf2df4cd7b05
2017-02-01 14:03 - 2017-02-09 13:34 - 00000000 ____D C:\WINDOWS\LastGood
2017-01-31 15:26 - 2017-02-01 14:13 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2017-01-31 15:24 - 2017-01-31 15:24 - 00000000 ____D C:\WINDOWS\system32\яяяяяяяяerStore
2017-01-31 15:23 - 2017-02-21 09:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-31 15:23 - 2017-02-20 11:02 - 00000000 ____D C:\AMD
2017-01-31 15:23 - 2017-02-01 17:28 - 00000000 ____D C:\Program Files\AMD
2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ff7b4e41c5008c7
2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ac6517316836db7
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne67f0245aa8e982d
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda8c29a69208b22d
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign47ea9b80be2f317d
2017-01-30 21:04 - 2017-01-30 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43cb80db0f33b781
2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9183e6f170dfbfad
2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1ac2641ef8248637
2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg.bak
2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg
2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb37f7d541af60a3f
2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign003627890c2564f3
2017-01-30 13:39 - 2017-01-30 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbcd33d395956c38e
2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8ca3b849d96dd188
2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa23bfac505a06e8
2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3bc1033ae442c0f0
2017-01-29 20:01 - 2017-01-29 20:01 - 04039535 _____ C:\Users\User\Documents\ezBlueCC.aep
2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna9c1c409d0138a6d
2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3ab36616700399dc
2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9362115c96600750
2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign556ef54085dadc11
2017-01-29 14:41 - 2017-01-29 14:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb3fd7c8b529bf327
2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9539e6bc494fa519
2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5f511921f3a57edb
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne7ac829965aebc49
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb8864999a988e18a
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb76ded90fad24975
2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncd9cd9bd1d66a919
2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign183c617a5be2fd95
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndefb682f86df1e11
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb216085f45055496
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8898d78a46fbfb65
2017-01-25 21:35 - 2017-02-04 13:40 - 00000000 _____ C:\Users\User\Desktop\New Text Document (2).txt
2017-01-25 12:49 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 12:49 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 01:29 - 2017-02-13 14:32 - 01262616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-01-25 01:29 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-01-25 01:29 - 2017-02-13 14:32 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-01-25 01:29 - 2017-02-03 08:56 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SETA51C.tmp
2017-01-25 01:29 - 2017-02-03 08:55 - 01355672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETA18E.tmp
2017-01-25 01:29 - 2017-02-03 08:55 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETA72C.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 01351192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET472F.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 01015832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5028.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00909336 _____ (AMD) C:\WINDOWS\system32\SET84E.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00305176 _____ (AMD) C:\WINDOWS\system32\SET5D6.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00258072 _____ C:\WINDOWS\SysWOW64\SET4E3C.tmp
2017-01-25 01:29 - 2017-01-25 01:29 - 00038424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET4BE5.tmp
2017-01-25 01:29 - 2016-12-29 08:23 - 00029072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SET512C.tmp
2017-01-25 01:29 - 2016-12-29 08:21 - 01355664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SET4D31.tmp
2017-01-25 01:29 - 2016-12-29 08:21 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SET5648.tmp
2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndd4d997659f04a51
2017-01-24 20:50 - 2017-01-24 20:50 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign14960739aefee3df
2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5d86ad4db91613f4
2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3209b14e9177834e
2017-01-23 20:45 - 2017-01-23 20:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0b12dcaad71907ca
2017-01-23 18:27 - 2017-01-24 21:28 - 05403221 _____ C:\Users\User\Desktop\Австралия – Природни зони.pptx
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncec8b6d6eacebce7
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4fa2e7d167b1ab01
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1afa1f635f90e65c

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 09:50 - 2016-09-26 17:52 - 00064874 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-21 09:50 - 2016-09-26 17:52 - 00033760 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-21 09:49 - 2016-09-25 21:52 - 00000000 ____D C:\FRST
2017-02-21 09:49 - 2016-09-25 21:21 - 00000000 ____D C:\Users\User\Desktop\Malware Fighting tools
2017-02-21 09:48 - 2016-09-24 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 09:48 - 2016-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-21 09:46 - 2016-09-21 16:49 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-21 09:46 - 2016-09-20 06:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 09:46 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 09:45 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PLA
2017-02-21 09:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 09:20 - 2016-07-12 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-02-21 09:00 - 2016-08-31 17:25 - 00000000 ____D C:\ProgramData\rgt
2017-02-21 08:57 - 2016-07-12 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2017-02-21 08:15 - 2016-07-15 19:31 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2017-02-20 23:01 - 2016-09-20 06:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-20 22:10 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-20 22:09 - 2016-11-18 21:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-02-20 19:07 - 2016-07-12 20:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-20 18:30 - 2016-07-14 17:03 - 00000000 ____D C:\Users\User\Documents\OFX Presets
2017-02-20 17:10 - 2016-07-12 12:23 - 01649248 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-20 17:07 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-20 13:08 - 2016-07-29 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-02-20 11:04 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-18 22:26 - 2016-07-28 17:06 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables
2017-02-18 18:54 - 2016-08-01 21:01 - 00000022 _____ C:\Users\User\Desktop\RANKOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.txt
2017-02-18 18:49 - 2016-12-09 19:09 - 00000052 _____ C:\Users\User\Desktop\secret.txt
2017-02-18 16:59 - 2016-10-03 07:33 - 00000304 _____ C:\Users\User\Desktop\SFCFix.txt
2017-02-18 16:21 - 2016-09-25 21:18 - 00001622 _____ C:\Users\User\Desktop\Rkill.txt
2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\Users\User\AppData\Local\niemiro
2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\SFCFix
2017-02-18 14:00 - 2016-09-26 12:46 - 00000000 ____D C:\AdwCleaner
2017-02-18 07:42 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 13:00 - 2016-08-22 22:19 - 00000402 _____ C:\Users\User\Desktop\aaaaaaaaa.txt
2017-02-16 10:04 - 2016-11-10 17:53 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-16 10:04 - 2016-07-12 12:21 - 00002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-16 10:04 - 2016-07-12 12:21 - 00000000 ___RD C:\Users\User\OneDrive
2017-02-14 22:59 - 2016-07-12 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2017-02-13 14:32 - 2016-12-29 08:24 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-02-13 12:51 - 2016-10-01 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-02-12 11:17 - 2016-07-12 12:39 - 00000000 ____D C:\ProgramData\Skype
2017-02-12 10:06 - 2017-01-09 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2017-02-12 10:06 - 2016-11-14 13:53 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2017-02-12 10:06 - 2016-09-23 15:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-11 16:39 - 2016-09-30 19:08 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2015
2017-02-10 13:43 - 2016-07-13 09:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony
2017-02-07 22:51 - 2017-01-06 22:38 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 22:51 - 2017-01-06 22:38 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 09:46 - 2016-12-01 08:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-03 10:32 - 2017-01-18 12:54 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-03 08:56 - 2016-12-29 08:23 - 00922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2017-02-02 21:32 - 2016-07-12 12:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 21:40 - 2016-07-28 16:59 - 00000000 ____D C:\Users\User\Documents\My Games
2017-02-01 14:11 - 2016-07-26 09:08 - 00000774 _____ C:\Users\User\Desktop\nativelog.txt
2017-01-31 13:29 - 2016-07-12 12:55 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-01-30 18:56 - 2016-12-22 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\VEGAS
2017-01-30 12:50 - 2016-07-12 12:19 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-01-28 13:15 - 2016-07-13 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games
2017-01-25 16:03 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-22 23:01 - 2016-08-01 14:44 - 00001879 _____ C:\Users\User\Desktop\SOCKS_proxies.txt

==================== Files in the root of some directories =======

2016-07-23 20:21 - 2016-07-23 20:21 - 20982175 _____ () C:\Users\User\AppData\Roaming\xulrunner.zip
2016-08-04 18:16 - 2016-08-04 18:16 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-23 20:50 - 2016-08-03 17:43 - 0007628 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2016-07-12 20:40 - 2016-07-12 20:40 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml
2017-02-09 13:31 - 2017-02-20 11:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-10 18:22

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello iskrentsbg and :welcome: Forum.

My screen name is Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

I can see that you have a duplicated post here. I will ask to merge both posts to avoid duplicate responses.

