Harmazi Posted August 15, 2017 Author ID:1153493 Share Posted August 15, 2017 Yes, it's quarantining now. I wasn't sure if that was the only log I could get so I figured I'd go with it. I can send you the log after if there is one for me to. Link to post Share on other sites More sharing options...
Aura Posted August 15, 2017 ID:1153494 Share Posted August 15, 2017 There should be one. Once it's done quarantining, if you do the same steps that you did to get the log you sent me, it should be the quarantine log you get this time. Link to post Share on other sites More sharing options...
Harmazi Posted August 15, 2017 Author ID:1153495 Share Posted August 15, 2017 Alrighty, I'll send it as soon as it's done. It's a little under half way done as of now. Link to post Share on other sites More sharing options...
Harmazi Posted August 15, 2017 Author ID:1153497 Share Posted August 15, 2017 log2.txt Link to post Share on other sites More sharing options...
Aura Posted August 15, 2017 ID:1153601 Share Posted August 15, 2017 Awesome Now, let's run a sweep with AdwCleaner and JRT. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Junkware Removal Tool (JRT) Download Junkware Removal Tool (JRT) and move it to your Desktop Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Press on any key to launch the scan and let it completeCredits : BleepingComputer.com Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log Copy/pasted JRT log Link to post Share on other sites More sharing options...
Harmazi Posted August 15, 2017 Author ID:1153824 Share Posted August 15, 2017 # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 21:48:56 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: SpyHunter 4 Service ***** [ Folders ] ***** Deleted: C:\Program Files\Enigma Software Group Deleted: C:\Users\RNOwe\AppData\Roaming\Enigma Software Group Deleted: C:\sh4ldr Deleted: C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter Deleted: C:\ProgramData\Audyssey Labs ***** [ Files ] ***** Deleted: C:\END Deleted: C:\Windows\SysNative\drivers\EsgScanner.sys Deleted: C:\Users\RNOwe\Desktop\SpyHunter.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Driver Booster Scheduler Deleted: SpyHunter4Startup ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SOFTWARE\Soci2Sear Browser Enhancer Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [7132 B] - [2017/8/15 21:48:9] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 10 Pro x64 Ran by RNOwe (Administrator) on Tue 08/15/2017 at 17:56:46.13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\ProgramData\mntemp (File) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\d447ab7d0fb975b032ce5d423855b98e (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (RNOwe) (Task) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/15/2017 at 18:02:47.93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Aura Posted August 15, 2017 ID:1153839 Share Posted August 15, 2017 Good Now we'll run a scan with FRST to see if there's anything left to remove. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds Click on the Scan button On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files Copy and paste the content of both FRST.txt and Addition.txt in your next reply Link to post Share on other sites More sharing options...
Harmazi Posted August 15, 2017 Author ID:1153846 Share Posted August 15, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01 Ran by RNOwe (administrator) on RICKYS-DESKTOP (15-08-2017 19:14:33) Running from C:\Users\Ricky\Desktop\FRST Loaded Profiles: RNOwe & Ricky (Available Profiles: RNOwe & Ricky) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Comodo) C:\Users\Ricky\Documents\Comodo Dragon\Comodo\Dragon\dragon_updater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe (Malwarebytes) C:\Users\Ricky\Documents\Anti-Malware\MBAMService.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Windows\System32\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Malwarebytes) C:\Users\Ricky\Documents\Anti-Malware\mbamtray.exe (Gaijin Entertainment) C:\Users\Ricky\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5750\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net.exe () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe (Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MouseDriver] => c:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-02-17] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Users\Ricky\Documents\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\USERS\RICKY\DOCUMENTS\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-07-14] (AimerSoft) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1974432 2016-08-08] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [6877072 2016-11-08] () HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [225816 2017-02-21] (BlueStack Systems, Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [uTorrent] => C:\Users\Ricky\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe [2146496 2017-07-31] (BitTorrent Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-20] () HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [Discord] => C:\Users\Ricky\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [6877072 2016-11-08] () HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [MyComGames] => C:\Users\Ricky\AppData\Local\MyComGames\MyComGames.exe [5572304 2017-08-11] (MY.COM B.V.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [Gaijin.Net Agent] => C:\Users\Ricky\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2010056 2017-06-28] (Gaijin Entertainment) HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Run: [svcvmx] => "C:\Users\Ricky\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-01-01] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Tenda Wireless Utility.lnk [2015-10-15] ShortcutTarget: Tenda Wireless Utility.lnk -> C:\Program Files (x86)\Tenda\Common\RaUI.exe () Startup: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-14] () Startup: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-05-06] ShortcutTarget: Twitch.lnk -> C:\Users\RNOwe\AppData\Roaming\Curse Client\Bin\Twitch.exe (No File) Startup: C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-10-29] ShortcutTarget: Curse.lnk -> C:\Users\Ricky\AppData\Roaming\Curse Client\Bin\Curse.exe (Twitch Interactive, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{79c83538-9892-4c46-9698-1fac0cb27002}: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{ee75ae4a-11d9-4dde-8b10-58c507b7fd62}: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{f71949d0-ec85-40d2-8ebf-5cff71dbd6e9}: [DhcpNameServer] 192.168.10.1 ManualProxies: Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2190132408-2257626196-1181361939-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-24] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-24] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-19] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-19] (Oracle Corporation) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1447711760225 Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation) Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File FireFox: ======== FF ProfilePath: C:\Users\RNOwe\AppData\Roaming\Mozilla\Firefox\Profiles\E6LWdtcx.default [2017-08-14] FF Extension: (Avira Browser Safety) - C:\Users\RNOwe\AppData\Roaming\Mozilla\Firefox\Profiles\E6LWdtcx.default\Extensions\abs@avira.com [2015-10-14] [not signed] FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi\ [] FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-07-30] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-14] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-14] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1001: @nsroblox.roblox.com/launcher -> C:\Users\RNOwe\AppData\Local\Roblox\Versions\version-da823d17eb7346c9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\RNOwe\AppData\Local\Roblox\Versions\version-da823d17eb7346c9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1003: @my.com/Games -> C:\Users\Ricky\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-20] (MY.COM B.V.) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-2190132408-2257626196-1181361939-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default [2017-08-15] CHR Extension: (Google Slides) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-16] CHR Extension: (Google Docs) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-16] CHR Extension: (Google Drive) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16] CHR Extension: (YouTube) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16] CHR Extension: (Honey) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-14] CHR Extension: (Google Search) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16] CHR Extension: (Google Sheets) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-16] CHR Extension: (Avira Browser Safety) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08] CHR Extension: (Google Docs Offline) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21] CHR Extension: (Gmail) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-16] CHR Extension: (Chrome Media Router) - C:\Users\RNOwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) PCW (Start=4 -> Start=0) <==== restored successfully S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-03-15] () S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-21] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-21] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-21] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation) R2 DragonUpdater; C:\Users\Ricky\Documents\Comodo Dragon\Comodo\Dragon\dragon_updater.exe [2060848 2016-02-05] (Comodo) S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-20] (EasyAntiCheat Ltd) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.) S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed] S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [722216 2017-07-20] (Reto-Moto ApS) S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.) R2 MBAMService; C:\Users\Ricky\Documents\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [456640 2016-10-25] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [456640 2016-10-25] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-10-25] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project) S3 Origin Client Service; C:\Users\Ricky\Documents\Origin\OriginClientService.exe [2169696 2017-07-21] (Electronic Arts) S2 Origin Web Helper Service; C:\Users\Ricky\Documents\Origin\OriginWebHelperService.exe [3149664 2017-07-21] (Electronic Arts) R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-09-04] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-09-04] () R2 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [185632 2009-12-10] (Ralink Technology, Corp.) R2 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [212256 2009-12-10] (Ralink Technology, Corp.) S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-10-28] (Razer Inc.) S4 SAudionicSV; C:\WINDOWS\SysWOW64\sysaudionicsvc.exe [1816576 2015-04-07] () [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889888 2017-08-01] (Microsoft Corporation) S4 SysEventSVC; C:\WINDOWS\SysWOW64\syseventfiltersvc.exe [2012672 2015-04-07] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S2 WeiseTunnel; C:\Windows\sysconmon\WeiseTunnel.exe [4775424 2015-03-15] (InfoWeise) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X] S2 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-16] (Rivet Networks, LLC.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-21] (BlueStack Systems) R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-21] (Bluestack System Inc. ) R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [543184 2017-02-17] (Intel Corporation) R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-08-14] () R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-02-17] (REALiX(tm)) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-02] (Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-02] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-02] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-15] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-02] (Malwarebytes) R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.) R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-05-16] (CACE Technologies, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-10-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-10-25] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-03-16] (NVIDIA Corporation) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-12-04] (Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-15 18:02 - 2017-08-15 18:02 - 000001167 _____ C:\Users\RNOwe\Desktop\JRT.txt 2017-08-15 17:49 - 2017-08-15 17:56 - 001790024 _____ (Malwarebytes) C:\Users\Ricky\Desktop\JRT.exe 2017-08-15 17:46 - 2017-08-15 17:55 - 000000000 ____D C:\AdwCleaner 2017-08-15 17:45 - 2017-08-15 17:45 - 008185288 _____ (Malwarebytes) C:\Users\Ricky\Desktop\AdwCleaner.exe 2017-08-15 09:07 - 2017-08-15 09:07 - 000407277 _____ C:\Users\RNOwe\Desktop\VT_ResidentialPropaneSupplyAgreementFILLABLE1.pdf 2017-08-15 07:06 - 2017-08-15 07:06 - 000002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2017-08-15 07:06 - 2017-08-15 07:06 - 000002249 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2017-08-15 07:02 - 2017-08-15 07:02 - 000000000 ____D C:\Users\RNOwe\AppData\Local\ASHelper 2017-08-14 22:38 - 2017-08-14 22:38 - 000000000 _____ C:\autoexec.bat 2017-08-14 20:04 - 2017-08-15 19:06 - 000000000 ____D C:\Users\Ricky\Desktop\FRST 2017-08-14 20:03 - 2017-08-15 19:14 - 000000000 ____D C:\FRST 2017-08-14 15:36 - 2017-08-15 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-08-14 15:36 - 2017-08-14 19:31 - 000194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\757D2D9F.sys 2017-08-14 15:22 - 2017-08-14 19:34 - 000000000 ____D C:\Users\Ricky\Desktop\mbar 2017-08-14 14:34 - 2017-08-14 14:34 - 000000000 ____D C:\Users\Ricky\AppData\Local\ASHelper 2017-08-14 14:01 - 2017-08-14 14:01 - 000007299 _____ C:\WINDOWS\CleanMem Uninstall Log.txt 2017-08-14 12:04 - 2017-08-14 12:04 - 000011439 _____ C:\Users\RNOwe\Desktop\CalendarLabs.pdf 2017-08-13 09:49 - 2017-08-15 17:50 - 027262976 _____ C:\WINDOWS\system32\config\SYSTEM 2017-08-13 09:49 - 2017-08-14 20:28 - 026738688 _____ C:\WINDOWS\system32\config\HARDWARE 2017-08-10 20:09 - 2017-08-12 19:38 - 002030536 _____ (Bleeping