Please DO NOT run any tools unless asked to do so.
Please follow the instructions in the order listed.

First,

Re-run Malwarebytes, update the tool, perform another scan and post the content of the new log in your next reply.

Next,

I need to see a new set of fresh logs from FRST.

  • Right-click on the FRST icon and select Spcusrh.pngRun as Administrator;
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Please attach both FRST.txt and Addition.txt files in your next reply;


To summarize please post the content of the new Malwarebytes log and attach the two files (FRST.txt and Addition.txt) produced by FRST.

Link to post
Share on other sites

MalwareBytes - nothing found.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by User (administrator) on DESKTOP-EF75065 (25-02-2017 21:30:27)
Running from C:\Users\User\Desktop\Malware Fighting tools
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Vimicro) C:\Windows\vmsnap3.exe
() C:\Windows\Domino.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
() C:\Program Files (x86)\Windscribe\Windscribe.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Българска асоциация за компютърна лингвистика) C:\Program Files (x86)\BACL\SpeechLab\TTSProfileDlg.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Temp\05C18118-571E-4705-9E86-6A3CD5567E0C\DismHost.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\32\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\32\Adobe QT32 Server.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-29] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.exe [49152 2006-07-04] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-08-19] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-23] (AVAST Software)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1368816 2016-07-04] (Bogdan Sharkov)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] ()
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [iCall] => D:\James\iCall\iCall.exe
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [mailruhomesearch] => "C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1367432 2017-02-10] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Configure Bulgarian Speech.lnk [2016-09-20]
ShortcutTarget: Configure Bulgarian Speech.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Installer\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}\_5af141bb.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 198.41.0.4
Tcpip\..\Interfaces\{89a31647-e35c-41e6-954a-95b1caae8c97}: [DhcpNameServer] 192.168.100.1 198.41.0.4

Internet Explorer:
==================
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-691218479-2863476526-4080224816-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-02] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-02] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: uq6to8j3.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default [2017-01-21]
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uq6to8j3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-23]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-691218479-2863476526-4080224816-1001: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-25] <==== ATTENTION
CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-02-22]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (Повиквания в Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-30]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-19]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Video Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2017-02-18]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-25]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Google Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-28]
CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-28]
CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-02-01]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-28]
CHR Extension: (Електронни таблици от Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-03]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-01]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-28]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-23] (AVAST Software)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-29] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-08-01] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmdag.sys [32699928 2017-02-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311139.inf_amd64_2aa9c01a2af97538\atikmpag.sys [525848 2017-02-13] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-23] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-10] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-10] (ELECOM)
S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42184 2015-02-03] (Anchorfree Inc.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Creative Technology Ltd.)
S3 vvftav303; C:\WINDOWS\system32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-26] (Zemana Ltd.)
S3 ZSMC0303; C:\WINDOWS\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 10:19 - 2017-02-25 13:47 - 00000000 ____D C:\LionNetworks4HB
2017-02-24 20:12 - 2017-02-24 22:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Telegram Desktop
2017-02-24 20:12 - 2017-02-24 20:12 - 00001029 _____ C:\Users\User\Desktop\Telegram.lnk
2017-02-24 20:12 - 2017-02-24 20:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2017-02-23 08:32 - 2017-02-23 08:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf5f3304b6f9d46bf
2017-02-23 08:32 - 2017-02-23 08:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign324bc26fcd5593b6
2017-02-23 08:32 - 2017-02-23 08:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2c7cd95bc1c0fe1e
2017-02-22 18:50 - 2017-02-22 18:50 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignefef41194696fd6e
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndf4ac25f12e3024d
2017-02-21 08:29 - 2017-02-21 08:29 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign768d43647244ab66
2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-20 19:52 - 2017-02-20 19:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-02-20 19:07 - 2017-02-20 19:07 - 00000222 _____ C:\Users\User\Desktop\Last Survivor.url
2017-02-20 11:10 - 2017-02-20 11:10 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-02-20 11:05 - 2017-02-20 11:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\AMD
2017-02-20 11:02 - 2017-02-20 11:02 - 34980000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170213_64bit.exe
2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c8a9d4eedf6ef7f
2017-02-19 09:24 - 2017-02-19 09:24 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign55b33519653644d7
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda721cd187df812e
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbc772f732524804e
2017-02-19 08:58 - 2017-02-19 08:58 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5e7e968daba52c09
2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc25247caae1bdb34
2017-02-18 18:37 - 2017-02-18 18:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8c85c7abbfb4329a
2017-02-18 13:57 - 2017-02-18 13:57 - 00351888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign26ec685e02fca897
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign21c2d6389996e986
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1274dbcc845009c8
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbfd57de5041bf42d
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5000216ff848b5ff
2017-02-16 22:42 - 2017-02-16 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1c67bf6492556570
2017-02-16 11:45 - 2017-02-16 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna2e887b47527c44d
2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5a321afbfa278a0f
2017-02-16 11:44 - 2017-02-16 11:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2f93566971e86c30
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9c1f673b3cde819e
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign85eb0e50dca07ba1
2017-02-15 22:48 - 2017-02-15 22:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1662e630b5faedcf
2017-02-15 09:38 - 2017-02-15 09:38 - 00000222 _____ C:\Users\User\Desktop\Receiver.url
2017-02-15 09:38 - 2017-02-15 09:38 - 00000221 _____ C:\Users\User\Desktop\Overgrowth.url
2017-02-15 09:26 - 2017-02-15 09:26 - 00000221 _____ C:\Users\User\Desktop\World of Goo.url
2017-02-14 22:48 - 2017-02-15 09:24 - 00000222 _____ C:\Users\User\Desktop\The Witness.url
2017-02-14 22:40 - 2017-02-14 22:40 - 00000222 _____ C:\Users\User\Desktop\Stardew Valley.url
2017-02-14 22:23 - 2017-02-14 22:39 - 00000000 ____D C:\Users\User\Downloads\The Witness - HI2U
2017-02-14 20:09 - 2017-02-14 20:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc86765212109eec5
2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign958d8a35021e9629
2017-02-14 20:08 - 2017-02-14 20:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1908629696da59f2
2017-02-13 22:24 - 2017-02-13 23:12 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ
2017-02-13 14:32 - 2017-02-13 14:32 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00924696 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-02-13 14:32 - 2017-02-13 14:32 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-02-13 14:32 - 2017-02-13 14:32 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-13 14:32 - 2017-02-13 14:32 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign857deb0bdb73acb8
2017-02-13 13:11 - 2017-02-13 13:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign419e7ed1de275020
2017-02-13 13:10 - 2017-02-13 13:10 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign605236e60ce9aaf4
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignff63bc284cbd90cf
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7c95620aa64e4fdd
2017-02-13 10:08 - 2017-02-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign30f42fb39380d4db
2017-02-12 22:23 - 2017-02-06 21:18 - 00000681 _____ C:\Users\User\Desktop\Nicks.txt
2017-02-12 22:23 - 2017-02-06 13:23 - 00763365 _____ C:\Users\User\Desktop\Bot3.91.jar
2017-02-12 22:23 - 2017-01-19 20:20 - 00026936 _____ C:\Users\User\Desktop\S5Proxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00007803 _____ C:\Users\User\Desktop\SSLProxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00002770 _____ C:\Users\User\Desktop\S4Proxies.txt
2017-02-12 22:23 - 2017-01-19 20:20 - 00000000 _____ C:\Users\User\Desktop\Alts.txt
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign80b7e0bbbacd2a06
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4270bfa142f5acb4
2017-02-11 19:36 - 2017-02-11 19:36 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign27e4e8f0c55f07f5
2017-02-11 18:55 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\ezBlueCC.aep Logs
2017-02-11 18:53 - 2017-02-11 18:55 - 00000000 ____D C:\Users\User\Documents\Adobe After Effects Auto-Save
2017-02-11 18:22 - 2017-02-11 18:22 - 00000222 _____ C:\Users\User\Desktop\Alien Isolation.url
2017-02-10 09:21 - 2017-02-10 09:21 - 00127368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2017-02-10 09:21 - 2017-02-10 09:21 - 00108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2017-02-09 19:54 - 2017-02-09 19:54 - 00000000 ____D C:\Users\User\AppData\Local\RadeonSettings
2017-02-09 13:31 - 2017-02-20 11:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-02-09 13:30 - 2017-02-09 13:30 - 34425000 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170208_64bit.exe
2017-02-09 13:12 - 2017-02-09 13:19 - 00012572 _____ C:\Users\User\Documents\config.yml
2017-02-09 10:34 - 2017-02-09 11:39 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-02-09 10:34 - 2017-02-09 10:34 - 00003540 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-02-09 10:34 - 2017-02-09 10:34 - 00003404 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk
2017-02-09 10:34 - 2017-02-09 10:34 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Gyazo
2017-02-09 10:34 - 2017-02-09 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2017-02-08 20:54 - 2017-02-08 21:08 - 00000000 ____D C:\Users\User\Downloads\MAGIX Vegas Pro v14.0.0 Build 161 Multilingual Incl Patch [Androgalaxy]
2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3d12282ab427bec8
2017-02-08 10:01 - 2017-02-08 10:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign39239f78e02ca690
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign74eee52f224163ee
2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbd85422d21ec8249
2017-02-07 11:37 - 2017-02-07 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb0c2129923b984ce
2017-02-06 22:27 - 2017-02-06 22:27 - 00000222 _____ C:\Users\User\Desktop\Winexy.url
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignd6ca18dacb411151
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0cdddfd4925af2e0
2017-02-06 20:11 - 2017-02-06 20:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign05a481d55b765b7a
2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncbf821141236de50
2017-02-05 21:48 - 2017-02-05 21:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5b8ac7667ca308c7
2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a8db63a16d3873c
2017-02-05 19:37 - 2017-02-05 19:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3a12c5d343562aa8
2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign88c394360d62b8f4
2017-02-05 15:56 - 2017-02-05 15:56 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4d492f4d4cf17716
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignacf42cedff92350e
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign920bc04b317f3c5c
2017-02-04 23:26 - 2017-02-04 23:26 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign41acb30f43380c4f
2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf20ed834c64bce5a
2017-02-04 14:11 - 2017-02-04 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign78852940e8698bfe
2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign980e1cdbc4ad1924
2017-02-03 17:48 - 2017-02-03 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign856a6ec98db30213
2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf452e097946deb14
2017-02-03 16:44 - 2017-02-03 16:44 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign208dc8b221361bd5
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignec3bc5d70bf4401b
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9e28fbe3fe233ff2
2017-02-03 15:13 - 2017-02-03 15:13 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign2887591d55266b17
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignf6b44f2e4cabd0f4
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignab87d13b5f08e818
2017-02-03 15:05 - 2017-02-03 15:05 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign19ca0aef7dcdb624
2017-02-03 10:32 - 2017-02-03 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-03 08:56 - 2017-02-13 14:32 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-02-03 08:56 - 2017-02-13 14:32 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe
2017-02-03 08:56 - 2017-02-13 14:32 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00170008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-02-03 08:56 - 2017-02-13 14:32 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-02-03 08:56 - 2017-02-03 08:56 - 00248728 _____ C:\WINDOWS\SysWOW64\SETA5CD.tmp
2017-02-03 08:55 - 2017-02-13 14:32 - 09881624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 07928856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 02504728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 02186264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00536600 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-02-03 08:55 - 2017-02-13 14:32 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-02-03 08:55 - 2017-02-13 14:32 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00892440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00716824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-02-03 08:54 - 2017-02-13 14:32 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-02-03 08:54 - 2017-02-13 14:31 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-02-03 08:53 - 2017-02-13 14:31 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-02-03 08:52 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-02-03 08:52 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-02-03 08:51 - 2017-02-13 14:32 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-02-03 08:51 - 2017-02-13 14:31 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-02-03 08:51 - 2017-02-13 14:31 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-02-03 02:24 - 2017-02-13 14:32 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-02-03 02:24 - 2017-02-13 14:32 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-02-03 02:24 - 2017-02-13 14:32 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-02-03 02:24 - 2017-02-13 14:31 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbf476638c5dc2fb2
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb43b7346a26da930
2017-02-02 10:09 - 2017-02-02 10:09 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0681dd8df1c9c9f4
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Fiends of Imprisonment.url
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Break Into Zatwor.url
2017-02-01 21:38 - 2017-02-01 21:38 - 00000222 _____ C:\Users\User\Desktop\Absconding Zatwor.url
2017-02-01 19:17 - 2017-02-01 19:17 - 00000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-02-01 19:17 - 2017-02-01 19:17 - 00000000 ____D C:\Program Files\CPUID
2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7af2337b62eca833
2017-02-01 17:38 - 2017-02-01 17:38 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign6a79f6746ae3a888
2017-02-01 17:28 - 2017-02-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-02-01 17:27 - 2017-02-20 11:10 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 17:25 - 2017-02-09 13:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-01 17:25 - 2016-12-15 21:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-01 17:25 - 2016-12-15 21:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-01 17:25 - 2016-12-15 21:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-01 17:25 - 2016-12-15 21:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\ATI
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\User\AppData\Local\ATI
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\ProgramData\ATI
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignc1b4321d69503d89
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb64107e48a10520e
2017-02-01 16:27 - 2017-02-01 16:27 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0ca5cf2df4cd7b05
2017-01-31 15:26 - 2017-02-01 14:13 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2017-01-31 15:24 - 2017-01-31 15:24 - 00000000 ____D C:\WINDOWS\system32\яяяяяяяяerStore
2017-01-31 15:23 - 2017-02-21 09:45 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-31 15:23 - 2017-02-20 11:02 - 00000000 ____D C:\AMD
2017-01-31 15:23 - 2017-02-01 17:28 - 00000000 ____D C:\Program Files\AMD
2017-01-31 15:23 - 2017-01-31 15:23 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ff7b4e41c5008c7
2017-01-31 13:47 - 2017-01-31 13:47 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign7ac6517316836db7
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne67f0245aa8e982d
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignda8c29a69208b22d
2017-01-30 21:07 - 2017-01-30 21:07 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign47ea9b80be2f317d
2017-01-30 21:04 - 2017-01-30 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign43cb80db0f33b781
2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9183e6f170dfbfad
2017-01-30 20:37 - 2017-01-30 20:37 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign1ac2641ef8248637
2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg.bak
2017-01-30 18:50 - 2017-01-30 18:50 - 00053488 _____ C:\Users\User\Documents\edno simple klip.veg
2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb37f7d541af60a3f
2017-01-30 18:32 - 2017-01-30 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign003627890c2564f3
2017-01-30 13:39 - 2017-01-30 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-01-30 13:39 - 2017-01-30 13:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignbcd33d395956c38e
2017-01-29 22:39 - 2017-01-29 22:39 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8ca3b849d96dd188
2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignfa23bfac505a06e8
2017-01-29 20:59 - 2017-01-29 20:59 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3bc1033ae442c0f0
2017-01-29 20:01 - 2017-01-29 20:01 - 04039535 _____ C:\Users\User\Documents\ezBlueCC.aep
2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigna9c1c409d0138a6d
2017-01-29 18:32 - 2017-01-29 18:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign3ab36616700399dc
2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9362115c96600750
2017-01-29 17:08 - 2017-01-29 17:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign556ef54085dadc11
2017-01-29 14:41 - 2017-01-29 14:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb3fd7c8b529bf327
2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign9539e6bc494fa519
2017-01-29 14:40 - 2017-01-29 14:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign5f511921f3a57edb
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigne7ac829965aebc49
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb8864999a988e18a
2017-01-29 10:40 - 2017-01-29 10:40 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb76ded90fad24975
2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigncd9cd9bd1d66a919
2017-01-28 13:06 - 2017-01-28 13:06 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign183c617a5be2fd95
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsigndefb682f86df1e11
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsignb216085f45055496
2017-01-27 13:15 - 2017-01-27 13:15 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign8898d78a46fbfb65