Computer, LLC) C:\Users\Ricky\Desktop\rkill.exe 2017-08-10 16:01 - 2017-08-01 13:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2017-08-10 16:01 - 2017-08-01 13:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-08-10 16:01 - 2017-08-01 13:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-08-10 16:01 - 2017-08-01 13:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2017-08-10 16:01 - 2017-08-01 12:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll 2017-08-10 16:01 - 2017-08-01 12:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll 2017-08-10 16:01 - 2017-08-01 12:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2017-08-10 16:01 - 2017-08-01 12:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-08-10 16:01 - 2017-08-01 12:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-08-10 16:01 - 2017-08-01 12:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll 2017-08-10 16:01 - 2017-08-01 12:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-08-10 16:01 - 2017-08-01 12:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-08-10 16:01 - 2017-08-01 12:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-08-10 16:01 - 2017-08-01 12:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-08-10 16:01 - 2017-08-01 12:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-08-10 16:01 - 2017-08-01 12:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2017-08-10 16:01 - 2017-08-01 12:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2017-08-10 16:01 - 2017-08-01 12:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2017-08-10 16:01 - 2017-08-01 12:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2017-08-10 16:01 - 2017-08-01 12:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2017-08-10 16:01 - 2017-07-12 01:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2017-08-10 16:01 - 2017-07-12 01:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-08-10 16:01 - 2017-07-12 01:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2017-08-10 16:01 - 2017-07-12 01:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-08-10 16:01 - 2017-03-04 02:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2017-08-10 16:00 - 2017-08-01 15:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-08-10 16:00 - 2017-08-01 15:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2017-08-10 16:00 - 2017-08-01 15:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-08-10 16:00 - 2017-08-01 15:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-08-10 16:00 - 2017-08-01 15:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-08-10 16:00 - 2017-08-01 15:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-08-10 16:00 - 2017-08-01 15:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-08-10 16:00 - 2017-08-01 15:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-08-10 16:00 - 2017-08-01 15:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-08-10 16:00 - 2017-08-01 15:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-08-10 16:00 - 2017-08-01 14:58 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-08-10 16:00 - 2017-08-01 14:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-08-10 16:00 - 2017-08-01 14:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-08-10 16:00 - 2017-08-01 14:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-08-10 16:00 - 2017-08-01 14:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll 2017-08-10 16:00 - 2017-08-01 14:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll 2017-08-10 16:00 - 2017-08-01 14:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-08-10 16:00 - 2017-08-01 14:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-08-10 16:00 - 2017-08-01 14:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-08-10 16:00 - 2017-08-01 14:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-08-10 16:00 - 2017-08-01 14:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-08-10 16:00 - 2017-08-01 14:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll 2017-08-10 16:00 - 2017-08-01 14:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-08-10 16:00 - 2017-08-01 14:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2017-08-10 16:00 - 2017-08-01 14:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2017-08-10 16:00 - 2017-08-01 14:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-08-10 16:00 - 2017-08-01 14:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-08-10 16:00 - 2017-08-01 14:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-08-10 16:00 - 2017-08-01 14:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2017-08-10 16:00 - 2017-08-01 14:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-08-10 16:00 - 2017-08-01 14:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-08-10 16:00 - 2017-08-01 14:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2017-08-10 16:00 - 2017-08-01 14:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-08-10 16:00 - 2017-08-01 14:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2017-08-10 16:00 - 2017-08-01 13:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-08-10 16:00 - 2017-08-01 13:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-08-10 16:00 - 2017-08-01 13:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2017-08-10 16:00 - 2017-08-01 13:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-08-10 16:00 - 2017-08-01 13:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-08-10 16:00 - 2017-08-01 13:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-08-10 16:00 - 2017-08-01 13:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-08-10 16:00 - 2017-08-01 13:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-08-10 16:00 - 2017-08-01 13:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-08-10 16:00 - 2017-08-01 13:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-08-10 16:00 - 2017-08-01 13:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-08-10 16:00 - 2017-08-01 13:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-08-10 16:00 - 2017-08-01 13:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-08-10 16:00 - 2017-08-01 13:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-08-10 16:00 - 2017-08-01 13:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-08-10 16:00 - 2017-08-01 12:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll 2017-08-10 16:00 - 2017-08-01 12:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-08-10 16:00 - 2017-08-01 12:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll 2017-08-10 16:00 - 2017-08-01 12:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2017-08-10 16:00 - 2017-08-01 12:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2017-08-10 16:00 - 2017-08-01 12:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-08-10 16:00 - 2017-08-01 12:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-08-10 16:00 - 2017-08-01 12:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-08-10 16:00 - 2017-08-01 12:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-08-10 16:00 - 2017-08-01 12:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2017-08-10 16:00 - 2017-08-01 12:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2017-08-10 16:00 - 2017-08-01 12:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll 2017-08-10 16:00 - 2017-08-01 12:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2017-08-10 16:00 - 2017-08-01 12:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-08-10 16:00 - 2017-08-01 12:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-08-10 16:00 - 2017-08-01 12:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2017-08-10 16:00 - 2017-08-01 12:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll 2017-08-10 16:00 - 2017-08-01 12:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2017-08-10 16:00 - 2017-08-01 12:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-08-10 16:00 - 2017-08-01 12:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2017-08-10 16:00 - 2017-08-01 12:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-08-10 16:00 - 2017-08-01 12:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2017-08-10 16:00 - 2017-08-01 12:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll 2017-08-10 16:00 - 2017-08-01 12:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-08-10 16:00 - 2017-08-01 12:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2017-08-10 16:00 - 2017-08-01 12:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-08-10 16:00 - 2017-08-01 12:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-08-10 16:00 - 2017-08-01 12:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-08-10 16:00 - 2017-08-01 12:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-08-10 16:00 - 2017-08-01 12:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-08-10 16:00 - 2017-08-01 10:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll 2017-08-10 16:00 - 2017-07-12 02:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-08-10 16:00 - 2017-07-12 02:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-08-10 16:00 - 2017-07-12 02:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-08-10 16:00 - 2017-07-12 02:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-08-10 16:00 - 2017-07-12 02:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-08-10 16:00 - 2017-07-12 02:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-08-10 16:00 - 2017-07-12 02:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-08-10 16:00 - 2017-07-12 02:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2017-08-10 16:00 - 2017-07-12 01:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-08-10 16:00 - 2017-07-12 01:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2017-08-10 16:00 - 2017-07-12 01:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-08-10 16:00 - 2017-07-12 01:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2017-08-10 16:00 - 2017-07-12 01:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-08-10 16:00 - 2017-07-12 01:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll 2017-08-10 16:00 - 2017-07-12 01:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2017-08-10 16:00 - 2017-07-12 01:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll 2017-08-10 16:00 - 2017-07-12 01:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2017-08-10 16:00 - 2017-07-12 01:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll 2017-08-10 16:00 - 2017-07-12 01:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll 2017-08-10 16:00 - 2017-07-12 01:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll 2017-08-10 16:00 - 2017-07-12 01:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys 2017-08-10 16:00 - 2017-07-12 01:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-08-10 16:00 - 2017-07-12 01:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-08-10 16:00 - 2017-07-12 01:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-08-10 16:00 - 2017-07-12 01:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-08-10 16:00 - 2017-07-12 01:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-08-10 16:00 - 2017-07-12 01:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-08-10 16:00 - 2017-07-12 01:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-08-10 16:00 - 2017-07-12 01:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-08-10 16:00 - 2017-07-12 01:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-08-10 16:00 - 2017-07-12 01:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll 2017-08-10 16:00 - 2017-07-12 01:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2017-08-10 16:00 - 2017-07-12 01:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe 2017-08-10 16:00 - 2017-07-12 01:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-08-10 16:00 - 2017-07-12 01:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-08-10 16:00 - 2017-07-12 01:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe 2017-08-10 16:00 - 2017-07-12 01:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2017-08-10 16:00 - 2017-07-12 01:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-08-10 16:00 - 2017-07-12 01:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-08-10 16:00 - 2017-07-12 01:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-08-10 16:00 - 2017-07-12 01:03 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-08-10 16:00 - 2017-07-12 01:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2017-08-10 16:00 - 2017-07-12 01:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2017-08-10 16:00 - 2017-07-12 00:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-08-10 16:00 - 2017-07-12 00:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-08-10 16:00 - 2017-07-11 22:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-08-10 16:00 - 2016-09-07 01:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-08-10 15:59 - 2017-08-01 15:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-08-10 15:59 - 2017-08-01 15:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-08-10 15:59 - 2017-08-01 15:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-08-10 15:59 - 2017-08-01 15:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2017-08-10 15:59 - 2017-08-01 15:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-08-10 15:59 - 2017-08-01 15:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-08-10 15:59 - 2017-08-01 15:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2017-08-10 15:59 - 2017-08-01 15:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2017-08-10 15:59 - 2017-08-01 15:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-08-10 15:59 - 2017-08-01 15:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-08-10 15:59 - 2017-08-01 15:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-08-10 15:59 - 2017-08-01 15:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-08-10 15:59 - 2017-08-01 15:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-08-10 15:59 - 2017-08-01 15:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-08-10 15:59 - 2017-08-01 14:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-08-10 15:59 - 2017-08-01 14:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-08-10 15:59 - 2017-08-01 14:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-08-10 15:59 - 2017-08-01 14:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-08-10 15:59 - 2017-08-01 14:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-08-10 15:59 - 2017-08-01 14:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll 2017-08-10 15:59 - 