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 21:30 - 2016-09-26 17:52 - 01506376 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-25 21:30 - 2016-09-26 17:52 - 01488308 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-25 21:30 - 2016-09-25 21:52 - 00000000 ____D C:\FRST
2017-02-25 21:30 - 2016-09-25 21:21 - 00000000 ____D C:\Users\User\Desktop\Malware Fighting tools
2017-02-25 21:27 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 21:25 - 2016-07-12 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-02-25 20:59 - 2016-08-31 17:25 - 00000000 ____D C:\ProgramData\rgt
2017-02-25 19:44 - 2016-09-20 06:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 19:14 - 2016-07-12 17:42 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2017-02-25 18:12 - 2016-09-24 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-25 17:21 - 2016-07-29 10:26 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-02-25 10:19 - 2016-07-15 19:31 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2017-02-25 08:27 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 08:23 - 2016-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-24 12:50 - 2016-07-12 17:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 12:47 - 2016-07-12 17:02 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 12:19 - 2016-12-09 19:09 - 00000018 _____ C:\Users\User\Desktop\secret.txt
2017-02-22 11:42 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 11:14 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-22 11:13 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-21 09:52 - 2016-07-12 12:23 - 01657896 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 09:46 - 2016-09-21 16:49 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-21 09:46 - 2016-09-20 06:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 09:45 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PLA
2017-02-21 09:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-20 22:10 - 2016-11-18 21:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-20 22:09 - 2016-11-18 21:41 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-02-20 19:07 - 2016-07-12 20:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-20 18:30 - 2016-07-14 17:03 - 00000000 ____D C:\Users\User\Documents\OFX Presets
2017-02-18 22:26 - 2016-07-28 17:06 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables
2017-02-18 18:54 - 2016-08-01 21:01 - 00000022 _____ C:\Users\User\Desktop\RANKOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE.txt
2017-02-18 16:59 - 2016-10-03 07:33 - 00000304 _____ C:\Users\User\Desktop\SFCFix.txt
2017-02-18 16:21 - 2016-09-25 21:18 - 00001622 _____ C:\Users\User\Desktop\Rkill.txt
2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\Users\User\AppData\Local\niemiro
2017-02-18 16:20 - 2016-10-03 07:33 - 00000000 ____D C:\SFCFix
2017-02-18 14:00 - 2016-09-26 12:46 - 00000000 ____D C:\AdwCleaner
2017-02-17 13:00 - 2016-08-22 22:19 - 00000402 _____ C:\Users\User\Desktop\aaaaaaaaa.txt
2017-02-16 10:04 - 2016-11-10 17:53 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-16 10:04 - 2016-07-12 12:21 - 00002360 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-16 10:04 - 2016-07-12 12:21 - 00000000 ___RD C:\Users\User\OneDrive
2017-02-14 22:59 - 2016-07-12 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2017-02-13 14:32 - 2017-01-25 01:29 - 01262616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-02-13 14:32 - 2017-01-25 01:29 - 00951832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-02-13 14:32 - 2017-01-25 01:29 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-02-13 14:32 - 2016-12-29 08:24 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-02-13 12:51 - 2016-10-01 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-02-12 11:17 - 2016-07-12 12:39 - 00000000 ____D C:\ProgramData\Skype
2017-02-12 10:06 - 2017-01-09 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2017-02-12 10:06 - 2016-11-14 13:53 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2017-02-12 10:06 - 2016-09-23 15:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-11 16:39 - 2016-09-30 19:08 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2015
2017-02-10 13:43 - 2016-07-13 09:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony
2017-02-07 22:51 - 2017-01-06 22:38 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 22:51 - 2017-01-06 22:38 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 09:46 - 2016-12-01 08:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-06 16:48 - 2016-07-16 08:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 16:48 - 2016-07-16 08:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-04 13:40 - 2017-01-25 21:35 - 00000000 _____ C:\Users\User\Desktop\New Text Document (2).txt
2017-02-03 10:32 - 2017-01-18 12:54 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-03 08:56 - 2017-01-25 01:29 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SETA51C.tmp
2017-02-03 08:56 - 2016-12-29 08:23 - 00922520 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2017-02-03 08:55 - 2017-01-25 01:29 - 01355672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\SETA18E.tmp
2017-02-03 08:55 - 2017-01-25 01:29 - 01015704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\SETA72C.tmp
2017-02-02 21:32 - 2016-07-12 12:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 21:40 - 2016-07-28 16:59 - 00000000 ____D C:\Users\User\Documents\My Games
2017-02-01 14:11 - 2016-07-26 09:08 - 00000774 _____ C:\Users\User\Desktop\nativelog.txt
2017-01-31 13:29 - 2016-07-12 12:55 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-01-30 18:56 - 2016-12-22 11:39 - 00000000 ____D C:\Users\User\AppData\Roaming\VEGAS
2017-01-30 12:50 - 2016-07-12 12:19 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-01-28 13:15 - 2016-07-13 16:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games

==================== Files in the root of some directories =======

2016-07-23 20:21 - 2016-07-23 20:21 - 20982175 _____ () C:\Users\User\AppData\Roaming\xulrunner.zip
2016-08-04 18:16 - 2016-08-04 18:16 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-23 20:50 - 2016-08-03 17:43 - 0007628 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2016-07-12 20:40 - 2016-07-12 20:40 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml
2017-02-09 13:31 - 2017-02-20 11:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-21 10:25

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by User (25-02-2017 21:32:31)
Running from C:\Users\User\Desktop\Malware Fighting tools
Windows 10 Pro Version 1607 (X64) (2016-09-20 09:49:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-691218479-2863476526-4080224816-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-691218479-2863476526-4080224816-503 - Limited - Disabled)
Guest (S-1-5-21-691218479-2863476526-4080224816-501 - Limited - Disabled)
User (S-1-5-21-691218479-2863476526-4080224816-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

24 HOURS (HKLM\...\Steam App 485580) (Version:  - MysticGames)
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
A4 TECH PC Camera H (HKLM-x32\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.0 - Vimicro Corporation)
A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - Vimicro)
Absconding Zatwor (HKLM\...\Steam App 385200) (Version:  - Zonitron Productions)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Alien: Isolation (HKLM\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlerite (HKLM\...\Steam App 504370) (Version:  - Stunlock Studios)
BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Break Into Zatwor (HKLM\...\Steam App 395980) (Version:  - Zonitron Productions)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Charles 4.0 (HKLM\...\{E0A65A42-FEA8-4BF1-AB8E-B28821357268}) (Version: 4.0.0.19 - XK72 Ltd)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Counter-Strike CSS Edition 1.6 (HKLM-x32\...\Counter-Strike CSS Edition 1.6) (Version:  - )
Counter-Strike Global Offensive No-Steam (HKLM-x32\...\Counter-Strike Global Offensive_is1) (Version: 1.35.1.6 - Valve Software)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crack NewBlue ColorFast 3.0 build 121113 (HKLM-x32\...\Crack NewBlue ColorFast 3.0 build 121113_is1) (Version:  - )
Crack NewBlue Creative Effects V3.0 Build 121113 (HKLM-x32\...\Crack NewBlue Creative Effects V3.0 Build 121113_is1) (Version:  - )
Crack NewBlue Transitions Pack v3.0 build 121113 (HKLM-x32\...\Crack NewBlue Transitions Pack v3.0 build 121113_is1) (Version:  - )
Crack NewBlue Video Essentials Tools V3.0 Build 121113I (x86) (HKLM-x32\...\Crack NewBlue Video Essentials Tools V3.0 Build ~EFB930F3_is1) (Version:  - )
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
Discord (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DISTRAINT (HKLM\...\Steam App 395170) (Version:  - Jesse Makkonen)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision)
Fiends of Imprisonment (HKLM\...\Steam App 410590) (Version:  - Zonitron Productions)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
GenArts Sapphire Plug-ins 6.13 for After Effects and Compatible (HKLM\...\GenArts Sapphire AE_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version:  - insayn)
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Last Survivor (HKLM\...\Steam App 463620) (Version:  - Original Games)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mike Crash's Vegas Filters Uninstall (HKLM-x32\...\Mike Crash Vegas Filters) (Version:  - )
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series - Episode 1 (HKLM\...\Steam App 560040) (Version:  - Telltale Games)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Minion Masters (HKLM\...\Steam App 489520) (Version:  - BetaDwarf)
Monsti (HKLM\...\Steam App 526790) (Version:  - Unika Games)
Mozilla Firefox 48.0.2 (x86 bg) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 bg)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NewBlue 3D Explosions for Vegas (HKLM-x32\...\NewBlue 3D Explosions for Vegas) (Version:  - )
NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version:  - )
NewBlue Art Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Art Effects 2.0 for Vegas) (Version:  - )
NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Film Effects for Vegas (HKLM-x32\...\NewBlue Film Effects for Vegas) (Version:  - )
NewBlue Motion Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Blends 2.0 for Vegas) (Version:  - )
NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue Motion Effects 2.0 for Vegas (HKLM-x32\...\NewBlue Motion Effects 2.0 for Vegas) (Version:  - )
NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Overgrowth (HKLM\...\Steam App 25000) (Version:  - Wolfire)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Pixel Puzzles Ultimate (HKLM\...\Steam App 351030) (Version:  - Decaying Logic)
Plantera (HKLM\...\Steam App 421040) (Version:  - VaragtP)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.5.7.57 - Razer Inc.)
RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Receiver (HKLM\...\Steam App 234190) (Version:  - Wolfire Games)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SpeechLab (HKLM-x32\...\{319A3CA9-DA63-4D65-8B25-403CF9CBF087}) (Version: 1.0.0 - BACL)
Spermination (HKLM\...\Steam App 363460) (Version:  - Phr00t's Software)
SPINGUN (HKLM\...\Steam App 548230) (Version:  - Fermenter Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamline (HKLM\...\Steam App 252850) (Version:  - Proletariat Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witness (HKLM\...\Steam App 210970) (Version:  - Thekla, Inc.)
Trapcode Suite v13.0.3 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.3 - Red Giant, LLC)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.4.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-691218479-2863476526-4080224816-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Universe (HKLM\...\Universe Premium_is1) (Version: 1.6.0 CE - Team V.R)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden
WayOut (HKLM\...\Steam App 551110) (Version:  - Konstructors)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windscribe version 1.59 build 10 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.59 build 10 - Windscribe)
Winexy (HKLM\...\Steam App 577740) (Version:  - Heaven Brotherhood)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version:  - 2D BOY)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-691218479-2863476526-4080224816-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\User\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033C4581-6095-4955-AE1D-18B48EA2D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {0650722C-556F-4689-9530-50B3A7FA162F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {0E67BFAA-FC80-4A34-89B0-509C7B1036B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {2585EB47-A12D-4171-A9C1-5907CE2078E2} - System32\Tasks\TaskSched => Chrome.exe hxxp://gjdksleeeee.ru/eloxym
Task: {357A5796-602D-4D35-9B60-514E140BBAFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {468DC828-22D4-4C44-8EE2-26F9B960E9E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CEB3BB4-8F2F-486A-A6B7-C84499DF5F71} - System32\Tasks\{5C066DAE-FB13-483C-BE23-A69C5C4EC109} => pcalua.exe -a "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]\SpeakText.exe" -d "C:\Users\User\Downloads\SpeechLab 2.0 [Stichy]"
Task: {6170626D-3C5D-4C9F-B2E9-34F61090ADEB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {6221933B-222E-45E3-8E8E-3AD711C62F71} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2016-02-08] ()
Task: {7AB6445E-57CC-48BB-A5EA-7CCA84FB5E17} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {7E3F2FA5-AF10-4AA2-A5D7-DF1867E0751E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {801754FA-821A-4AEE-AF7D-A959F9534F84} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {92333B72-C092-4CED-83F0-7946F94CD656} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {99868715-6BE5-4495-B53F-C3CFE389FBE8} - System32\Tasks\SafeZone scheduled Autoupdate 1474658096 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {BD4B5B7F-5C97-4493-A05F-DEB77DAF04FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {F6801EA8-9497-48D3-B5CA-A616D2A10CDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {FB3E981A-AA84-4FF4-84DD-F8309D93B584} - System32\Tasks\{179AE184-A649-4CA8-A3D0-6C614864584D} => pcalua.exe -a "C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers\Social Club v1.1.5.8 Setup.exe" -d C:\Users\User\Downloads\Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5-3DM\Installers