2017-08-01 14:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2017-08-10 15:59 - 2017-08-01 14:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll 2017-08-10 15:59 - 2017-08-01 14:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-08-10 15:59 - 2017-08-01 14:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-08-10 15:59 - 2017-08-01 14:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-08-10 15:59 - 2017-08-01 14:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-08-10 15:59 - 2017-08-01 14:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-08-10 15:59 - 2017-08-01 14:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-08-10 15:59 - 2017-08-01 14:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll 2017-08-10 15:59 - 2017-08-01 14:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-08-10 15:59 - 2017-08-01 14:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-08-10 15:59 - 2017-08-01 14:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-08-10 15:59 - 2017-08-01 14:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-08-10 15:59 - 2017-08-01 14:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-08-10 15:59 - 2017-08-01 14:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-08-10 15:59 - 2017-08-01 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2017-08-10 15:59 - 2017-08-01 14:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2017-08-10 15:59 - 2017-08-01 14:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-08-10 15:59 - 2017-08-01 14:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-08-10 15:59 - 2017-08-01 14:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2017-08-10 15:59 - 2017-08-01 14:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2017-08-10 15:59 - 2017-08-01 14:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-08-10 15:59 - 2017-08-01 14:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2017-08-10 15:59 - 2017-08-01 14:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-08-10 15:59 - 2017-08-01 14:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll 2017-08-10 15:59 - 2017-08-01 14:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-08-10 15:59 - 2017-08-01 14:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2017-08-10 15:59 - 2017-08-01 14:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2017-08-10 15:59 - 2017-08-01 14:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-08-10 15:59 - 2017-08-01 14:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2017-08-10 15:59 - 2017-08-01 14:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-08-10 15:59 - 2017-08-01 14:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-08-10 15:59 - 2017-08-01 14:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-08-10 15:59 - 2017-08-01 14:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-08-10 15:59 - 2017-08-01 14:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2017-08-10 15:59 - 2017-08-01 14:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2017-08-10 15:59 - 2017-08-01 14:26 - 001949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll 2017-08-10 15:59 - 2017-08-01 14:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-08-10 15:59 - 2017-08-01 14:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll 2017-08-10 15:59 - 2017-08-01 14:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-08-10 15:59 - 2017-08-01 14:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-08-10 15:59 - 2017-08-01 14:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2017-08-10 15:59 - 2017-08-01 14:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-08-10 15:59 - 2017-08-01 14:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2017-08-10 15:59 - 2017-08-01 12:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-08-10 15:59 - 2017-08-01 12:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-08-10 15:59 - 2017-08-01 12:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-08-10 15:59 - 2017-08-01 12:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-08-10 15:59 - 2017-08-01 12:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-08-10 15:59 - 2017-08-01 12:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-08-10 15:59 - 2017-08-01 12:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-08-10 15:59 - 2017-07-12 02:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-08-10 15:59 - 2017-07-12 02:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-08-10 15:59 - 2017-07-12 02:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-08-10 15:59 - 2017-07-12 02:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-08-10 15:59 - 2017-07-12 02:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-08-10 15:59 - 2017-07-12 02:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2017-08-10 15:59 - 2017-07-12 02:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-08-10 15:59 - 2017-07-12 02:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys 2017-08-10 15:59 - 2017-07-12 01:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-08-10 15:59 - 2017-07-12 01:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-08-10 15:59 - 2017-07-12 01:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-08-10 15:59 - 2017-07-12 01:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2017-08-10 15:59 - 2017-07-12 01:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll 2017-08-10 15:59 - 2017-07-12 01:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2017-08-10 15:59 - 2017-07-12 01:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll 2017-08-10 15:59 - 2017-07-12 01:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll 2017-08-10 15:59 - 2017-07-12 01:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2017-08-10 15:59 - 2017-07-12 01:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-08-10 15:59 - 2017-07-12 01:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll 2017-08-10 15:59 - 2017-07-12 01:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll 2017-08-10 15:59 - 2017-07-12 01:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2017-08-10 15:59 - 2017-07-12 01:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2017-08-10 15:59 - 2017-07-12 01:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-08-10 15:59 - 2017-07-12 01:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-08-10 15:59 - 2017-07-12 01:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-08-10 15:59 - 2017-07-12 01:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-08-10 15:59 - 2017-07-12 01:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-08-10 15:59 - 2017-07-12 01:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2017-08-10 15:59 - 2017-07-12 01:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-08-10 15:59 - 2017-07-12 01:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-08-10 15:59 - 2017-07-12 01:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-08-10 15:59 - 2017-07-12 01:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-08-10 15:59 - 2017-07-12 01:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-08-10 15:59 - 2017-07-12 00:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-08-10 15:59 - 2017-07-12 00:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-08-10 15:59 - 2017-07-12 00:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-08-10 15:59 - 2017-07-12 00:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-08-10 15:59 - 2017-07-12 00:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-08-10 15:59 - 2017-03-04 02:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2017-08-10 15:59 - 2017-03-04 02:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll 2017-08-10 15:59 - 2017-03-04 02:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2017-08-10 15:59 - 2017-03-04 02:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-08-10 15:59 - 2017-03-04 02:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2017-08-10 15:59 - 2016-08-02 04:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-08-10 15:58 - 2017-08-01 15:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2017-08-10 15:58 - 2017-08-01 15:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-08-10 15:58 - 2017-08-01 15:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-08-10 15:58 - 2017-08-01 15:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-08-10 15:58 - 2017-08-01 15:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-08-10 15:58 - 2017-08-01 15:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-08-10 15:58 - 2017-08-01 15:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2017-08-10 15:58 - 2017-08-01 14:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll 2017-08-10 15:58 - 2017-08-01 14:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2017-08-10 15:58 - 2017-08-01 14:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-08-10 15:58 - 2017-08-01 14:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-08-10 15:58 - 2017-08-01 14:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-08-10 15:58 - 2017-08-01 14:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-08-10 15:58 - 2017-08-01 14:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2017-08-10 15:58 - 2017-08-01 14:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-08-10 15:58 - 2017-08-01 14:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-08-10 15:58 - 2017-08-01 14:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-08-10 15:58 - 2017-08-01 14:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll 2017-08-10 15:58 - 2017-08-01 14:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2017-08-10 15:58 - 2017-08-01 14:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2017-08-10 15:58 - 2017-08-01 14:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll 2017-08-10 15:58 - 2017-08-01 14:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-08-10 15:58 - 2017-07-12 02:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll 2017-08-10 15:58 - 2017-07-12 01:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-08-10 15:58 - 2017-07-12 01:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll 2017-08-10 15:58 - 2017-07-12 01:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-08-10 15:58 - 2017-07-12 01:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-08-10 15:58 - 2017-07-12 01:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-08-10 15:58 - 2017-07-12 01:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2017-08-10 15:58 - 2017-07-12 01:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-08-10 15:58 - 2017-07-12 01:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-08-10 15:58 - 2017-07-12 01:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll 2017-08-10 15:58 - 2017-07-12 01:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2017-08-10 15:58 - 2017-07-12 01:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe 2017-08-10 15:58 - 2017-07-12 01:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe 2017-08-10 15:58 - 2017-07-12 01:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-08-10 15:58 - 2017-07-12 00:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-08-10 06:54 - 2017-08-10 06:57 - 000172474 _____ C:\Users\RNOwe\Desktop\Amazon1.pdf 2017-08-10 06:23 - 2017-08-10 06:23 - 000062991 _____ C:\Users\RNOwe\Desktop\blueflame.pdf 2017-08-05 22:29 - 2017-08-14 22:33 - 000003312 _____ C:\Users\RNOwe\Desktop\Rkill.txt 2017-08-05 22:21 - 2017-08-05 22:21 - 001806879 _____ C:\Users\RNOwe\Documents\AvgInstallLog.cab 2017-08-05 22:17 - 2017-08-05 22:17 - 000000000 ____D C:\Users\Ricky\AppData\Local\Avg 2017-08-05 22:13 - 2017-08-05 22:40 - 000000000 ____D C:\ProgramData\Avg 2017-08-05 22:13 - 2017-08-05 22:39 - 000000000 ____D C:\Users\RNOwe\AppData\Local\AvgSetupLog 2017-08-05 22:13 - 2017-08-05 22:13 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Avg 2017-08-05 20:34 - 2017-08-05 20:34 - 000000000 ____D C:\ProgramData\AVAST Software 2017-08-05 20:06 - 2017-08-05 20:06 - 001192400 _____ C:\WINDOWS\isRS-000.tmp 2017-08-05 20:03 - 2017-08-05 20:06 - 065033984 _____ (Malwarebytes ) C:\Users\Ricky\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-05 19:58 - 2017-08-05 19:58 - 000001507 _____ C:\Users\Ricky\Desktop\HWiNFO32.lnk 2017-08-05 18:28 - 2017-08-05 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 2017-08-05 18:28 - 2017-08-05 18:28 - 000000000 ____D C:\Program Files (x86)\HWiNFO32 2017-08-05 18:23 - 2017-08-05 18:23 - 000000000 ____D C:\ProgramData\Intel 2017-08-05 18:00 - 2017-08-05 18:00 - 000002685 _____ C:\Users\Public\Desktop\Intel(R) Extreme Tuning Utility.lnk 2017-08-05 18:00 - 2017-08-05 18:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel 2017-08-05 18:00 - 2017-08-05 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2017-08-05 18:00 - 2017-08-05 18:00 - 000000000 ____D C:\Program Files (x86)\Intel 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2017-08-05 17:59 - 2017-08-05 17:59 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2017-08-02 23:22 - 2017-08-02 23:22 - 000000222 _____ C:\Users\Ricky\Desktop\Call of Duty Black Ops II - Zombies.url 2017-08-02 17:14 - 2017-08-11 22:15 - 000000222 _____ C:\Users\Ricky\Desktop\Call of Duty Black Ops II - Multiplayer.url 2017-08-02 14:31 - 2017-08-02 14:31 - 000000000 ____D C:\Users\Ricky\AppData\Local\iTunes 2017-08-02 13:51 - 2017-08-02 13:51 - 000002020 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-08-02 13:51 - 2017-08-02 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-08-02 13:50 - 2017-08-02 13:51 - 000000000 ____D C:\Users\Ricky\Documents\iTunes 2017-08-02 13:50 - 2017-08-02 13:50 - 000000000 ____D C:\Program Files\iPod 2017-08-02 13:47 - 2017-08-02 13:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-08-02 13:47 - 2017-08-02 13:47 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2017-08-02 12:17 - 2017-08-02 12:17 - 000000222 _____ C:\Users\Ricky\Desktop\Call of Duty Black Ops II.url 2017-08-01 17:33 - 2017-08-01 17:33 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\EasyAntiCheat 2017-07-31 23:37 - 2017-07-31 23:58 - 064619276 _____ C:\Users\Ricky\Desktop\541541-BO2-U3.rar 2017-07-31 17:34 - 2017-07-31 17:34 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\KeepVid 2017-07-30 22:29 - 2017-08-01 23:59 - 000000000 ____D C:\ProgramData\xml_param 2017-07-30 22:25 - 2017-07-30 22:25 - 000000000 ____D C:\Users\RNOwe\AppData\Roaming\KeepVid 2017-07-30 22:25 - 2017-07-30 22:25 - 000000000 ____D C:\Users\Ricky\AppData\Local\Aimersoft 2017-07-30 22:25 - 2017-07-30 22:25 - 000000000 ____D C:\ProgramData\Aimersoft 2017-07-30 22:23 - 2017-07-30 22:23 - 000001390 _____ C:\Users\Public\Desktop\KeepVid Pro.lnk 2017-07-30 22:23 - 2017-07-30 22:23 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Aimersoft 2017-07-30 22:23 - 2017-07-30 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid 2017-07-30 22:22 - 2017-08-02 14:32 - 000000000 ____D C:\ProgramData\KeepVid Pro 2017-07-30 22:22 - 2017-07-30 22:22 - 000000000 ____D C:\ProgramData\KeepVid Application Common Data 2017-07-30 22:22 - 2017-07-30 22:22 - 000000000 ____D C:\ProgramData\KeepVid 2017-07-30 22:22 - 2017-07-30 22:22 - 000000000 ____D C:\Program Files (x86)\KeepVid 2017-07-30 22:09 - 2017-07-30 22:24 - 036409223 _____ C:\Users\Ricky\Desktop\KeepVID PRO v4.10.1.7z 2017-07-29 08:00 - 2017-07-29 08:00 - 000051625 _____ C:\WINDOWS\uninstaller.dat 2017-07-26 12:48 - 2017-07-26 12:48 - 000000000 ____D C:\Users\RNOwe\AppData\LocalLow\uTorrent 2017-07-26 12:31 - 2017-07-26 12:31 - 000064038 _____ C:\Users\RNOwe\Desktop\daycare contract.pdf 2017-07-20 06:48 - 2017-07-25 07:27 - 000000000 ____D C:\Users\RNOwe\Desktop\Ricky camp 2017-07-20 06:43 - 2017-07-20 06:43 - 000000000 ____D C:\Users\RNOwe\AppData\Local\UNP 2017-07-19 07:34 - 2017-07-19 07:59 - 000000000 ____D C:\Users\RNOwe\Desktop\mad libs 2017-07-19 07:31 - 2017-07-19 07:31 - 000001414 _____ C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-15 19:08 - 2016-01-12 08:10 - 000000000 ____D C:\Users\Ricky\AppData\Local\Battle.net 2017-08-15 18:56 - 2016-01-12 08:08 - 000000000 ____D C:\Program Files (x86)\Battle.net 2017-08-15 18:00 - 2017-02-19 22:59 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-15 17:58 - 2015-10-14 23:24 - 004255708 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-15 17:55 - 2017-02-20 18:58 - 000000000 ____D C:\Users\Ricky\AppData\Local\MyComGames 2017-08-15 17:55 - 2016-02-11 21:39 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Curse Client 2017-08-15 17:52 - 2017-01-02 21:03 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-08-15 17:52 - 2016-11-13 16:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-08-15 17:51 - 2016-08-07 16:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-08-15 17:50 - 2016-07-16 02:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-08-15 17:10 - 2015-10-15 15:50 - 000000000 ____D C:\Program Files (x86)\Steam 2017-08-15 17:05 - 2016-11-26 16:24 - 000000000 ____D C:\Users\Ricky\AppData\LocalLow\Mozilla 2017-08-15 16:21 - 2016-08-07 15:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-08-15 13:04 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-08-15 11:48 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-15 11:46 - 2016-03-13 08:15 - 000000000 ____D C:\Users\Ricky\AppData\Local\CrashDumps 2017-08-15 09:07 - 2016-08-02 16:44 - 000000000 ____D C:\Users\RNOwe\Desktop\Nonni's Songs 2017-08-15 09:04 - 2016-08-17 08:17 - 000000000 ____D C:\Users\RNOwe\Desktop\daycare 2017-08-15 07:06 - 2016-11-08 21:05 - 000000000 ____D C:\Program Files (x86)\Google 2017-08-15 06:59 - 2016-08-07 15:59 - 000000000 ____D C:\Users\RNOwe 2017-08-15 06:59 - 2016-08-07 15:59 - 000000000 ____D C:\Users\Ricky 2017-08-14 21:12 - 2017-01-02 21:03 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-08-14 21:12 - 2017-01-02 21:03 - 000000000 ____D C:\Users\Ricky\Documents\Anti-Malware 2017-08-14 18:29 - 2016-01-12 16:46 - 000000000 ____D C:\Program Files (x86)\World of Warcraft 2017-08-14 18:19 - 2017-06-02 22:09 - 000000222 _____ C:\Users\Ricky\Desktop\Rust.url 2017-08-14 13:44 - 2016-03-19 03:20 - 000000000 ____D C:\Users\RNOwe\AppData\Local\CrashDumps 2017-08-14 13:31 - 2015-11-17 21:07 - 000000000 ____D C:\Users\Ricky\AppData\Local\Adobe 2017-08-14 13:30 - 2017-02-17 20:12 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-08-14 13:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-08-14 13:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-08-14 13:27 - 2015-11-18 14:32 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Adobe 2017-08-14 12:43 - 2015-10-14 23:34 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-14 03:35 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF 2017-08-13 17:38 - 2016-08-07 15:52 - 000412760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-08-13 17:36 - 2016-07-16 10:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Provisioning 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\bcastdvr 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Common Files\System 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-08-13 17:36 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-08-13 10:55 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-08-13 09:52 - 2015-10-17 21:23 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-08-12 20:20 - 2016-03-19 22:12 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\discord 2017-08-12 07:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-08-10 09:59 - 2016-08-09 12:01 - 000000000 ____D C:\Program Files (x86)\Hearthstone 2017-08-10 06:13 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2017-08-09 19:23 - 2015-10-15 15:47 - 000002473 _____ C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-08 22:46 - 2015-10-15 00:23 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-08-08 22:33 - 2015-10-15 00:23 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-08-06 07:40 - 2015-10-15 19:36 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Skype 2017-08-05 20:06 - 2017-01-02 21:03 - 000002122 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-05 20:06 - 2017-01-02 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-05 17:58 - 2015-10-14 23:42 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-03 10:07 - 2016-07-16 07:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-08-03 10:05 - 2016-03-22 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-08-02 22:51 - 2017-03-20 06:42 - 000000000 ____D C:\Users\RNOwe\.MemuHyperv 2017-08-02 22:49 - 2017-03-22 17:44 - 000000000 ____D C:\Users\RNOwe\Downloads\MEmu Download 2017-08-02 13:50 - 2016-08-01 20:55 - 000000000 ____D C:\Program Files\Common Files\Apple 2017-08-02 13:47 - 2016-08-01 20:57 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-08-01 17:46 - 2015-10-16 15:47 - 000797224 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2017-08-01 17:37 - 2015-10-17 07:44 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\uTorrent 2017-08-01 16:24 - 2015-10-15 20:24 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-08-01 13:10 - 2016-08-11 12:40 - 000000000 ____D C:\Users\Ricky\AppData\Local\Discord 2017-07-31 12:51 - 2015-10-15 15:43 - 000000000 ____D C:\Users\Ricky\AppData\Local\Packages 2017-07-31 11:14 - 2017-02-18 04:19 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-07-31 11:14 - 2017-02-18 04:19 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-07-28 23:39 - 2016-12-09 07:14 - 000000000 ____D C:\Users\Ricky\Documents\DayZ 2017-07-28 23:38 - 2016-12-09 07:14 - 000000000 ____D C:\Users\Ricky\AppData\Local\DayZ 2017-07-26 23:56 - 2015-10-26 07:03 - 000000000 ____D C:\Users\RNOwe\AppData\Roaming\uTorrent 2017-07-24 17:56 - 2015-11-24 16:35 - 000000000 ____D C:\Users\Ricky\AppData\Local\ArmA 2 OA 2017-07-24 10:20 - 2016-03-26 05:11 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2017-07-24 10:20 - 2016-03-26 05:11 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2017-07-24 10:13 - 2016-03-25 09:06 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Origin 2017-07-24 10:09 - 2016-03-24 19:34 - 000000000 ____D C:\ProgramData\Origin 2017-07-24 10:02 - 2017-06-04 00:21 - 000000000 ____D C:\Users\Ricky\Desktop\Wow music 2017-07-21 21:24 - 2016-03-25 09:00 - 000000000 ____D C:\Users\Ricky\Documents\Origin 2017-07-20 22:05 - 2017-03-20 06:43 - 000000000 ____D C:\Users\RNOwe\AppData\Roaming\NVIDIA 2017-07-20 13:09 - 2016-09-09 06:25 - 000000000 ____D C:\Users\Ricky\AppData\Local\Arma 3 Launcher 2017-07-20 07:06 - 2015-10-14 23:34 - 000000000 ____D C:\Users\RNOwe\AppData\Local\Packages 2017-07-17 17:32 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache 2017-07-17 16:29 - 2016-11-25 20:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-07-17 16:29 - 2016-09-09 14:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2016-09-12 15:21 - 2016-09-12 15:21 - 305520897 _____ () C:\Users\RNOwe\AppData\Local\ACCCx3_8_0_310.zip.aamdownload 2016-09-12 15:21 - 2016-09-12 15:21 - 000003413 _____ () C:\Users\RNOwe\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd 2016-01-01 02:45 - 2016-01-01 02:45 - 000000000 _____ () C:\Users\RNOwe\AppData\Local\Driver_LOM_8161Present.flag 2016-08-12 04:18 - 2017-03-05 07:13 - 000007600 _____ () C:\Users\RNOwe\AppData\Local\Resmon.ResmonCfg 2017-02-18 04:19 - 2017-02-18 04:19 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2017-01-02 20:44 - 2017-02-16 22:42 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2017-01-02 20:44 - 2017-02-16 17:27 - 000000515 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Some files in TEMP: ==================== 2016-12-04 18:26 - 2016-12-04 18:42 - 000000068 _____ () C:\Users\RNOwe\AppData\Local\Temp\ade310c59b2001f825baf3fb617e4f7b.dll 2016-09-12 15:21 - 2015-03-05 09:54 - 002212008 _____ (Adobe Systems Incorporated) C:\Users\RNOwe\AppData\Local\Temp\AdobeApplicationManager.exe 2016-08-08 11:29 - 2016-08-08 11:29 - 000000000 ____D () C:\Users\RNOwe\AppData\Local\Temp\avgnt.exe 2016-12-04 18:26 - 2016-12-04 18:26 - 000000512 _____ () C:\Users\RNOwe\AppData\Local\Temp\f9a1b5d54284183a1d5112742cb85097.dll 2017-07-31 23:20 - 2017-07-31 23:20 - 000745507 _____ (MP3 Players) C:\Users\RNOwe\AppData\Local\Temp\fox.exe 2017-07-11 18:22 - 2017-02-10 10:54 - 000037376 _____ (Microsoft) C:\Users\RNOwe\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe 2017-07-11 18:22 - 2017-02-10 10:54 - 000020480 _____ (Microsoft) C:\Users\RNOwe\AppData\Local\Temp\HiRezLauncherControls.dll 2017-07-31 23:33 - 2017-07-31 23:33 - 000102400 _____ (ancient JK) C:\Users\RNOwe\AppData\Local\Temp\max.exe 2017-02-21 03:29 - 2016-12-29 08:43 - 000747464 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\nvSCPAPI.dll 2017-02-21 03:29 - 2016-12-29 08:43 - 000860776 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\nvSCPAPI64.dll 2017-04-06 11:52 - 2016-12-29 08:43 - 000351680 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\nvStInst.exe 2016-09-09 21:32 - 2016-11-17 09:45 - 001135552 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\NvTelemetry.dll 2016-09-09 21:32 - 2016-11-17 09:45 - 000217024 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\NvTelemetryAPI32.dll 2016-09-09 21:32 - 2016-11-17 09:45 - 000268736 _____ (NVIDIA Corporation) C:\Users\RNOwe\AppData\Local\Temp\NvTelemetryAPI64.dll 2017-03-20 06:43 - 2017-08-02 22:51 - 000492544 _____ () C:\Users\RNOwe\AppData\Local\Temp\s3.exe 2017-07-31 23:20 - 2017-07-31 23:20 - 004185841 _____ () C:\Users\RNOwe\AppData\Local\Temp\SetupInstallStart.exe 2016-08-02 22:12 - 2016-08-02 22:12 - 000000000 ____D () C:\Users\Temp\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-27 17:31 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01 Ran by RNOwe (15-08-2017 19:15:13) Running from C:\Users\Ricky\Desktop\FRST Windows 10 Pro Version 1607 (X64) (2016-08-07 20:34:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2190132408-2257626196-1181361939-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2190132408-2257626196-1181361939-503 - Limited - Disabled) Guest (S-1-5-21-2190132408-2257626196-1181361939-501 - Limited - Disabled) mrsam (S-1-5-21-2190132408-2257626196-1181361939-1004 - Limited - Enabled) natey (S-1-5-21-2190132408-2257626196-1181361939-1008 - Limited - Disabled) Ricky (S-1-5-21-2190132408-2257626196-1181361939-1003 - Limited - Enabled) => C:\Users\Ricky RNOwe (S-1-5-21-2190132408-2257626196-1181361939-1001 - Administrator - Enabled) => C:\Users\RNOwe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) 7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.92 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) ASTRO Command Center (HKLM-x32\...\{691A89DA-3E44-4F88-9637-4D7B17CC7181}) (Version: 1.0.76 - Astro Gaming) AutoHotkey 1.1.24.03 (HKLM\...\AutoHotkey) (Version: 1.1.24.03 - Lexikos) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle Islands: Commanders (HKLM\...\Steam App 445720) (Version: - DR Studios) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts) Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.62791 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) BF3 Settings Editor (HKLM\...\{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}) (Version: 2.3 - Realmware) Blackwake (HKLM\...\Steam App 420290) (Version: - Mastfire Studios Pty Ltd) Blender (HKLM\...\{2BBF253B-4DC9-49DA-AE78-5991452AC317}) (Version: 2.78.2 - Blender Foundation) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.100.6363 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games) Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version: - Treyarch) Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version: - Treyarch) Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version: - Treyarch) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Chromium (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\Chromium) (Version: 51.0.2683.0 - Chromium) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 45.9.12.393 - Comodo) Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.) Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Dirty Bomb (HKLM\...\Steam App 333930) (Version: - Splash Damage®) Discord (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit) Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley) Epic Games Launcher (HKLM-x32\...\{56C7F9B4-77A1-48C3-AE0A-E402992F1F9B}) (Version: 1.1.94.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EVE Online (HKLM\...\Steam App 8500) (Version: - CCP) Farming Simulator 17 (HKLM\...\Steam App 447020) (Version: - Giants Software) FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse) Fishing Planet (HKLM\...\Steam App 380600) (Version: - Fishing Planet LLC) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) Fraps (HKLM-x32\...\Fraps) (Version: - ) Genital Jousting (HKLM\...\Steam App 469820) (Version: - Free Lives) Google Chrome (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Google Chrome) (Version: 61.0.3163.39 - Google Inc.) Google Earth Pro (HKLM-x32\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden GRID 2 (HKLM\...\Steam App 44350) (Version: - Codemasters Racing) Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios) Hotspot Shield 4.18.3 (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\HotspotShield) (Version: 4.18.3 - AnchorFree Inc.) HWiNFO32 Version 5.22 (HKLM-x32\...\HWiNFO32_is1) (Version: 5.22 - Martin Malík - REALiX) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) InstallShieldHiRezCurrent (HKLM-x32\...\{9433FC1C-7405-433C-A26D-81076293BBCE}) (Version: 3.0.0.0 - Hi-Rez Studios) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel Extreme Tuning Utility (HKLM-x32\...\{2b6ed4de-d92a-4e61-aa4f-5196a0ecee21}) (Version: 6.3.0.56 - Intel Corporation) Intel Extreme Tuning Utility (HKLM-x32\...\{AD9EAA1C-2EF5-4243-ACE5-7AB77047291D}) (Version: 6.3.0.56 - Intel Corporation) Hidden iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) KeepVid Pro(Build 4.10.1.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 4.10.1.0 - KeepVid Studio) Killer Bandwidth Control Filter Driver (HKLM\...\{24BA7D32-B740-47A3-BE0E-2F4863A05D13}) (Version: 1.1.56.1120 - Rivet Networks) Hidden Killer E220x Drivers (HKLM\...\{921ABFC0-9681-487D-9379-89C1712EFEBF}) (Version: 1.1.56.1120 - Rivet Networks) Hidden Killer Network Manager (HKLM\...\{E21E50A4-4A55-4A7E-B1AA-16F8F9E255C8}) (Version: 1.1.56.1120 - Rivet Networks) Hidden Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation) Line of Sight (HKLM\...\Steam App 436520) (Version: - BlackSpot Entertainment) LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.) Mad Max (HKLM\...\Steam App 234140) (Version: - Avalanche Studios) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts) MEmu (HKLM-x32\...\MEmu) (Version: 2.9.6.1 - Microvirt) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mitos.is: The Game (HKLM\...\Steam App 389570) (Version: - Freakinware Studios) Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) My.com Game Center (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\MyComGames) (Version: 3.195 - My.com B.V.) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation) NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation) NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - ) Orcs Must Die! 2 (HKLM\...\Steam App 201790) (Version: - Robot Entertainment) Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version: - Robot Entertainment) Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.) Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Planetary Annihilation (HKLM\...\Steam App 233250) (Version: - Uber Entertainment) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.2-r111395-release - Plays.tv, LLC) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) ROBLOX Player for Ricky (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for RNOwe (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio for Ricky (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0330 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Spintires (HKLM\...\Steam App 263280) (Version: - Oovee® Game Studios) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Tenda Wireless LAN Card (HKLM-x32\...\{C26CF23B-8EAC-401C-96F8-1064EC7CE039}) (Version: 1.5.6.0 - Tenda) Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic) theHunter (HKLM\...\Steam App 253710) (Version: - Expansive Worlds) Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc) Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal) Transcripted (HKLM\...\Steam App 215450) (Version: - Alkemi) Trimmer Tycoon (HKLM\...\Steam App 505750) (Version: - Improx Games) Unity (HKLM-x32\...\Unity) (Version: 5.5.2f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Smartly Dressed Games) Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Warface (HKLM-x32\...\Steam App 291480) (Version: - Crytek) Warface My.Com (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Warface My.Com) (Version: 1.27 - My.com B.V.) Warframe TennoGen (HKLM\...\Steam App 396050) (Version: - ) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) World of Tanks (HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Worm.is: The Game (HKLM\...\Steam App 466910) (Version: - Freakinware Studios) ZookaWare (HKLM-x32\...\ZookaWare) (Version: 5.0.1 - ZookaWare) Аrdamаx Kеylogger 4.4.2 (HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\Аrdamаx Kеylogger 4.4.2) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\RNOwe\AppData\Local\Roblox\Versions\version-da823d17eb7346c9\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{cd518d10-13b7-487e-b121-e772c4aeada3}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2190132408-2257626196-1181361939-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ricky\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-01] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] () ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-02-27] (Power Software Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Ricky\Documents\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-01] (Igor Pavlov) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-02-27] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-03-16] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-01] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Ricky\Documents\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-02-27] (Power Software Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E84F185-5BA7-4C63-ABB9-B795ADDB55D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {0F298098-657E-4943-99E3-A5C50C4B7972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009Core => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.) <==== ATTENTION Task: {1A5DD9C5-F5A9-443E-91C2-25DD2BFA1318} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-03] (Microsoft Corporation) Task: {1F306747-FD55-445D-A736-2FDFFB76AB48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.) Task: {23FC0D6D-4B41-4FC7-8EEB-5A3CF855291A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation) Task: {2F137121-08AE-41F6-BA4F-8B2E892F5168} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {36ED4651-8B99-49AB-8348-DDA83008159C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {390113BA-0C5E-453E-812B-51F46552A43C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] () Task: {45F654AE-5823-41D8-BC24-A8A60676A61A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation) Task: {507A6059-487B-43D4-ACB0-84B9FD79B708} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation) Task: {652EF281-F0A4-4EF1-9528-16BDE6415A0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009UA => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-02] (Google Inc.) <==== ATTENTION Task: {6B5798D1-1532-4342-AC68-506A1CFDA2DF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-03] (Microsoft Corporation) Task: {6F61B115-0EF7-46E8-B337-4262B877A9A2} - System32\Tasks\Zookaware Scheduled Update Check => C:\Program Files (x86)\ZookaWare\ZookaWare.exe [2017-03-05] (ZookaWare) Task: {775A8DC6-C222-4416-A995-9FCBBF29622A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003UA1d257eac5ebce53 => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {804CF9AB-72A7-434D-8FCC-3EB063C3CE6C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation) Task: {9C50F60E-60A7-4889-BE08-4B5EA849D719} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation) Task: {ABFD2B65-2DA8-465C-B75A-ED20D620BD3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.) Task: {BE2CBEC8-DC29-4806-AEE7-2CD180C9705D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {C0C62CA9-07B5-46C9-8166-3ACBAFFFDF8D} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] () Task: {C818E9FC-2FE7-4924-BD04-D392E332A4B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-03] (Microsoft Corporation) Task: {CAE370AB-797F-4163-8B90-6C4ACF4BB76D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003UA => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {D0ED94BF-FA07-40B9-AD16-9340585F9438} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation) Task: {DB9DD61F-72C9-40FE-8B5B-7FB35DF1436C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {E0D786EF-B7B2-4B34-B18E-D9AE26AA73F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003Core => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {E3665C04-382E-4BF7-B184-EB24E38BC5AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation) Task: {E3FACFDA-D6E7-4EF8-BDD9-2903BE144AD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003Core1d257eac59727ba => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-15] (Google Inc.) Task: {F8084281-26F1-4F9D-AD62-1EFD309C4788} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) Task: {F8C6A7C7-8A74-46D1-B606-DDFC0297C1C8} - System32\Tasks\ZookaWare registration reminder => C:\Program Files (x86)\ZookaWare\ZookawareUpdater.exe [2017-03-05] () Task: {F9BE8308-5E55-4C78-9E81-19956EDCB9D9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation) Task: {FF4ADCA3-D486-4406-BD67-8F3C8D9A1143} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003Core.job => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1003UA.job => C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009Core.job => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2190132408-2257626196-1181361939-1009UA.job => C:\Users\Temp\AppData\Local\Google\Update\GoogleUpdate.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\RNOwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Аrdаmаx Keylogger 4.4.2\Аrdаmаx Keylogger 4.4.2.lnk -> C:\Users\RNOwe\Documents\CCP\CCP.exe (No File) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-12 11:59 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-03-26 07:36 - 2016-09-04 23:02 - 000076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2016-08-07 20:13 - 2016-08-07 20:13 - 000959168 _____ () C:\Users\Ricky\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-07-05 06:43 - 2017-01-29 09:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2015-04-15 16:13 - 2015-04-15 16:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-03-14 21:42 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 21:42 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 21:42 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-08-10 15:59 - 2017-03-04 02:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-08-10 15:59 - 2017-08-01 14:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-08-10 15:59 - 2017-08-01 14:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-07-17 17:04 - 2017-07-17 17:06 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-07-17 17:04 - 2017-07-17 17:06 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-07-17 17:04 - 2017-07-17 17:06 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-07-17 17:04 - 2017-07-17 17:06 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll 2017-02-19 23:31 - 2016-10-25 16:19 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-02-19 23:31 - 2016-10-25 16:19 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2017-02-19 23:32 - 2016-10-25 16:19 - 000418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2016-09-15 16:21 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 21:41 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-08-09 19:23 - 2017-08-09 01:48 - 004022616 _____ () C:\Users\Ricky\AppData\Local\Google\Chrome\Application\61.0.3163.39\libglesv2.dll 2017-08-09 19:23 - 2017-08-09 01:48 - 000100184 _____ () C:\Users\Ricky\AppData\Local\Google\Chrome\Application\61.0.3163.39\libegl.dll 2017-07-21 19:54 - 2017-07-21 19:54 - 001528296 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe 2015-11-24 16:48 - 2015-11-24 16:48 - 000028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-24 16:46 - 2015-11-24 16:46 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-24 16:48 - 2015-11-24 16:48 - 000041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-24 16:48 - 2015-11-24 16:48 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-24 16:46 - 2015-11-24 16:46 - 000354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-24 16:48 - 2015-11-24 16:48 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 001980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-07 16:57 - 2015-12-07 16:57 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 001862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 000516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-24 16:47 - 2015-11-24 16:47 - 004060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-24 16:43 - 2015-11-24 16:43 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2017-02-19 23:31 - 2016-10-25 16:19 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-07-21 19:55 - 2017-07-21 19:56 - 055782888 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\libcef.dll 2017-07-21 19:56 - 2017-07-21 19:56 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\ortp.dll 2017-07-21 19:56 - 2017-07-21 19:56 - 000133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\libEGL.dll 2017-07-21 19:56 - 2017-07-21 19:56 - 003384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9093\libGLESv2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Ricky:Heroes & Generals [38] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\sharepoint.com -> hxxps://livevsc-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-09-18 12:50 - 2017-08-14 13:45 - 000000838 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RNOwe\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ricky\Desktop\wallpaper.jpg DNS Servers: 192.168.10.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: d447ab7d0fb975b032ce5d423855b98e => 2 MSCONFIG\Services: Killer Service V2 => 2 MSCONFIG\Services: SysEventSVC => 2 HKLM\...\StartupApproved\StartupFolder: => "Tenda Wireless Utility.lnk" HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk" HKLM\...\StartupApproved\Run: => "MouseDriver" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "TCTray" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "avgnt" HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Gyazo" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "Razer Comms" HKU\S-1-5-21-2190132408-2257626196-1181361939-1001\...\StartupApproved\Run: => "NETGEARGenie" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "Gyazo" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "TSMApplication" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "CCP Start" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2190132408-2257626196-1181361939-1003\...\StartupApproved\Run: => "hsscp.EXE" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{4B419972-F12D-4F5F-BEE0-0E5E82CA5B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [{9F695E89-DA5D-4A93-8F51-4BFD29EE3C1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [UDP Query User{278EB8EC-2E76-4321-94B7-3B82C33DEA48}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{FFF5A6BB-29D0-474F-8FD4-11421C346DD4}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [{1072DCD5-45E1-40C0-B592-E3C0973DF070}] => (Allow) C:\Users\Ricky\Documents\iTunes\iTunes.exe FirewallRules: [{E6C0CD72-CEBC-45B2-8A24-DF102E1E5C12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1586B2F1-D3C7-428C-B276-207C90728CE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2EDE6151-13DA-409D-A9B6-BA02E2822820}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5CE289D3-92C2-4285-85D3-E6F779FB8BD7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BE57651E-D2C5-4300-AD92-AE4EE3AD19F8}] => (Allow) C:\Users\Ricky\Documents\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe FirewallRules: [{5E1F2BA5-9F6C-4B58-A57B-4BC0384616EA}] => (Allow) C:\Users\Ricky\Documents\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe FirewallRules: [UDP Query User{DF87889A-0B42-4800-AB7D-B9021C41E1BC}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe FirewallRules: [TCP Query User{43AC2DA1-06CB-4501-B26B-09EB6F94EF98}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.7_42330.exe FirewallRules: [UDP Query User{D24A005E-744E-49A0-99D8-A89DE5FF8399}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [TCP Query User{7BC1C8B0-5B8C-495A-9E66-488B515F729D}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [UDP Query User{E65C11D2-2FEA-476D-A733-C76AB434D0D0}C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{50295637-82FF-4DED-BC2B-31100A547462}C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\internet explorer\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{EE2BBC5B-D61A-4024-9CC2-9EEC5B583DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe FirewallRules: [{4B22406E-3A9F-4E0A-8867-389962DC6A83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe FirewallRules: [{21860F47-9D92-4963-968D-48BE49C8FA17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{C651FE7B-308C-49E1-AA36-995F26B8D334}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{402D2688-4EF1-4E7C-AAE5-1151723F4BB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{FF5FAF32-EBE6-4ED0-8904-48878DB7B42C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{6FEA0810-3F62-4AF3-A3CD-2F1027F697EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{F3C3C217-627B-473C-BAA2-BDE6EF5F1754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{8828CC3E-615D-4D81-B7BF-853B99754F13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{9DC25832-F5D1-455B-958D-2EFF8DB25534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A4706896-9FD2-4B82-9D71-11B7B13159AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{191656F0-27D6-4CBF-96D4-B91A461EB2BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{C8002DA7-5248-4F08-B82A-ECF442468C55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{5338B817-2258-4A37-AED4-F43D7F53CE3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{A2EE1303-CF60-42A3-A413-9DCF9A3B4D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\NWZLauncher.exe FirewallRules: [{3B203766-8C28-4EE0-BC70-DB0E88A0AC12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\NWZLauncher.exe FirewallRules: [{85F1557D-167F-4CCE-97EA-B8154D2826B1}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{FD1C50F3-8F7E-476D-9F76-40771A6D33A1}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{2AA4B4B9-BCD7-4FB5-9B96-B4890B80FBAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe FirewallRules: [{A948DDDF-3D7A-4FDB-8B0C-B0D9F3A4383D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe FirewallRules: [{088B6A6A-078A-4308-A37B-A564148AFD95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\transcripted\Transcripted.exe FirewallRules: [{A7D622A5-297B-4C3D-9322-AFD7BB0429E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\transcripted\Transcripted.exe FirewallRules: [UDP Query User{17D773E1-C03D-42EB-9F12-7339CA16656E}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe FirewallRules: [TCP Query User{041CFE60-626A-4A61-810D-81B90C3324C9}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe FirewallRules: [UDP Query User{CD0A946D-FFC5-4FDA-A057-1ACDADF551C1}C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe FirewallRules: [TCP Query User{96F8ADA0-FB75-45F8-A654-757BD91ADC07}C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe] => (Block) C:\program files (x86)\steam\steamapps\common\aftermath\amlauncher.exe.new.exe FirewallRules: [{F67F9218-A98F-4CB6-86CD-2EAA0DF5AAE3}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{A9497FD1-7721-41CA-BCE1-2CCE56C05A6B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{DCDDAC5E-07D2-49DA-8630-AB67888650CB}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{2C85326B-E3AF-4321-968A-AF052F67BB1C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{F77B9CB5-3C61-4F83-9C85-D1C7F341E193}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{1A211706-EC4E-4C1A-86B8-CF0E8FB76C8F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [UDP Query User{05AF401E-E547-43DC-A159-A35311964757}C:\users\ricky\documents\world_of_tanks\worldoftanks.exe] => (Block) C:\users\ricky\documents\world_of_tanks\worldoftanks.exe FirewallRules: [TCP Query User{FEBA19C9-670F-4073-AC68-94AA1A638C0F}C:\users\ricky\documents\world_of_tanks\worldoftanks.exe] => (Block) C:\users\ricky\documents\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{FC5614DE-1F94-4EBF-9734-BFD5E51F7282}C:\users\ricky\documents\world_of_tanks\wotlauncher.exe] => (Block) C:\users\ricky\documents\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{ABAE1D11-3CEC-4525-84A9-20B19EAABF5B}C:\users\ricky\documents\world_of_tanks\wotlauncher.exe] => (Block) C:\users\ricky\documents\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{6AB3C81C-E9D8-4018-B056-E351E7237868}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [TCP Query User{551E1B94-F141-4619-B7B3-B599CDB05355}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [{9DA0435A-428D-4395-B6EE-A5FFEDBD61BE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{7DA74F98-63D2-4E4B-A82D-047EBB7B16F3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{E2FA142B-662E-4F2E-9019-4C0E701F0EEC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{A9BFB056-6B1B-4F7C-A97B-F58C18362FA9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{2D2C4887-5B66-44EC-8846-7FD801D5EBB4}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{80BF560D-E049-4501-8D08-0D6D4D7B4B28}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [UDP Query User{C07A418D-AFF1-4132-9845-D1DF38A98416}C:\users\ricky\documents\call of duty black ops 2\t6mp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6mp.exe FirewallRules: [TCP Query User{9E35817D-CEEE-4612-92FB-85DF522CCBDF}C:\users\ricky\documents\call of duty black ops 2\t6mp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6mp.exe FirewallRules: [UDP Query User{6A3DC30F-BDD1-4349-BB90-15C6DED7A81C}C:\users\ricky\documents\call of duty black ops 2\t6sp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6sp.exe FirewallRules: [TCP Query User{13FD4320-2346-4F20-9B6A-8447105AAA51}C:\users\ricky\documents\call of duty black ops 2\t6sp.exe] => (Block) C:\users\ricky\documents\call of duty black ops 2\t6sp.exe FirewallRules: [UDP Query User{4AB6FE87-A906-43B7-9A25-5F69BAD1D38E}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe FirewallRules: [TCP Query User{65CFD4AD-A237-450E-A7BC-E3A30A1EE699}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe FirewallRules: [UDP Query User{283B760E-C9A5-463F-B44A-307AC7777050}C:\program files (x86)\call of duty black ops 2\t6mp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6mp.exe FirewallRules: [TCP Query User{55965F1D-48B9-4429-8525-71485FD767F7}C:\program files (x86)\call of duty black ops 2\t6mp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6mp.exe FirewallRules: [{F50C635E-8DB3-4274-A88C-509FC94E51AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe FirewallRules: [{ACD7B3A1-CDD2-4A0F-8FB7-094394EA9767}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe FirewallRules: [{374F655E-8A50-4B2F-B592-B955D2B4C53B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{F794ABF8-0048-462A-AC59-DFE004E40F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{3741D57A-777B-4167-B881-EE9EF05D176F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe FirewallRules: [{879B879D-F048-43A9-A2D4-6087C6C4FE9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe FirewallRules: [{6018E65D-45D3-4B14-B3F7-E1DAF4ED03C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{310F5807-81A7-4C89-BB6A-6C61AFD71ADC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{10BC2B0B-F791-4F7A-9D05-BA14BDC68552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe FirewallRules: [{0A205701-F806-403F-8B39-0ED6C314BEFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe FirewallRules: [{5D955816-11F1-4625-BD1C-5E8519B1C1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{D436535B-BC94-4F39-91CD-61D5436075D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{0707370F-ACEE-4056-9A6E-D0F3814A4037}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe FirewallRules: [{A155A6F2-E751-4287-B6AA-13DF0F02CFE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe FirewallRules: [{55344891-96CD-4502-A115-B8FE215699F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe FirewallRules: [{2749E06B-3C2B-4256-A016-F4FAC7D4AD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe FirewallRules: [{E656AF8D-CACB-48B5-933F-963F75EE310C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [{91B3D9CB-5AA1-4A24-BC12-24A134AD9DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [UDP Query User{9587A206-06C2-4652-9680-062693CD67DA}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [TCP Query User{9DD76789-5349-40E9-9D35-EF63F94AB85C}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{D90E2E05-0B7A-47F1-A60A-97AFDA75B27D}C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{639B386B-4015-483B-BC97-46DD4B60B3C6}C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{85DBC87F-7CC0-4E89-B7B0-BF6F64EA6E6A}C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{85BCDE2B-DD00-4AE0-9516-B5EC684C0F8F}C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{89B478E8-9FF3-43BC-9C0C-87AE3EFD56EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{0ACD3AF5-D737-48F3-8EA6-F678483D9A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{92CC0B09-E453-474C-8D60-D5C385173363}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{8CD8A797-5216-4A6F-9142-CC251A211C18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{93D57CBA-3441-44C7-92B6-68339FBBDDF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{7224ACE9-5936-409F-8246-6BBF9F27BC0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{B9893510-BD90-431D-BBDD-D23561CCAB5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{15F67547-30DF-4715-8E28-92326190DEE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{101EB6B2-CB4C-4519-B536-0565A65EF8C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{048FED05-E9CC-4001-A3C0-1CC54F43BE23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A615F3BE-222B-4D80-9786-09BDC2F64CE9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3BED3AAE-5DD3-4B3C-8A0C-70BDED49E666}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2A077053-A1C3-4B27-BCB5-B863DE7DD0DC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{669876D6-DC2E-4675-93F7-538C59B328E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{0FD67088-C1E5-4FCC-AFF2-5FA3A877FC3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{B47C3DCA-6E0F-46DD-91F7-F2EF601855AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{17AC0DA6-3C07-42AB-9C99-DA4F585CEF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{AC70147D-07B4-4C81-8EC1-118792BE899A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{9C539E29-EE45-43EA-A923-B66BD11C2A81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{9417B853-6F80-4DDB-A776-C3FE1175AEAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{4FEE3453-7226-48DA-970E-FE9B36F1B9C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [TCP Query User{BE95F898-FB40-4289-B924-B59A529ECE5D}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{82DD18EE-5FD3-4388-8946-1DB867377907}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{E294AF0C-2BC2-413D-B9F1-FB303E435C65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{47703713-1778-4D49-88EF-E44FA6E5043A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{E77016E0-E87F-4014-BF05-90130CC15526}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{20DC8649-3148-41F7-97D0-5918D2BDF698}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FCBD983B-2FF7-439E-A2A7-3A63463E15EA}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E997B90A-9E79-42F1-99ED-C28B27DB1C95}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{93BB59AB-00FC-4662-89C1-2248ADC52221}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2B8F8E70-6AAB-4886-B767-791E08BFF859}] => (Allow) C:\Users\RNOwe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{37E8BC28-08D6-4983-B625-145B7E4CDF7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{3173BC4F-089D-4DA3-A30D-ACF682112AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [TCP Query User{93E6D3B1-289A-48B3-9179-E1C515A15F1E}C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{6051078A-4F9E-40FD-8C8E-53EB64D9D8EB}C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ricky\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{36087D6F-FDE7-4876-973A-68BD25D4C7F0}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B72CD667-AA80-419D-A1CB-D66EE232DF78}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8AAFC0CC-15A1-47A8-A9ED-778A9DA43ACB}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B5441746-2250-40FA-B81C-A858CDBB5DB9}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{910E8D96-5DDE-43B4-B28D-A081A4196DD2}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FD5854CF-851F-4321-A51F-270B3C2878D4}] => (Allow) C:\Users\Ricky\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D7E1A967-6C07-4D9C-A9CE-F0B826CD837D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe FirewallRules: [{B0D2EF3A-5563-492A-836E-57277E1B81F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe FirewallRules: [{71E0E33D-5DA5-4B2E-8794-51AC7C5AB853}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{FDEEC283-14F0-45AB-B6DC-081F1BA6A1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{26522798-9E64-42B0-A581-D71421B35F3A}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [{8AE1C3E8-49C0-4F3E-BA64-EED5BEDA84DC}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [TCP Query User{7A4A1F3D-ABEB-4188-A309-5C05934731CE}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [UDP Query User{45E7B6FA-7E27-42CC-9A29-549980AE4FBA}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [{0A6E1069-177D-4327-9CA2-593EAC4D1EC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe FirewallRules: [{99E9663E-7E97-4CC4-86A4-EB83382393AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe FirewallRules: [{4ACCD3FE-C7E1-46EC-975E-82C2D6C1EE0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{EB07303F-C074-4727-8066-CCF47B5E5307}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{6648C707-2FC6-4265-A6C1-57B29D499F53}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{9B77B8D5-65F6-421A-99A2-22F08605178B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{AB88B3A4-23D2-4A9A-90A8-AF744C4F5238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{11B7C296-9F7B-4B0C-862D-14FC1A87803F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [TCP Query User{B6A2527D-E685-4620-B6B8-0F4AE7F081F5}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{EE5547BE-4B57-47AB-A70B-847ED890AEEE}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{B2CBBC71-9901-4D36-8F78-FAE7C01FF037}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{548FC9FB-5037-4A2F-84FA-38988A278924}C:\users\ricky\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\ricky\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{3D836342-4D32-41F6-B30D-49D6ACFC7843}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{0EB75063-47E4-4043-A082-FCE3C56B23BE}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{EA0C3C6E-B8B5-4E72-9E5A-EE7093EEFC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe FirewallRules: [{09E3E236-78B8-4980-87B5-18499AF85252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe FirewallRules: [{460BB137-B7F7-4852-8902-4010760BFD4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe FirewallRules: [{0134E10E-A22D-41CD-9E6D-20E9963E80C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe FirewallRules: [{669ABE5B-A59D-4B7D-B93C-73929CB928F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{C79A6BEA-36E5-45EE-B433-D53C85DABB37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{4E75AA2C-0FD4-4B91-9080-97BCC8F790CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{90E6D8A3-63B8-4175-B1EF-81F862B4BDD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{7F6648E3-1C0B-434B-9BF5-45F075C11228}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{F413EEB9-FB8A-4E93-B242-09753698B603}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{9CA238FA-579C-4F21-987B-F620A1ED5478}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{39546C60-3C78-4097-8E7B-1C7557CFA1E8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{D6B0377A-CADB-47AF-BC42-3BFCC02D5BF3}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [{BB276DA7-DF8E-4D7C-AD18-4C8E3021EE56}] => (Allow) C:\Program Files (x86)\PlaysTV\playstv.exe FirewallRules: [TCP Query User{B1D7B726-5E74-4AC6-A8B9-BF57890023AB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{200D88AF-8CA8-4E30-828C-59797F0D8D01}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{7C659DA9-43A7-4B8D-9787-C4A9B2B72D10}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe FirewallRules: [UDP Query User{EE69F21E-BFBE-4C6C-B0FE-6EA32B1E25B6}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42449.exe FirewallRules: [{23C55921-0614-4EDA-866B-FBF7D97F2A30}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{C995ADCB-9C84-43AE-8BF3-044868AEF8BA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{4B4AE220-221E-4842-91B0-B32EFFC779E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{85DB76E3-6D48-4C83-821A-7C3781DC8E5B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F41C55ED-7C7E-47A0-AEBC-1CBDE91F8C7A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe FirewallRules: [{59C745CB-CC48-48A2-922C-07683E152426}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe FirewallRules: [{CF106E5F-469E-448D-B707-1D6B2317559A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\host.exe FirewallRules: [{21ED950B-F074-48B4-9434-E911EB25177C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AVA\host.exe FirewallRules: [TCP Query User{7F555961-28DF-4074-ACB4-473F5049BF21}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe FirewallRules: [UDP Query User{7B6A0B57-3B40-4522-AAB9-7A843902492F}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe FirewallRules: [{D323A57A-927A-483A-BA06-7D58A8B0AC80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{56A1A8FF-3FCE-4524-BF54-1F05EFD4A57F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{BDA82224-AC3F-4A47-B259-E8B3368D5BC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7E83903B-CD15-45BF-B505-D21107B3F2FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C263E5B4-7A87-4604-AEB1-CEB41CD75120}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [UDP Query User{64C5EDA0-BBD3-447E-B87A-398D96F7728B}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [{BA62C80D-5CDC-4358-8123-BBFE1454465C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{A72B78B4-82E5-4FC6-8910-2CEE6FA8464D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{D92557F4-2763-41D7-BD74-53F7FD90EA99}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [UDP Query User{6825D234-25AE-4711-9F3F-8C75DBC1AE38}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.8_42576.exe FirewallRules: [TCP Query User{2ACF454E-2C58-41B8-AC3F-367CE809D001}C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Block) C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe FirewallRules: [UDP Query User{BFBEB69E-0D41-4A71-9EDB-293F4547C9E6}C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe] => (Block) C:\users\ricky\appdata\roaming\hotspot shield\bin\cmw_srv.exe FirewallRules: [{10DC5C69-EC6B-4C68-8F0A-9514D3FCB383}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{70D63754-D6D6-436E-B842-3C34D9488E91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{BCE81F83-C941-4304-8B4C-A531D29D26B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{7DBF133D-7058-4FE9-884E-3BFE1F1825EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{816EAD20-ADB1-444B-9757-9F1EDE39E195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{1FF81B75-4155-4F8C-AA24-F38D9C71339A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{674E2BD3-9452-4D02-B4C9-33FD651780BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{9978CCCC-4857-4810-A982-BA16DCACBF69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{5E38CEEB-814D-468D-8C23-580721521D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{0A29B430-9C18-4314-A2D0-D9C415773CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{8DC4D34D-9B2C-4223-B501-876B9D7FB028}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe FirewallRules: [{934E9CD4-AA12-4D75-8042-B378B736A2FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{583E59CF-60C1-4573-9DCE-DEB0FF1E9957}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [TCP Query User{6CB4D09D-162A-4BCD-90EA-4EE82654973C}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{DF2C7AEE-C3C1-469C-B0F6-06E58A6D05AA}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [{7559ECA3-AFC4-4195-AA88-3C83E1466E77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E0C6BED7-A5C0-4C1E-8E92-4F1D636A74D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7BC0E86F-6B3D-4A65-ADF9-CAF3DF11A56E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5EBB9C53-1EEA-4BC1-B5A7-CBEEA3E51186}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E7A00AF0-CC41-452D-9897-3C6510D816BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trimmer Tycoon\trimmer.exe FirewallRules: [{DA6AF55E-BE6E-4037-80E0-5D8652765177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trimmer Tycoon\trimmer.exe FirewallRules: [{39490792-72BC-4270-A6FC-6E96732765C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commanders\Commanders.exe FirewallRules: [{D74C6E4E-5025-4538-930F-1C718E48C6D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commanders\Commanders.exe FirewallRules: [TCP Query User{E02AD135-EA46-4AA1-9BD2-83692E1F062B}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [UDP Query User{DCEDA09A-BDE7-48FE-9A41-B63375E3DB22}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [{5AEC32D0-560C-4BD4-8257-F8E183C5C5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [{F783E0CB-23AE-4940-AE6B-6DC82B1A196F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [TCP Query User{0BE3E017-3E3D-4355-9074-5D64DD7ECB54}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{EE696C5B-CA8E-4093-B495-8148A8CCC8D7}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [TCP Query User{C4E8A6BF-F1FF-4E28-8B19-0168774B6F65}C:\program files (x86)\razer\comms\razercomms.exe] => (Allow) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [UDP Query User{363A0237-9DF9-4510-88DA-938DB40EB0B7}C:\program files (x86)\razer\comms\razercomms.exe] => (Allow) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [{21490339-7A3F-4046-AF05-F3BCD4B4F78E}] => (Block) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [{611F0B44-F951-4840-A9AF-BC1ECF5A46F3}] => (Block) C:\program files (x86)\razer\comms\razercomms.exe FirewallRules: [TCP Query User{317D7753-F449-4D87-8541-A7293E2B3114}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{CCF255F5-CF63-4098-895D-F411A0858454}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{40EA046D-3A66-477F-9F01-426D2DA70158}] => (Block) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{D88FA454-1446-4B30-BF7C-DD56A970CB6B}] => (Block) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{48778793-D2AF-47C6-A043-102C79801E0D}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [UDP Query User{61C78D30-BCC2-4414-914B-A312244B1856}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [{C69C5F78-F732-4C94-999E-5062C1A73F6B}] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [{1CFDC9CB-1108-496E-B703-700AC15196F9}] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe FirewallRules: [{26E0B7D7-1D2A-44D8-B0B6-514ADB6C108A}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{EB72E1AA-C307-46C6-9F51-E71C8ECD44B1}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{5FDB5149-2B95-49E0-A4AB-555ADC6E6ABC}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{85A7B87A-78CF-4A72-A9A8-2C94AACF2A40}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E8F11F21-49D2-40E0-AADB-D6766FC6F1F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{B391396C-914F-43FD-96F7-B3E95420FF44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [TCP Query User{028CF6AB-51F4-4077-AB4B-71C8DDFAF6A9}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe FirewallRules: [UDP Query User{A332F8A1-7581-428B-9F75-DF39EA078F73}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Block) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_42973.exe FirewallRules: [{99F2FBBB-A729-4C24-A8F7-C1ECA70C618C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{69D326D2-67A4-46CC-8B86-886362EC6DDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [TCP Query User{71AFA64B-B1F9-4739-81F7-0099C899391A}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [UDP Query User{70601413-E581-4F38-8624-0FB275995BFB}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{72EC30C4-AA72-49FB-8095-5099FF9F7A42}] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{F494C3B2-2E32-4A9C-85C5-B0CB90103AA6}] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{AA6DF14F-CFE3-4799-B099-7B0DE5FE6716}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe FirewallRules: [{1123D7DD-8AFD-4CDE-B1BA-41B3C93AA805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe FirewallRules: [{FC2F2393-4D47-4F12-8AA3-9EFE2DD5EB96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{DAB530D0-67CE-49D4-A87B-1F1509AA2FA9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7D918126-81FF-4FA5-A927-C1FFE0CFDDCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{FC174515-643A-4FD8-920C-FDEDA933E37A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{78A3747A-F7A3-4207-8F17-E553DA11F368}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [{8494703F-08DE-4D5C-815C-3133F238C012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe FirewallRules: [{A0144564-2C72-4299-AA16-36617182A8D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe FirewallRules: [{00E1E152-5A8D-442A-9658-ADA11D542235}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worm.is The Game\Wormis.exe FirewallRules: [TCP Query User{CBF0BF59-EA23-42D4-80FC-BEF7EB8B0C95}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe FirewallRules: [UDP Query User{7BB1EEF5-1F44-4F5E-9950-54D796DE8C7A}C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\ricky\appdata\roaming\utorrent\updates\3.4.9_43295.exe FirewallRules: [{76DFF09B-F906-45D6-A687-A897E25C06E6}] => (Allow) C:\Users\RNOwe\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{680D2499-A966-4F68-9368-5E50388DD919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe FirewallRules: [{884C3C05-E889-4A1F-AE3A-55AB14E0618A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe FirewallRules: [{D43FB36F-AED1-400D-B322-CF110364FCA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{3F06DF06-4B0D-49E2-859A-9FF3266D76F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{453DB0F0-B696-4039-896F-33496C35425A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{DED03CBF-AEE5-4649-923A-A4B5BBA92D43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{42C350F8-BFC6-442A-AD72-0BF9D804951A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{02CEF2A8-27E5-4396-B3D1-196D699B2909}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{D1AB49EB-C5F2-448E-BE09-7D2BFAA38EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B1912D59-2A97-43EF-8B00-6F7C5AAEAB16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe FirewallRules: [{8C3C4F98-7887-4CA0-8D9F-17510CD1CE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe FirewallRules: [{095FB6C4-3633-4456-8258-B076EF2BB548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe FirewallRules: [{B890EFD1-9B8D-45D2-BB4A-A73994C15106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe FirewallRules: [{F6EFCA60-2E51-46B0-B968-885581F6FB13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe FirewallRules: [{15D40A83-B9E0-48A1-B680-A75D1C33B70B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe FirewallRules: [{A79CAA8E-6328-4902-AFAB-9605B9B3DE57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe FirewallRules: [{EB54D256-9EA3-4FCD-8F31-A487AAB897CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe FirewallRules: [{7CADC014-E0A2-4D4E-BA36-E71EBF439B81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe FirewallRules: [{A40EBC13-1184-4167-8B48-68A3A476EDEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe FirewallRules: [{3F826CED-5E0A-41EB-9462-A13EC19311F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{02F7C6BF-1351-428B-AF52-39064DD50453}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{BCD76230-E876-4C47-A817-CB4134FC5191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe FirewallRules: [{3FB12BB2-A9A5-4611-AAD5-2FDEE0EDBC5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe FirewallRules: [{73ED62E6-735B-4D20-B41E-8EE48A08F162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe FirewallRules: [{A7FC819B-ADD4-4E84-A1E7-135C3537D829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe FirewallRules: [{71865962-EAB1-425C-A387-CBD0D634BD24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe FirewallRules: [{C613DDD2-000B-4AB0-833C-ABAABEE5A790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe FirewallRules: [{BC410475-4BA9-46CF-BAF2-912D5D81A08B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe FirewallRules: [{702F3A43-E855-4AF9-8A0D-793183E9EB7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe FirewallRules: [{D5F50444-FA92-4833-BD1F-796D4B70F576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [{F98E1910-462E-4502-B5BF-28C3A6B80D27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe FirewallRules: [{E1343D41-4CFD-4BA0-AEED-AFDD1A82B34A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe FirewallRules: [{D263AF00-1894-4E54-A96B-9CAC0DAF7CFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GenitalJousting\GenitalJousting.exe FirewallRules: [{929489A2-DA99-457D-B0F7-EDAAF4C49385}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe FirewallRules: [{5112993E-74E9-49FB-9B42-DFAA7A0C89D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe FirewallRules: [{2BA5E15D-67EE-4904-B238-DDB1BB5B955B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe FirewallRules: [{96C43D6B-3213-4632-95E4-4BF96DE65123}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe FirewallRules: [{940B9E40-71EA-477C-80C6-5E40EC92340C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{B697D07E-8D30-47C0-A635-E2F8AABBDC49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{3148406E-D6DE-4C30-B249-682C48FF33F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{050AB918-C34A-42A3-B7FD-38B95FDEF619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{C774635F-7A1F-4F13-9D45-DE8520C63B4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe FirewallRules: [{932423DB-FA50-4F2D-A997-389B42671517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe FirewallRules: [{1B847D71-EE3E-4989-B6A1-9251AB425D02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2476FEEF-6C28-4B07-8740-E8A7F12AE898}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F6184C57-4F99-4EBF-8999-2F8623728FB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F0C72769-C32A-4495-87C1-A50C15D8C672}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C3B6D401-F39C-47A9-90EA-EF2ED7B85F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe FirewallRules: [{8018063F-1430-4799-8F8A-AAA57F5C9AC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe FirewallRules: [{D4EB31CA-B8BB-4A9D-981E-B78F441B33F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{489BA6CD-0A96-4973-9D31-AE2F3969B077}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{52B173FA-152A-4B40-89CD-0A8A4FBEF5C7}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{F1B2694A-621F-4E0A-8EFF-7F794878C201}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{A81990E9-5BDA-4D05-9339-4430ECE087D9}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{4D1F4BB7-92DC-441C-8104-4C938CC3686B}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{76611174-4B42-41A6-915E-9421116719FD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{C45803D7-3BF6-4C43-9217-5D1B16BE876B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{10131643-984B-4F3E-8443-7F55D7C18BBC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [{65DE73CF-E7A3-4E11-B2B2-139B90A9419A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [TCP Query User{B9B0225C-9916-4B11-9F8B-CDA33B7A4E86}C:\users\ricky\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\ricky\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{711B7845-301B-4216-BFAB-75248C2482BF}C:\users\ricky\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\ricky\appdata\local\mycomgames\mycomgames.exe ==================== Restore Points ========================= 08-08-2017 22:30:31 Windows Update 12-08-2017 09:25:01 Windows Update 15-08-2017 17:57:09 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2017 05:59:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/15/2017 05:48:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICKYS-DESKTOP) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147467259 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/15/2017 12:43:31 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (08/15/2017 12:43:30 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 12:43:30 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/15/2017 11:45:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 1.0.0.1, time stamp: 0x578999cf Faulting module name: Taskmgr.exe, version: 1.0.0.1, time stamp: 0x578999cf Exception code: 0xc0000005 Fault offset: 0x0000000000025076 Faulting process id: 0x3294 Faulting application start time: 0x01d315dd6fee885f Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: 4514770f-2e32-484e-859e-6acb9e3f2ff0 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/15/2017 06:00:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (08/15/2017 05:56:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (08/15/2017 05:55:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/15/2017 05:52:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (08/15/2017 05:52:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Hamachi2Svc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Hamachi2Svc service to connect. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BstHdLogRotatorSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/15/2017 05:52:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the BstHdLogRotatorSvc service to connect. Error: (08/15/2017 05:52:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Razer Game Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2017-08-15 08:04:49.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-15 07:05:14.969 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-14 13:45:53.957 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-14 12:04:19.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-10 06:24:24.217 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-10 06:23:22.553 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-05 17:39:32.188 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-08-02 14:45:11.813 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-07-31 23:19:43.974 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-07-31 12:48:54.530 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz Percentage of memory in use: 50% Total physical RAM: 8142.92 MB Available physical RAM: 4000.26 MB Total Virtual: 11470.92 MB Available Virtual: 6749.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:40.25 GB) NTFS Drive d: (NATE'S) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B72A755) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 019801F3) Partition 1: (Active) - (Size=3.7 GB) - (Type=0B) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted August 15, 2017 ID:1153851 Share Posted August 15, 2017 If you're using the free version of Hotspot Shield, I would uninstall it as the free version is known to inject ads in your web browsers. https://support.hotspotshield.com/hc/en-us/articles/202438954-Why-do-I-see-extra-ads-when-browsing-with-Hotspot-Shield- Uninstall ZookaWare as well. And did you install Ardamax Keylogger by yourself? And Chromium? Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153864 Share Posted August 16, 2017 Hotspot Shield must've been on here from a while ago, the Keylogger and Chromium were also from me. I'll remove all that. Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153865 Share Posted August 16, 2017 Alright Once done, run the following fix. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153872 Share Posted August 16, 2017 FRST has been "fixing" this whole time. I can't close it or end it through task manager. What should I do? Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153873 Share Posted August 16, 2017 There should be a fixlog.txt on your desktop. Can you attach it here? It'll allow me to see where FRST is hanging. Also, you can kill the FRST.exe process directly in the Task Manager (right-click on it, select Kill process). Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153874 Share Posted August 16, 2017 I can't launch Task Manager, it crashes. Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153875 Share Posted August 16, 2017 Fixlog.txt Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153876 Share Posted August 16, 2017 Can you at least attach the fixlog.txt that is on your desktop? Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153877 Share Posted August 16, 2017 You didn't launch FRST with Admin Rights. Do it, but this time, use this fixlist.txt (delete the other one). fixlist.txt Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153881 Share Posted August 16, 2017 Fixlog.txt Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153882 Share Posted August 16, 2017 Good Now, if you restart your computer, your Task Manager should open correctly. Can you confirm? Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153883 Share Posted August 16, 2017 Yes, it is working. Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153884 Share Posted August 16, 2017 Good How's your system behaving now? Are there any other issues to address? Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153885 Share Posted August 16, 2017 Uhm I believe everything is working at this point, but I know I used to have issues with spiking disk usage. Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153886 Share Posted August 16, 2017 Was that issue present before the infection? A spiking disk usage can be caused by so many things, it's quite hard to troubleshoot with just that information. Though in your case, your logs looks clean, so I doubt they are caused by malware. Link to post Share on other sites More sharing options...
Harmazi Posted August 16, 2017 Author ID:1153887 Share Posted August 16, 2017 Yeah that problem started close to the time all the other problems started. I feel like my PC is pretty mint as of now. Link to post Share on other sites More sharing options...
Aura Posted August 16, 2017 ID:1153888 Share Posted August 16, 2017 Well, SmartService does put an heavy load on your disk, CPU and network connection, so I wouldn't be surprised if the issue dissapeared when we removed the infection Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up. DelFix Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Check the following options :Activate UAC Remove disinfection tools Create registry backup Purge system restore Reset system settings Once all the options mentionned above are checked, click on Run After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply Tips, tricks, advice and recommendations Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you. Windows Updates Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically. How To Change Windows Update Settings How To Check For & Install Windows Updates Keeping your programs up-to-date Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like SecuniaPSI and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them. How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI) Anti-Virus Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products). Sophos Home Bitdefender Free Antivirus Emsisoft Anti-Malware - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection Avira Free Antivirus avast! Free Antivirus Anti-Malware, Anti-Exploit and Anti-Ransomware Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level. Malwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them. Firewall Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below. GlassWire - Has both a free and paid version (with different packages) Windows Firewall Control - Gives you more control over your Windows Firewall TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it Web Browsers and Web Browsing Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install. uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers) HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera) Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers) NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers) uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera) LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser) As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few: The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security Seven Useful Habits For A Safer Internet on Kapsersky Blog Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode Safe browsing habits on Internet Safety Project Wiki As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them. Other recommendations Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program. Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices : Answers to common security questions - Best Practices by quietman7 How Malware Spreads - How did I get infected by quietman7 Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams (aka Grinler) How to Prevent Malware by miekiemoes Tips & Advice on StaySafeOnline.org The End! And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member. Do you have any questions before I close this thread? Link to post Share on other sites More sharing options...
Recommended Posts