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\User\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\771f8bd89de33137\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-07-19 21:10 - 2016-07-19 21:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-08-02 19:04 - 2016-07-24 01:38 - 00047208 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-30 05:23 - 2016-06-30 05:23 - 00592384 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-07-31 03:58 - 2015-07-31 03:58 - 08901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-20 20:51 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:18 - 2016-12-21 04:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:18 - 2016-12-21 04:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-10-30 10:26 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe
2016-08-02 19:04 - 2016-07-24 01:38 - 07647848 _____ () C:\Program Files (x86)\Windscribe\Windscribe.exe
2016-12-08 18:30 - 2016-12-08 18:30 - 00358400 _____ () C:\Program Files\AMD\CNext\CNext\amf-component-ffmpeg64.dll
2016-06-02 13:56 - 2016-06-02 13:56 - 02682368 _____ () C:\Program Files\AMD\CNext\CNext\avformat-57.dll
2016-06-02 13:56 - 2016-06-02 13:56 - 00386560 _____ () C:\Program Files\AMD\CNext\CNext\avresample-3.dll
2016-06-02 13:56 - 2016-06-02 13:56 - 00802304 _____ () C:\Program Files\AMD\CNext\CNext\avutil-55.dll
2016-06-02 13:56 - 2016-06-02 13:56 - 13923328 _____ () C:\Program Files\AMD\CNext\CNext\avcodec-57.dll
2016-06-02 13:56 - 2016-06-02 13:56 - 00351232 _____ () C:\Program Files\AMD\CNext\CNext\swresample-2.dll
2016-10-13 10:11 - 2016-10-13 10:11 - 00207360 _____ () C:\Program Files\AMD\CNext\CNext\amf-component-ring-buffer64.dll
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-02-22 08:15 - 2017-02-22 08:15 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 08:15 - 2017-02-22 08:15 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 08:15 - 2017-02-22 08:15 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 10:00 - 2017-02-07 10:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 11:43 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-02-07 22:51 - 2017-02-01 06:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 22:51 - 2017-02-01 06:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00934632 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_calib3d248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 02541800 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_core248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 02193128 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_imgproc248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00805096 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_objdetect248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00436456 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_video248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 02416360 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_highgui248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00659176 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_flann248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00867560 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\opencv_features2d248.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00678120 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\aeres1.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 01722088 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_LiveLink.aex
2016-06-02 19:22 - 2016-06-02 19:22 - 21078376 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\Effects\mochaAE\mochashapeconverter4ae.aex
2016-06-03 02:23 - 2016-06-03 02:23 - 04087016 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\Format\OpenEXR.aex
2016-07-19 16:09 - 2016-06-16 21:12 - 06251520 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\Format\Trapcode\TrapcodeOBJ.AEX
2016-06-03 02:23 - 2016-06-03 02:23 - 02298088 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_Exporter.aex
2016-06-03 02:23 - 2016-06-03 02:23 - 02245352 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_SceneLayer.aex
2016-06-03 02:23 - 2016-06-03 02:23 - 02449128 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\Plug-ins\MAXON CINEWARE AE\Cineware_AE_Effect.aex
2016-09-23 15:36 - 2016-09-23 15:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-22 23:01 - 2017-02-22 23:01 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022203\algo.dll
2017-02-23 19:05 - 2017-02-23 19:05 - 05884928 _____ () C:\Program Files\AVAST Software\Avast\defs\17022300\algo.dll
2017-02-24 21:31 - 2017-02-24 21:31 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022401\algo.dll
2017-02-25 17:17 - 2017-02-25 17:17 - 05990096 _____ () C:\Program Files\AVAST Software\Avast\defs\17022501\algo.dll
2016-07-12 18:53 - 2016-12-23 15:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-12 18:53 - 2016-01-27 04:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-12 18:53 - 2016-08-31 22:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-12 18:53 - 2016-07-04 19:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 00638976 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2016-08-02 19:04 - 2016-04-26 22:04 - 01264128 _____ () C:\Program Files (x86)\Windscribe\libGLESv2.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-13 10:53 - 2017-01-13 10:53 - 01082880 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-13 10:53 - 2017-01-13 10:53 - 03750400 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-13 10:53 - 2017-01-13 10:53 - 00914432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-13 10:53 - 2017-01-13 10:53 - 01127424 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\keyhook.dll
2016-08-16 09:58 - 2016-08-16 09:58 - 00045056 _____ () C:\Program Files (x86)\BACL\SpeechLab\SpeakTextCom.dll
2016-06-30 08:24 - 2016-06-30 08:24 - 00564224 _____ () C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll
2015-07-31 04:00 - 2015-07-31 04:00 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-31 03:46 - 2016-05-31 03:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-09-23 15:36 - 2016-09-23 15:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-10 13:41 - 2016-08-01 13:20 - 00149352 _____ () C:\Program Files (x86)\Razer\Razer Cortex\SimbaDeviceControl.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-02-25 08:18 - 2017-02-25 08:18 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\AC14.tmp.node
2017-01-13 10:53 - 2017-01-13 10:53 - 02658304 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-13 10:53 - 2017-01-13 10:53 - 02130432 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-12-14 12:27 - 2017-01-05 00:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-07-12 18:53 - 2017-01-18 22:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-12 08:47 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-02-25 18:01 - 2017-02-25 18:01 - 00306176 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\lwjgl.dll
2017-02-25 18:01 - 2017-02-25 18:01 - 00246332 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\avutil-ttv-51.dll
2017-02-25 18:01 - 2017-02-25 18:01 - 00113171 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\swresample-ttv-0.dll
2017-02-25 18:01 - 2017-02-25 18:01 - 00394810 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\libmp3lame-ttv.dll
2017-02-25 18:01 - 2017-02-25 18:01 - 01145344 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\twitchsdk.dll
2017-02-25 18:01 - 2017-02-25 18:01 - 00390144 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8.8\1.8.8-natives-375375394036866\OpenAL32.dll
2017-01-16 22:30 - 2017-01-16 22:30 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 44042752 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\libcef.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 01482240 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\libglesv2.dll
2016-06-03 02:23 - 2016-06-03 02:23 - 00073728 _____ () C:\Program Files\Adobe\Adobe After Effects CC 2015.3\Support Files\CEPHtmlEngine\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z.ZZ...Z.ZZ:1 [898]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 04:24 - 2016-12-03 08:56 - 00000116 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-691218479-2863476526-4080224816-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.100.1 - 198.41.0.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DBDCB109-955C-4942-8527-AFA42960EAAA}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe
FirewallRules: [TCP Query User{8CE20F01-1CCD-4410-86B0-C4CF7FEA37C6}D:\james\choit\charles.exe] => (Allow) D:\james\choit\charles.exe
FirewallRules: [{E011C6A1-7651-4FAD-8E09-99F7CEA118CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BADF7BF-E48F-4A25-AB9F-5A14C5CC32E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{2C01EF1C-35D0-49D4-8CC5-55319149F0E0}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D3D2C64C-6231-4D41-B3C0-4AC77359CF41}D:\james\jitia pet\fae\grand theft auto v\gta5.exe] => (Allow) D:\james\jitia pet\fae\grand theft auto v\gta5.exe
FirewallRules: [{47F4AEF8-48EE-4EB3-AC9C-03CA0B2D102B}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5951E8A7-DDDC-4B36-B326-2D087F9AC8E5}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe
FirewallRules: [{4ED8F7F7-A7A5-4001-B42A-942424D97E81}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe
FirewallRules: [{BBCD2C6D-E774-476B-90AE-69FBE65BA5C7}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3341384-1A64-4E4F-9416-5D1BDA6D1B61}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe
FirewallRules: [{427714CC-A96E-44D7-9E0D-1A39057908CC}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe
FirewallRules: [UDP Query User{4D6D4A2D-2A13-4E51-A557-167F84D23718}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe
FirewallRules: [TCP Query User{5F96416E-CDE2-48EC-ADC1-9733174C8067}C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe] => (Allow) C:\users\user\desktop\igg-shoppe.keep.v1.2\shoppe keep.exe
FirewallRules: [UDP Query User{E1FEF267-D6E7-4419-9C1A-3F0CD63167C6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{5AC975BD-BEBB-4554-A782-B852B0DDF0A7}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{D07A55E2-534B-4A79-8E28-54AC84E14FF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DB2F543D-4785-4122-8FFC-D448EE29778F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{AB3946FD-4208-4E40-870F-42E1DCA1BA36}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe
FirewallRules: [TCP Query User{98A40DD3-8AA4-4736-B9CF-CD9D98F012FF}C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015.3\support files\afterfx.exe
FirewallRules: [UDP Query User{04005185-2EF0-489A-8FDE-F323FE07816D}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{924ACA3C-A74E-4D08-9199-8B8F546148B2}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{120C565E-B894-4C86-BF94-0B0B50185252}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{33A206E9-2C9D-417A-9DBF-1C94A4DE156D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E4F6FF23-1439-492F-8A75-B97B11CECAD7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{98C53AF6-FF7D-48B4-8DF4-1B696CDB64CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2AB8580D-6BE2-45B9-B646-92B65C3C2374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{987D3D80-BA00-4C26-8003-3E93F727F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1865D1D6-89F6-4CBF-AF67-8A024D3E36DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9FED75D9-A3B1-474A-B0FC-BB05F83A15FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A682E27-8475-4089-BB91-E8AC431B06E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{75A964A0-82AB-4766-8BB2-F53CFDF6E874}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{04595A0D-32AF-4023-953A-118169CA1F02}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{89446BC2-5F21-4756-BF54-223F2B6BF3B6}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{23F75D1A-A81E-4982-84CD-224F413EA478}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{F607EE37-6B9B-4443-860C-91715CFBAA1E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E12B1A35-4636-449D-987F-670928EA3D31}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3801F88B-5471-4857-9768-26364727A9C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15D60289-A385-4F45-9728-6B03FEB46E0E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{DE4C9ED2-C757-4710-A881-BEB4A7C62DA8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{303C1E4B-DA58-42E7-9404-785D806BE847}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C6083222-6B6A-4432-8C02-42B0600CFE5C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D475B9C9-FD81-445D-807D-69F396B0EB5E}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{A999C29A-E1DB-4E85-8AAF-43497101F34F}] => (Allow) D:\James\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D0263CE3-8D4B-4A11-B90A-8A70C51504B2}] => (Allow) C:\Users\User\AppData\Local\Temp\is-N3OMN.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{7B18ED13-B200-4925-A189-70EEAEE2FCFE}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe
FirewallRules: [{5AF9732A-0B32-48C8-8DBE-8298B12133F5}] => (Allow) C:\Users\User\AppData\Local\Temp\00013811\inst_buychannel_37.exe
FirewallRules: [{47D684F7-14F2-4E50-A538-6A6BE2D92370}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{D34F7BAF-5BF1-47AC-BA10-86190911031D}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe
FirewallRules: [{D2D03F12-E0A2-4F9B-9BED-9E5BF0F54301}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{72F22AA6-8F9C-403B-8EC1-4D09622E19D6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{ECE9D62E-798E-4739-A2EA-BE7A1C84A266}] => (Allow) D:\Niche.v0.0.7\Unity\Editor\Unity.exe
FirewallRules: [{79F44869-7B74-4BB6-B246-B3AC7C9E4C8B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{3398C9EA-3672-4BF0-A2A7-E4CDAB272BFF}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{320FB54C-A1CC-4890-9A11-5E1961F2AB4F}] => (Allow) D:\James\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [TCP Query User{00DFE3AA-92B0-4DDE-9520-19914B62F214}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{4888F1C6-830E-4C8F-99BB-A4E76C27815F}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [{2CD5D846-3D3E-4236-93BF-B2EB7B9EC2F6}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{51AF039C-0028-4E92-A518-6CBBA1DF424B}] => (Allow) D:\James\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{80A09AA2-7818-4105-90F9-8D3D71103E2C}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{B9A135AA-423E-4FF6-B7C4-C293CA6F2499}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{92FB818C-BFFF-42E0-B7B8-C811146414A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{B976F08A-E3AA-4E1C-914E-2D49F9B73CA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{BCAB5365-6FF0-4DB9-9F5D-B0CD7599D378}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{A593528B-5B77-4665-AEE5-3D337248B40E}] => (Allow) D:\James\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{4DACDA58-61CA-4031-A428-11456B325C2F}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BF25891A-45E1-493D-9BED-6E05518E7768}] => (Allow) D:\James\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3C89CEB6-22C5-4C81-8CFE-C1E1AD6AE5B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8916E4CD-B934-4730-B151-4FC22E837ED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8263EF20-9F8C-4FD7-8D76-06C28187B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC2A2203-C249-4370-86EA-59A8D5212EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C056DD5F-E720-41D4-938F-0278DF0D54DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A9CA1CF-86C1-436E-B032-3E20DD07A098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE628170-CBB4-4C23-AB24-6BC0F1592C4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{216B706A-C3A5-4E3C-8771-B360020B75C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12AA05A6-3627-41DC-92F3-F08986F4F78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF623493-0926-4AE0-A8D5-E217FFBE6447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B30BFEF-3F88-44C9-AC1A-4DC546FDB195}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe
FirewallRules: [{7CE6A016-CF4E-4D29-992E-B8EE4599E4CD}] => (Allow) D:\James\Steam\steamapps\common\Plantera\Plantera.exe
FirewallRules: [{27940FC2-9FE7-4A8F-84AF-A06E85A83F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D34E463-080F-443F-9FA9-4ACCA24206BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B95C3AAA-3F4E-4E1D-A208-29C3545565B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B906CCF4-80D5-4CD4-9603-9FF84100A699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{326FE78E-F351-4C87-A16C-381780157764}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe
FirewallRules: [{64676190-BE73-4980-AEAF-42199748B6CE}] => (Allow) D:\James\Steam\steamapps\common\SPINGUN\SPINGUN.exe
FirewallRules: [{5EC935AB-5534-428B-8FBF-0BC47240D9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{62872165-6851-4022-AFCF-7E906D667396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D75EA28D-AD7A-4E85-892A-891C46FFF86F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{640BE1DE-2ADD-4C8E-864E-7E7D3D10B91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{19FFB3D8-2F76-41DF-AB01-50467813A802}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{2972D3A0-A9B9-4CBF-95A1-2A666A72F68A}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{0CD8E2FF-4545-4B4B-8D66-7BF1F74AC9DF}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{46032CDC-75CF-4692-8C8A-36957C521A57}D:\james\overwatch\overwatch\overwatch.exe] => (Allow) D:\james\overwatch\overwatch\overwatch.exe
FirewallRules: [{9C7EE8F1-B35E-4863-8B1A-3ED8454EA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99EA8F68-80AA-4055-A01C-43699DAA91E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03D95A6A-685F-466C-98C0-D986B12D4B88}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{BCF1B717-B045-4C3F-8CAE-DBD5A8AA7C67}] => (Allow) D:\James\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{60A19530-8208-47E7-94BC-6F6A9D93FBE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C9D1EAB-ADDF-4A75-A396-83C4C4BF9E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{782ABA6B-6DC4-4152-9236-ADD9B5BD74D9}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{365F048E-AB85-4013-BB14-692C1637B372}D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\james\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{C6FD957D-E4A9-4549-A970-1838E36A729E}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{EA88F506-853D-4912-BF70-D45FF5AB6FF8}] => (Allow) D:\James\Steam\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{EEF4523A-396C-44FA-B5BE-15CCF763FA30}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe
FirewallRules: [{F4B21E1A-C35B-4D80-ABFD-CFBA43203F1C}] => (Allow) D:\James\Steam\steamapps\common\DISTRAINT\distraint.exe
FirewallRules: [{60252435-A527-434F-9DF2-B27FFF5CD23F}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{EBB9C111-D496-49D6-BEF3-E3001E8BE4FF}] => (Allow) D:\James\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{B3C0745B-4228-47F5-89B7-2210665BE324}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe
FirewallRules: [{9F2FBEB0-EB57-4BA3-95C7-AB58E43AC4D7}] => (Allow) D:\James\Steam\steamapps\common\24 HOURS\24HOURS.exe
FirewallRules: [{CDF9E0F7-31C2-4ED7-A3E2-E5F9F5FAE255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D5D52F3-CDC6-41A4-BEC6-289583DD0DE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59724E98-D62D-4A59-825A-ADCEE2FD4903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AD44064-164F-44B2-A93E-34EF50531C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{B5F86C54-0C5E-498E-87B6-DB1B058B0725}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{D4FA88F0-E58E-4FBE-9105-BBF8271204C3}C:\program files (x86)\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{FF8E5D2B-1326-48FC-8E2E-AC8A39249884}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{6BC8A1B4-1DA4-4D44-A479-2B0ACCB116A2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{423011CF-44C8-49E6-B8F3-DC43A28BCC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC7506D9-F22D-45DC-BEE9-815333852564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E4A0B77-D02D-4AE7-AB3A-C0BDAA87C3E1}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{41A8E798-0F8E-45D1-8432-93BCC53F010C}] => (Allow) D:\James\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{58B807C3-12A1-4F88-86D3-401E0E5D893B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{38E77F40-5823-4948-A0BD-75E1A0329F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{912FB4D6-6906-4841-B32F-8B210D5932EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3556B14-A9C5-4149-B0E5-B86D8D4FBC31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36C6FAE7-A1B4-467D-8DA6-2D3E84AEFDBE}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe
FirewallRules: [{203530C5-6FE9-48D2-813C-2D07BA401471}] => (Allow) D:\James\Steam\steamapps\common\Pixel Puzzles Ultimate\Pixel Puzzles Ultimate.exe
FirewallRules: [{F7E08E27-5A8A-4F36-B3B8-41A77142B6D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35B84057-4BE5-4F37-8017-38C5C92F176D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90FF37EE-6DE0-4BCB-A38A-0527EBFB9934}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A6667DFF-1DC3-461D-921F-839E982B6711}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{827B06E0-3EED-460F-9A45-13CA94E3CD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00C3DA68-1FAD-4CE7-8293-715F55F7D764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1117CAD7-9760-494E-9B86-CEF11A2B7499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F639E9C8-3166-4DFD-843E-3EDF757AB1A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{630A32F3-91D6-407A-A39C-76F0B21DA9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB36951C-9C64-4581-8421-DE80AE6068D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24D02B91-4A4F-4A67-9620-105BF2723A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78D553BB-4727-4E3A-A2FA-38755C8A105E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03AA0DB2-CD73-4DCB-BD67-CC434CC9E11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DD0252A-5C13-4172-BC0A-58303FD5826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F46B26E6-231B-4527-AA28-53420113F5A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C46B344-FE98-44AD-9225-6E2A5B30A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{835C5F12-A684-4118-BB4B-66127C15448E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3767BB1-C791-45D3-9485-E93CB7B6FA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7EE37BB7-48F4-4915-B83B-5FAC8A0FC556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8D5EE1B-3999-4A11-9806-1A0A38E46794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{725B656F-96A7-4C74-B4F3-6780E1F0D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C97DF80-850C-4F31-B2CE-D94657968D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D6284FE9-50A1-4B2B-A10E-27B0ACD30DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{465CF54E-D5DE-4A56-A05B-B0240DD44CA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5DFB7ED5-9F6A-4CD4-9ACC-EC6DBBAE8A6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe
FirewallRules: [{76427E99-8ADD-4DAA-81C4-417B7B8D5803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WayOut\WayOut.exe
FirewallRules: [{621937BD-D981-4C95-80FF-96A1D859EFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe
FirewallRules: [{49D86B97-9DDB-474C-BDF6-46AAA7A22AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monsti\PTPlayer.exe
FirewallRules: [{CB826F54-CF36-47CF-9771-5468BD358D77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{43B14C39-2595-47AD-A846-7C4639322005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BFE472BA-4B51-4E1B-B9F2-B5E45EC83B62}] => (Allow) C:\Users\User\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{88EDA688-0FB6-4A62-9531-D90EB7EC8304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{56238A4E-6EC3-4A06-864D-8D4CCE1A8D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4045F01-3122-4AD9-89C0-8EC145FB05B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B817A402-3E58-4F00-A835-D22606A17D37}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{662193E9-A68A-4D55-9307-3C996B63617D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F4E404A0-EDC9-4DDD-BF47-7EBD0D1BF49C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C2438BBE-39A7-4563-BFA8-E2A7C232EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC29D20A-6294-4468-9F60-9D63F50FAAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A8C0776-7287-4D0A-8B3D-4E374F50C99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70B16ACD-0BDA-4D0A-92E7-4F844B81CEAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7AAD675-94C9-402E-A31E-F4F8C3DB6AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7DCC45EF-FD28-4192-9DB1-4120267D3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F24F3A0-91C3-47D8-A09D-B90624B51889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D29D4F65-F763-44CA-B4A0-7951FB1AC9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F7B7C1E-9B81-4B26-9222-6308D447D482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F2AA15F-AC41-41D4-B26C-4BE7879BF73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B94FEEFC-8B36-4D6F-AEA2-B79160809F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFA76159-E71D-4B66-B531-528E772AABB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{294C5491-44EF-4C32-833F-7A47B92D3E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0049852-166A-430B-ABDC-E31AFEE48208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1633295D-608E-4823-B8C9-F3F64304DF2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88EB08EA-20FE-40A8-B4DA-5478DE1C6070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D820E99A-5447-4D30-968F-564DC7788283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6868A4E1-9064-48FD-AFD5-18A89C12D027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{88CBAD27-EEF2-412D-B520-45BCBE9D5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB9D0FCD-6EF0-41B1-A98E-B8BF9DE8DB55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B335EB47-7C62-4F86-81EB-21EB578CD69A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F83D012-4B18-494C-B2DB-50F9B236F603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89BF9A08-A450-452E-BFC1-E47CABA9C2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22B41573-BC17-4BED-92B5-03B166A8FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2DC8C65-2FEC-48BF-8EDC-F7610D09E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6098D482-AA02-4D27-8FCA-8E53529DE329}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44835A16-B98F-4E9C-B20C-D55D7FDDC723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CC61F07D-9938-4F86-8ECA-F52EBB314826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{761EB03A-7B83-4798-B117-270023D645FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E084600A-41D5-45C3-BA83-184C1DFD8244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC7664F2-15A6-4A5E-BA30-FD0101986538}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B38C225E-2605-4465-BE47-9581E1B3FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CA93BEE-A804-4351-A83A-380CC15BEC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DBF2A0C7-4384-46D0-8A46-6EA75B99C6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0DFB5ACB-2F92-4B26-8A00-27BC796CC478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{026A940B-BB99-43FE-8F1F-F47903A19317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{432B677C-3DEE-4839-83B8-CBAC272C2A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe
FirewallRules: [{94F1BDAC-7A35-44D0-AE9B-06E15F391CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fiends of Imprisonment\FOI.exe
FirewallRules: [{3540031F-3367-4235-80B0-93077A812E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{4C645D74-AA82-466E-8520-320BFBACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{DBAE94C8-EE3F-4DDA-AC0F-C6935A69383C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe
FirewallRules: [{143EDC98-D87C-428B-AB79-47A302A09757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Absconding Zatwor\Absconding Zatwor.exe
FirewallRules: [TCP Query User{FDE537CA-E52A-4D25-9F6B-FD6EC755942D}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{039A8AAB-ABDC-4800-9763-7F90019E56D7}D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe] => (Block) D:\james\steam\steamapps\common\24 hours\engine\binaries\win64\ue4game.exe
FirewallRules: [{92D2975F-0BB2-4FE1-A936-629F32C7AED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DACFF985-FF59-4A3E-BF2B-780C9D6A6055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E75A87A-5A4E-4ED8-A03A-6B54CC46A85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5D1A7149-2EF4-4685-9815-677DAD18901B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8312F4C7-5536-4089-BD16-91DEF34305D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B3D074A5-F6D4-4935-96B9-F689C845C60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA7BB3DA-A40E-4456-9516-C89FCD92E199}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0262FA2-2B8A-4222-BF9B-257FA27BA6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6989BDFA-687B-48EA-AA8A-A5200A2B353A}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe
FirewallRules: [{083C1360-085E-4525-817F-F90C2C557CC1}] => (Allow) D:\James\Steam\steamapps\common\Winexy\Winexy.exe
FirewallRules: [{C6CA2DD7-326B-49DE-B6AC-3D87DF664902}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe
FirewallRules: [{DBFBDD33-482A-491F-9188-19DEF84EA576}] => (Allow) D:\James\Steam\steamapps\common\Streamline\hns\Binaries\Win64\Streamline.exe
FirewallRules: [{E6557E5E-B934-420A-B65D-9934B5ADA2C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89579B47-3D96-45FD-AB2D-17494569E478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7ED65494-7B82-44B0-B3E6-E6EF4734579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF4B0940-FD83-41E2-9BAE-7F11AFC61529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3631F91-5BEC-4F92-8EBB-5F2547A82356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{038EE9D5-17A0-4150-ACF2-428EAAC45D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07A81033-B7A7-4C54-8D9D-5C02EB2155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68FCFBAA-6ABC-4857-A106-AACCD03632D0}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{CB83078D-B89E-492D-8324-57F82B85F7B3}] => (Allow) D:\James\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{A9EEBBF2-08B1-4E34-A9B7-92A11616D326}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{8696CAE3-BC47-48D9-B41F-575582000442}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{C85A76F9-3277-471A-A52B-AC30A11E2683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF172423-3DB3-4FAF-84A1-53D28E503B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23ACCB44-F3FF-4692-BAD4-74C883712C44}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{46D86578-0ADF-4724-9522-89069D5A4D16}] => (Allow) D:\James\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{9A1727CD-78DD-4CE3-89C6-712472CF6F96}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{3CCFD425-FF43-44F6-A851-E06AE52C09F7}] => (Allow) D:\James\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{6C96897F-08C9-4621-B756-D5F539FD5E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D34C83E2-7DFE-43D5-8623-2FC92E639A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{109F9CB0-6C76-4035-8711-5953365A529B}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{759715BE-4C86-4840-9835-AA7B293C3665}] => (Allow) D:\James\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{F518E36F-8DC9-42F3-B4EA-4C3922756AA3}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{A996469D-C3DE-4BD2-BEBE-74AC2CCD95B7}] => (Allow) D:\James\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{5EB33C3D-10D8-41BE-A53A-346FB28A9CD1}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{D9903764-0E03-46DE-9E39-7A5F808FFF0D}] => (Allow) D:\James\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{953B1213-B3E1-4A8B-92F0-410BDE9C56E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C1F8611-EF12-4C66-8FEE-65E178BCC9A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F8589C90-AA03-4ECC-8144-1E37D929ECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{328AFA16-6784-4DB7-BD14-0ED2D494AA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FA06BD2-3501-4D2A-8E5B-7310232281AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1FD13A20-E497-4505-874F-C3DCB875719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC754828-832E-4D2A-8223-3E0A14610618}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe
FirewallRules: [{CBBE9FC0-9003-4178-943F-55402DA95729}] => (Allow) D:\James\Steam\steamapps\common\Last Survivor\Last Survivor.exe
FirewallRules: [{1E822975-9E3F-452F-B8FB-FA16C2791B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B523FF8-97D2-4CD6-A396-63DD3CDBD61A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{37FD9A7A-F289-4422-BA50-2D3A92734E92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{988DD954-4688-4884-8756-34976ECB62A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9466775-1D83-414D-87A6-935D51DA4FBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{43B8C807-32FC-4FA9-8C6A-E51035CFC2BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

==================== Restore Points =========================

19-02-2017 14:53:59 Windows Update
23-02-2017 11:15:00 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2017 09:34:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:32:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:30:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:29:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:28:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:26:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:24:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:22:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:21:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/25/2017 09:20:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1796) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 12025856 (0x0000000000b78000) (database page 2935 (0xB77)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [01a4f8e7ac269e2e] and the computed checksum was [00000b77549d4e54].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (02/25/2017 05:40:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EF75065)
Description: The server {CACE29C3-10A7-4B66-A8CA-82C1ECEC1FA3} did not register with DCOM within the required timeout.

Error: (02/25/2017 02:39:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2017 09:01:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital).

Error: (02/25/2017 08:16:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/24/2017 11:09:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EF75065)
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.

Error: (02/24/2017 11:09:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/24/2017 09:33:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/24/2017 09:28:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800705b3: Fujitsu Technology Solutions - Monitor - Fujitsu B24W-7 LED (Digital).

Error: (02/24/2017 07:37:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/23/2017 11:10:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-02-25 20:41:28.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-25 20:41:24.839
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-24 11:25:00.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-24 11:22:40.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-23 20:01:25.573
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-23 20:00:08.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-22 22:47:09.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-22 22:47:02.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-21 07:53:18.205
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-20 20:00:46.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 78%
Total physical RAM: 8127.55 MB
Available physical RAM: 1758.34 MB
Total Virtual: 18367.55 MB
Available Virtual: 4980.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.65 GB) (Free:31.51 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:61.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4B4E1C60)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites